0 1

Transcription

0 1
0
01011101110101001000101000101111010101100001010011101011010010101001101011010010101001000101
1
10a0101010010100010101010101110111010100100010100010111101010110000010011101011010010101001
How to Perform 0100010
an IT
General
00101000101010010111011
00100
01010
111010101100000100
Controls Review
101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101
001010001011
101000101010101001110100010100110101101000101010111011101010010
101011000001001110101101001001001000101010010100010101010101110111010100100010100010111100110
10101
100111000001001
011000001001
11101011010010101001
101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101
1010001010101010111011101010000010011
101011010010
101010001010101001001010
0101101
Using COBIT to Audit
0101110101001010111101100110101010100101010101011100000101110101010100110111
®
11IT Infrastructure Components
0101000110101111101010111010101
ª Identify the control issues that must be
addressed to ensure the integrity, confidentiality,
and availability of your information systems
August 20-22, 2007
Chicago, IL
ª Discover the critical components that require
review in IT infrastructures
September 19-21, 2007
Las Vegas, NV
ª Cover the COBIT® 4.0 framework and how you
can use it to evaluate the effectiveness of your
IT general controls
October 1-3, 2007
Toronto, ON
ª Develop strategies for assessing the key controls
in your information systems infrastructure
December 3-5, 2007
Boston, MA
ª Find out how to conduct a business impact
analysis that will ensure your organization can
survive a disruptive event
The International Leader
in Audit & Information
S e c u r i t y Tr a i n i n g
www.misti.com
E-Z Access ITG201
Training Audit and Infosecurity Professionals for Over 29 Years
Seminar Focus and Features
In this three-day seminar you will examine the IT general
control areas that must be addressed to ensure the
confidentiality, integrity, and availability of your information
assets. You will explore critical aspects of the IT environment, including IT governance, IT infrastructure controls,
information security, physical security, disaster recovery,
change management and network perimeter security.You
will learn how to develop strategies for assessing the key
controls in your information systems infrastructure.
In addition, because Control Objectives for Information
and related Technology (COBIT®) provides an effective
controls framework for both IT management and IT audit,
you will cover the COBIT 4.0 control framework and
throughout the seminar focus on how you can use this
industry-recognized framework for evaluating the effectiveness of your IT general controls.You will pay particular
attention to using COBIT control objectives and control
practices to strengthen IT controls and as a means to plan,
scope and assess control compliance.
Prerequisite: IT Auditing and Controls (ITG101) or
equivalent experience.
Learning Level: Basic NASBA: Computer Science
Who Should Attend
Financial, Operational, Business Applications, Information
Technology, and External Auditors; Quality Assurance
personnel; Audit Managers and Directors; Information Security
Managers and Analysts
What You Will Learn
1. Risk-Based Audit Planning for IT General
Controls
• introduction to IT general controls
• the relationship between general and application controls
• risks/controls
• centralized vs. distributed environments
• Sarbanes-Oxley and IT controls
2. IT Control Standards and Frameworks
• COSO
• ISO-17799 and ISO-27001
• COBIT 4.0
- what is COBIT?
- COBIT objectives/components
- COBIT information requirements
- IT resources
- COBIT navigation
- metrics and maturity Model
- COBIT control hierarchy
- COBIT audit guidelines/control practices
- auditing using COBIT
3. IT Governance and Operations Management
• COBIT control objectives
• IT organizational structure
• policies and procedures
• strategic planning
• risk management
• IT human resources practices
• quality management
• separation of duties
• outsourcing
• audit steps
4. Hardware/Software Infrastructure
• COBIT control objectives
• hardware infrastructure
- centralized vs. distributed
- hardware acquisition, contracts, and inventories
- equipment maintenance/utilization
- hardware audits
• software infrastructure: operating systems
- components
- risks/exposures
- patch management
- operating system audits
• software infrastructure: database management
- components
- restart/recovery/reliability
- database advantages/concerns
- distributed databases
- database administration controls
- database audits
• system software audit steps
5. Logical Access Controls
• COBIT control objectives
• access control components
• authentication: passwords, tokens, biometrics
• authorization of user access rights
• managing user accounts
• access control systems
• audit trail
• security monitoring
• remote access
• sensitive data on PCs and workstations
• security administration
• single sign-on (SSO) authentication
• access control best practices
6. Physical and Environmental Controls
• COBIT control objectives
• physical security objectives, risks, and exposures
• physical security controls
Registration Information
• environmental exposures and risks
• environmental controls
7. Network Perimeter Security
• COBIT control objectives
• network security threat/risk analysis
• network security strategy
• data communication software
• OSI Model
• TCP/IP
• firewalls/DMZ
• intrusion detection systems
• remote access/wireless access
• Internet risks
8. Change Management
• COBIT control objectives
• change management risks
• translation from source code to executable modules
• change management process
• vendor-supplied source code
• library/change control software
• distribution systems version control
• audit steps
9. Disaster Recovery and Business Continuity Planning
• COBIT control objectives
• disasters and disruptive events
• disaster recovery and business continuity planning
• business impact analysis (BIA)
• recovery time objectives (RTO)
• disaster recovery strategy
• business continuity strategy
• disaster recovery sites
• disaster recovery teams
• off-site storage
• data backup and recovery
• telecommunications networks
• testing the recovery plan
• continuity plan maintenance
• contract requirements
• audit steps
10.Planning and Executing General Control Reviews
• risk assessment
• audit strategy and planning
• planning memo
• key documents needed for the audit
• audit programs
• testing controls
• audit workpapers
• audit report
Mail: The registration form along with your check to
MIS Training Institute, 498 Concord Street, Framingham, MA
01702-2357
Call: (508) 879-7999
Fax: (508) 872-1153
E-mail: [email protected]
Web: www.misti.com
E-Z Access ITG201
IMPORTANT: Please refer to the registration code on the
mailing panel when registering.
