Practical Aspects Of Information System Audit (For Beginner)
Last updated 10/2022
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English (US) | Size: 1.71 GB | Duration: 3h 15m
Last updated 10/2022
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English (US) | Size: 1.71 GB | Duration: 3h 15m
Practical Aspects of Information System Audit (For Beginners)
What you'll learn
We have designed the course in such a way that it simulates on-the job kind of training.
This course is primarily designed for the beginners/freshers in information system audit and hence we will start from basic aspects of IS audits.
After completion of this training program, you will be able to independently handle the IS audits.
For effective and efficient audit program, we have bifurcated Information System audits into 12 step processes.
Requirements
This course is primarily designed for the beginners/freshers in information system audit and hence we will start from basic aspects of IS audits.
Description
We assure you that this is not a theory class. Except for this introduction, there will be no other PPTs.We have designed the course in such as a way that it simulates on-the job kind of training. This course is primarily designed for the beginners/freshers in information system audit and hence we will start from basic aspects of IS audits.We assure you that after completion of this training program, you will be able to independently handle the IS audits.For effective and efficient audit program, we have bifurcated Information System audits into 12 step processes. For your easy understanding we have designed exclusive video for each step.For each step we will guide you about data requirements, audit procedure, evidence to be evaluated and how to write the audit report.Also, you can download readymade templates from resource section of this course.Step-wise Audit Program:Step 1 is about checking the information security policy. In this step, as an auditor you need to check:o availability of the policy,o whether policy is approved by appropriate authority?o whether policy is updated at periodic interval and other aspect with respect to policy?We will discuss in detail about how to audit and validate these controls in our step 1 video.Step 2 is about auditing the controls related to applications. In this step, as an auditor you need to check:o whether application is appropriately categorized?o Whether each application is owned by dedicated owner?o How many factors of authentication is applied?o Whether user access review in conducted for each application at periodic level?We will discuss in detail about how to audit and validate these controls in our step 2 video.Step 3 is about auditing the controls related to database. We checko whether database is appropriately categorized?o Whether each database is owned by dedicated owner?o Whether Operating system is updated? Organization should not be using end of life/end of support OS.o Whether backup arrangement is appropriate?We will discuss in detail how to audit and validate these controls in our step 3 video.Step 4 is about auditing the controls related to datacenter. You need to checko whether datacentre is audited at periodic interval?o Whether SLA is available for external datacentre?o Whether secondary datacentre is at offsite location?Step 5 is about auditing the controls related to network devices. You need to checko Whether device is owned by dedicated owner?o Whether device configuration is reviewed at period interval?Step 6 is about auditing the controls related to endpoint devices like computers, laptops, tablets, mobile etc. You need to checko Whether asset inventory is maintained and updated?o Whether end point device is owned by dedicated owner?o Whether anti-virus is installed for all the devices?Step 7 is about auditing the controls related to email. You need to checko whether SPF is enabled? Don’t worry about technical terms. We will simplify the same while discussing the step 7.o whether DMARC is enabled?o whether attachments are scanned before downloading?Step 8 is about auditing the controls related to outsourcing. You need to checko Whether service level agreement is available for the outsourced services?o whether service provider is audited at periodic interval?Step 9 is about auditing the controls related to desktop security You need to checko Whether operating system is updated and licensed?o Whether anti-virus is installed and signatures are updated?o Various user restrictions are implemented?o Use of latest browsers.Step 10 is about auditing the controls related to BCP and Incident management. You need to checko Whether Business Continuity Policy & Incident Management policy is available?o Whether Business Continuity plan is tested at periodic interval?Step 11 is about auditing the controls related to users. You need to checko Whether users are trained at periodic interval on information security?o whether background verification is conducted for new hires?These 11 steps cover almost all the important and critical information security requirements. As a step 12, you need to review all other checkpoints as required by the objective of audit.
Who this course is for:
Information System Auditor, Internal Auditor, IT Risk Professionals, IT Compliance Professionals