0 1
Transcription
0 1
0 01011101110101001000101000101111010101100001010011101011010010101001101011010010101001000101 1 10a0101010010100010101010101110111010100100010100010111101010110000010011101011010010101001 How to Perform 0100010 an IT General 00101000101010010111011 00100 01010 111010101100000100 Controls Review 101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101 001010001011 101000101010101001110100010100110101101000101010111011101010010 101011000001001110101101001001001000101010010100010101010101110111010100100010100010111100110 10101 100111000001001 011000001001 11101011010010101001 101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101 1010001010101010111011101010000010011 101011010010 101010001010101001001010 0101101 Using COBIT to Audit 0101110101001010111101100110101010100101010101011100000101110101010100110111 ® 11IT Infrastructure Components 0101000110101111101010111010101 ª Identify the control issues that must be addressed to ensure the integrity, confidentiality, and availability of your information systems August 20-22, 2007 Chicago, IL ª Discover the critical components that require review in IT infrastructures September 19-21, 2007 Las Vegas, NV ª Cover the COBIT® 4.0 framework and how you can use it to evaluate the effectiveness of your IT general controls October 1-3, 2007 Toronto, ON ª Develop strategies for assessing the key controls in your information systems infrastructure December 3-5, 2007 Boston, MA ª Find out how to conduct a business impact analysis that will ensure your organization can survive a disruptive event The International Leader in Audit & Information S e c u r i t y Tr a i n i n g www.misti.com E-Z Access ITG201 Training Audit and Infosecurity Professionals for Over 29 Years Seminar Focus and Features In this three-day seminar you will examine the IT general control areas that must be addressed to ensure the confidentiality, integrity, and availability of your information assets. You will explore critical aspects of the IT environment, including IT governance, IT infrastructure controls, information security, physical security, disaster recovery, change management and network perimeter security.You will learn how to develop strategies for assessing the key controls in your information systems infrastructure. In addition, because Control Objectives for Information and related Technology (COBIT®) provides an effective controls framework for both IT management and IT audit, you will cover the COBIT 4.0 control framework and throughout the seminar focus on how you can use this industry-recognized framework for evaluating the effectiveness of your IT general controls.You will pay particular attention to using COBIT control objectives and control practices to strengthen IT controls and as a means to plan, scope and assess control compliance. Prerequisite: IT Auditing and Controls (ITG101) or equivalent experience. Learning Level: Basic NASBA: Computer Science Who Should Attend Financial, Operational, Business Applications, Information Technology, and External Auditors; Quality Assurance personnel; Audit Managers and Directors; Information Security Managers and Analysts What You Will Learn 1. Risk-Based Audit Planning for IT General Controls • introduction to IT general controls • the relationship between general and application controls • risks/controls • centralized vs. distributed environments • Sarbanes-Oxley and IT controls 2. IT Control Standards and Frameworks • COSO • ISO-17799 and ISO-27001 • COBIT 4.0 - what is COBIT? - COBIT objectives/components - COBIT information requirements - IT resources - COBIT navigation - metrics and maturity Model - COBIT control hierarchy - COBIT audit guidelines/control practices - auditing using COBIT 3. IT Governance and Operations Management • COBIT control objectives • IT organizational structure • policies and procedures • strategic planning • risk management • IT human resources practices • quality management • separation of duties • outsourcing • audit steps 4. Hardware/Software Infrastructure • COBIT control objectives • hardware infrastructure - centralized vs. distributed - hardware acquisition, contracts, and inventories - equipment maintenance/utilization - hardware audits • software infrastructure: operating systems - components - risks/exposures - patch management - operating system audits • software infrastructure: database management - components - restart/recovery/reliability - database advantages/concerns - distributed databases - database administration controls - database audits • system software audit steps 5. Logical Access Controls • COBIT control objectives • access control components • authentication: passwords, tokens, biometrics • authorization of user access rights • managing user accounts • access control systems • audit trail • security monitoring • remote access • sensitive data on PCs and workstations • security administration • single sign-on (SSO) authentication • access control best practices 6. Physical and Environmental Controls • COBIT control objectives • physical security objectives, risks, and exposures • physical security controls Registration Information • environmental exposures and risks • environmental controls 7. Network Perimeter Security • COBIT control objectives • network security threat/risk analysis • network security strategy • data communication software • OSI Model • TCP/IP • firewalls/DMZ • intrusion detection systems • remote access/wireless access • Internet risks 8. Change Management • COBIT control objectives • change management risks • translation from source code to executable modules • change management process • vendor-supplied source code • library/change control software • distribution systems version control • audit steps 9. Disaster Recovery and Business Continuity Planning • COBIT control objectives • disasters and disruptive events • disaster recovery and business continuity planning • business impact analysis (BIA) • recovery time objectives (RTO) • disaster recovery strategy • business continuity strategy • disaster recovery sites • disaster recovery teams • off-site storage • data backup and recovery • telecommunications networks • testing the recovery plan • continuity plan maintenance • contract requirements • audit steps 10.Planning and Executing General Control Reviews • risk assessment • audit strategy and planning • planning memo • key documents needed for the audit • audit programs • testing controls • audit workpapers • audit report Mail: The registration form along with your check to MIS Training Institute, 498 Concord Street, Framingham, MA 01702-2357 Call: (508) 879-7999 Fax: (508) 872-1153 E-mail: [email protected] Web: www.misti.com E-Z Access ITG201 IMPORTANT: Please refer to the registration code on the mailing panel when registering. Tuition: Tuition is $1795 and covers course materials, refreshments, and hospitality reception. It does not cover hotel accommodations. Add $100 if you register 5 business days or less before your session start date.Tuition must be paid in advance by cash, company check,VISA, MasterCard, AMEX, or Diners Club. (Add 6% GST for Toronto session.) Class Hours: Class is conducted from 8:30 am - 5:00 pm daily and concludes at 1:00 pm on the last day. CPE Credits: 22 CPEs. If you are a CISSP we will forward your credits to (ISC)2. Please provide your CISSP number on the registration form. MIS Cancellation Policy: A full refund less a $100 administrative fee will be given for cancellations received up to 15 days before the event.Tuition is non-refundable for cancellations made 14 days or less before the event.You may, however, transfer your tuition to another MIS Training Institute event, less a $195 administrative fee.Transfers are valid for 12 months from the time of initial cancellation. Substitutions are welcome at any time.Those who do not cancel before the event date and who do not attend are responsible for the full non-refundable, non-transferable tuition.To cancel, call customer service at 508-879-7999. The High-Yield/No-Risk Guarantee: Attend this seminar and receive information, tools, and techniques that will help you do your job better. If you do not, simply tell us why on your company letterhead within 30 days of the event and we will give you a full credit toward another seminar. Hotel Information: Hotel arrangements should be made after you register for a seminar to ensure lowest available rates. Please contact the hotel directly (phone numbers are listed below) and be sure to inquire about corporate, AAA, AARP, or other discounts for which you may be eligible. Chicago: Palmer House Hilton 312-726-7500 Las Vegas: Harrah’s Las Vegas 702-369-5000 Toronto: Westin Harbour Castle 416-869-1600 Boston: Hilton Boston Back Bay 617-236-1100 Schedule Changes: MIS may occasionally find it necessary to reschedule or cancel sessions and will give registrants advance notice of such changes. MIS will not be responsible for penalties incurred as a result of non-refundable airfare purchases, or hotel reservations. Avai la In-H ble ouse C Mim all i Ha tc 410692 h at for d -2465 etail s. 0 01011101110101001000101000101111010101100001010011101011010010101001101011010010101001000101 The International Leader 1How to Perform in Audit & Information 10a0101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000 S e c u r i t y Tr a i n i n g an IT General 010001000101000101111 0101000101010101001110100010100110101101000101010111011101010010 Controls 010101100000100111010110100100100100010101001010001010101010111011101010010001010001011110011000 Review 00100111000001001001010001010100101110111010100100 498 Concord Street 101010010100010101010101110111010100100010100010111101010110000010011101011010010101001000101010 Framingham, MA 01702-2357 PRSRT STD U.S. POSTAGE PAID AYER, MA PERMIT #9 01010 111010101100000100 011000001001 11101011010010101001000 IMPORTANT: Please refer to the Registration Code below when you register. “Great balance between details and real-world examples. Good logical flow.” Registration Code: ITG201F / PDF - Daniel Frey, Senior IT Audit Analyst, Sun Microsystems www.misti.com E-Z Access ITG201 Registration Form Name ■ Mr. ■ Mrs. ■ Ms. ■ Dr. ■ Prof. For Name Tag Please register me for the following: Industry ■ August 20-22, 2007, Chicago, IL ■ September 19-21, 2007, Las Vegas, NV ■ October 1-3, 2007,Toronto, ON ■ December 3-5, 2007, Boston, MA Job Title Organization/Company No. of Employees E-Mail (Required) Address – State/Province City Phone Zip + 4/Postal Code Mail Stop/Floor Country Fax Approving Manager Please send: ■ MIS’ Course Catalog ■ FREE TransMISsion Online Newsletter Title (Provide e-mail address above) CISSP # Payment Options: Fee: $1795.00 ■ Check enclosed (payable to MIS Training Institute) ■ MIS PERC # ■ Charge to my: ■ VISA ■ MasterCard ■ AMEX ■ Diners Club Account # Expiration Date Signature Cardholder’s Name/Zip Code CVV2# ■ MISTI Online-Training ■ Information on MIS IT Audit Certificate Programs ■ Information on In-House Seminars ■ MIS Training Weeks ■ The Annual Conference on Control and Audit of Information Technology Credit Card Billing Address City State/Province Zip+4/Mail Code Country ■ Please make changes to my mailing label. Fax (508) 872-1153 The International Leader in Audit & Information S e c u r i t y Tr a i n i n g 498 Concord Street, Framingham, MA 01702-2357 Phone: (508) 879-7999 E-mail: [email protected] Web: www.misti.com Contents of this brochure copyright © 2007 MIS Training Institute, Inc.All rights reserved. Printed in U.S.A. The information you provide will be safeguarded by MIS Training Institute LLC, a part of the Euromoney Institutional Investor PLC Group, whose subsidiaries may use it to keep you informed of relevant products and services. As an international group, we may transfer your data on a global basis for the purposes indicated above. If you object to contact by: l telephone l fax l email, please check the appropriate box.We occasionally allow reputable companies outside the Euromoney Institutional Investor PLC group to contact you with details of products and services that may be of interest to you. If you do not want us to share your information with other reputable companies, please check this box l.