Tuition: Tuition is $1795 and covers course materials,
refreshments, and hospitality reception. It does not cover hotel
accommodations. Add $100 if you register 5 business days or less
before your session start date.Tuition must be paid in advance by
cash, company check,VISA, MasterCard, AMEX, or Diners Club.
(Add 6% GST for Toronto session.)
Class Hours: Class is conducted from 8:30 am - 5:00 pm daily
and concludes at 1:00 pm on the last day.
CPE Credits: 22 CPEs. If you are a CISSP we will forward your
credits to (ISC)2. Please provide your CISSP number on the
registration form.
MIS Cancellation Policy: A full refund less a $100 administrative fee will be given for cancellations received up to 15 days
before the event.Tuition is non-refundable for cancellations made
14 days or less before the event.You may, however, transfer your
tuition to another MIS Training Institute event, less a $195 administrative fee.Transfers are valid for 12 months from the time of
initial cancellation. Substitutions are welcome at any time.Those
who do not cancel before the event date and who do not
attend are responsible for the full non-refundable, non-transferable tuition.To cancel, call customer service at 508-879-7999.
The High-Yield/No-Risk Guarantee: Attend this seminar
and receive information, tools, and techniques that will help you
do your job better. If you do not, simply tell us why on your
company letterhead within 30 days of the event and we will give
you a full credit toward another seminar.
Hotel Information: Hotel arrangements should be made after
you register for a seminar to ensure lowest available rates. Please
contact the hotel directly (phone numbers are listed below) and be
sure to inquire about corporate, AAA, AARP, or other discounts for
which you may be eligible.
Chicago: Palmer House Hilton 312-726-7500
Las Vegas: Harrah’s Las Vegas 702-369-5000
Toronto: Westin Harbour Castle 416-869-1600
Boston: Hilton Boston Back Bay 617-236-1100
Schedule Changes: MIS may occasionally find it necessary to
reschedule or cancel sessions and will give registrants advance notice
of such changes. MIS will not be responsible for penalties incurred as
a result of non-refundable airfare purchases, or hotel reservations.
Avai
la
In-H ble
ouse
C
Mim all
i Ha
tc
410692 h at
for d -2465
etail
s.
0
01011101110101001000101000101111010101100001010011101011010010101001101011010010101001000101
The International Leader
1How to Perform
in Audit & Information
10a0101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000
S e c u r i t y Tr a i n i n g
an IT General
010001000101000101111
0101000101010101001110100010100110101101000101010111011101010010
Controls
010101100000100111010110100100100100010101001010001010101010111011101010010001010001011110011000
Review
00100111000001001001010001010100101110111010100100
498 Concord Street
101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101010
Framingham, MA 01702-2357
PRSRT STD
U.S. POSTAGE
PAID
AYER, MA
PERMIT #9
01010
111010101100000100
011000001001
11101011010010101001000
IMPORTANT:
Please refer to the Registration Code below when you register.
“Great balance between details
and real-world examples. Good
logical flow.”
Registration Code: ITG201F / PDF
- Daniel Frey, Senior IT Audit Analyst,
Sun Microsystems
www.misti.com
E-Z Access ITG201
Registration Form
Name ■ Mr. ■ Mrs. ■ Ms. ■ Dr. ■ Prof.
For Name Tag
Please register me for the following:
Industry
■ August 20-22, 2007, Chicago, IL
■ September 19-21, 2007, Las Vegas, NV
■ October 1-3, 2007,Toronto, ON
■ December 3-5, 2007, Boston, MA
Job Title
Organization/Company
No. of Employees
E-Mail (Required)
Address
–
State/Province
City
Phone
Zip + 4/Postal Code
Mail Stop/Floor
Country
Fax
Approving Manager
Please send:
■ MIS’ Course Catalog
■ FREE TransMISsion Online Newsletter
Title
(Provide e-mail address above)
CISSP #
Payment Options:
Fee: $1795.00
■ Check enclosed (payable to MIS Training Institute) ■ MIS PERC #
■ Charge to my: ■ VISA ■ MasterCard ■ AMEX ■ Diners Club
Account #
Expiration Date
Signature
Cardholder’s Name/Zip Code
CVV2#
■ MISTI Online-Training
■ Information on MIS IT Audit Certificate
Programs
■ Information on In-House Seminars
■ MIS Training Weeks
■ The Annual Conference on Control and Audit of
Information Technology
Credit Card Billing Address
City
State/Province
Zip+4/Mail Code
Country
■ Please make changes to my mailing label.
Fax (508) 872-1153
The International Leader
in Audit & Information
S e c u r i t y Tr a i n i n g
498 Concord Street, Framingham, MA 01702-2357
Phone: (508) 879-7999
E-mail: [email protected]
Web: www.misti.com
Contents of this brochure copyright © 2007 MIS Training Institute, Inc.All rights reserved. Printed in U.S.A.
The information you provide will be safeguarded by MIS Training Institute LLC, a part
of the Euromoney Institutional Investor PLC Group, whose subsidiaries may use it to
keep you informed of relevant products and services. As an international group, we may
transfer your data on a global basis for the purposes indicated above. If you object to
contact by: l telephone l fax l email, please check the appropriate box.We occasionally allow reputable companies outside the Euromoney Institutional Investor PLC
group to contact you with details of products and services that may be of interest to
you. If you do not want us to share your information with other reputable companies,
please check this box l.