Control Audit and Security of Networks with MindGrove

THE CONTROL, AUDIT AND SECURITY OF NETWORKS

PLEASE NOTE: This course is run in partnership with the Institute of Internal Auditors (IIA). To book this course, please visit the IIA's website and download a booking form or call the IIA on 0207 819 1920.

COURSE OVERVIEW

Information systems auditors know that most new services and processes being built involve networks. However, no other area of technology introduces more jargon and confusion amongst novice computer auditors.

This very intensive course, developed over many years and in its seventh revision, has been updated and extended to reflect the changes taking place in business, technology and audit. It provides an excellent and broad ranging network knowledge background for the information systems auditor.

COURSE BENEFITS

After completion of this course, you will be able to:

understand the way networks operate and the terminology used by network specialists and network support staff
recognise the risks that stem from network based operations
understand the controls that can be applied to organisational networks and networked applications
appreciate the use of software tools to check network security
perform simple to more complex network reviews

To ensure a firm practical grounding throughout this intensive course, illustrations, contrasts and similarities will be drawn from commonly encountered network situations, systems, hosts and processes. Additionally where possible an exercise or projected live software system display will be used to clarify issues and key points.

The course is accompanied by a detailed manual that contains diagrams, briefings, explanations of mechanisms and an integrated work programme to use on return to work.

WHO SHOULD ATTEND

Auditors who need to perform network reviews and who need to understand the security, audit and control features in common networked environments. Delegates need some experience of auditing and technology but little prior experience of networks to benefit from this course.

COURSE Programme

THE Network Auditor

The network audit (or) role
Auditing strategies: hindsight reviews; contributing to new developments; validating infrastructure
Integrating network auditing with risk based approaches to audit
Networks and risks - the five most common problems

Network Outlines

The three stage journey: assembly, despatch, retrieval
How data is formatted for network transport: short-haul transmission, long-haul transmission
Media for transmission: wired circuits, fibre optics, wireless
Standards controlling networking: ISO, IEEE, IETF
Network mapping – understanding network diagrams: contextual, logical, physical
Network adaptors, modems and network interface cards
Network operating systems
Network management
An introductory audit

Networked Applications

Client server applications - common client server risks - client server countermeasures
Software considerations: software environments, scripts and components, cookies, registration and personalisation
Retrieval of web-based materials / data submission / query data retrieval
Authentication issues for web based services
Electronic procurement
Innovations: e-cash and Smart Cards
Credit cards and third party payment services
E-ticketing systems and issues
Application robustness and application data risks