ABOUT US |
|
Networks and Electronic Systems |
PLEASE NOTE: This
course is run in partnership with the Institute of Internal Auditors (IIA).
Please visit the IIA's
website
or call the IIA's Training &
Events Department on 0207 498 0101 for course cost and details of how to book.
______________________________________________________________
COURSE
OVERVIEW
Most organisations are heavily
reliant on the delivery of services and applications through electronic
means. This unique course brings together the commonest systems to provide a
single source for an auditors all-round understanding of the risks and core
controls.
COURSE
BENEFITS
Skills:
After completion of this
course, you will be able to:
-
Demonstrate an understanding
of the infrastructure of electronic service delivery systems
-
Evaluate the risks and audit
one-way and two-way electronic services and applications
-
Appreciate how E-systems
operate and the risks that threaten their operations
-
Audit a wide range of
E-applications and services
-
Evaluate the usefulness and
value of cryptographic protection in the protection of electronic systems
data
Support Materials:
This course is accompanied by
a substantial manual that includes full briefing notes.
WHO SHOULD
ATTEND
This course is designed for
all; however, those with at least six months IT Audit experience will find
the course easier to follow. The maximum number of people attending any
particular event will be limited to ensure a high level of interaction and
personal attention.
COURSE Programme
Electronic service
infrastructure and risks
-
Hardware considerations:
load balancers, web-servers, routers, firewalls, other appliances and
services issues and risks
-
Database and application
servers issues and risks
-
Software considerations:
software environments, scripts, applets and components, cookies,
registration and personalisation issues and risks
-
Typical electronic service
delivery network structures: web based materials; web based applications
issues and risks
-
Client server systems two
and three tier issues and risks
-
Middleware technologies
issues and risks
-
Unwired services issues
and risks
-
Auditing infrastructures a
model approach
One-way services, such as
website retrieved materials and risks
-
Web servers, WAP servers,
information kiosks, text to phone, other information feeds issues and
risks
-
Structuring of materials and
intellectual content issues and risks
-
Active X, OLE, Flash, and
scripting content issues and risks
-
Navigational and W3C
accessibility issues issues and risks
-
Controlling anonymous web
browsing users issues and risks
-
Site stability and
refreshment issues and risks
-
Auditing one-way services
a model approach
Two-way services, such as web
based applications and risks
-
Web based applications,
applets, Java code and scripts, server side scripting issues and risks
-
Forms design and data
transmission issues and risks
-
Data validation issues and
risks
-
Sensitive data content
issues and risks
-
Browser and W3C
accessibility issues issues and risks
-
Strategies for testing and
acceptance issues and risks
-
Security credentials: issue
and control issues and risks
-
Cookie controls issues and
risks
-
Authentication strategies:
unilateral and bilateral control issues and risks
-
Client server security
issues and risks
-
Component issues and
integration of services issues and risks
-
Auditing two-way services
a model approach
Example application systems
and risk based issues
-
E-procurement operations and
risks
-
E-commerce operations and
risks
-
E-ticketing operations and
risks
-
E-kiosk operations and risks
-
E-quoting systems operations
and risks
-
E-tracking operations and
risks
-
E-voting systems operations
and risks
-
ERP systems operations and
risks
-
Managed payment services
-
Auditing E-systems
Safe delivery and
control of sensitive data
-
Lawful usage and collection
of sensitive and private data
-
Implementation of
cryptographic strategies to protect the safe network transport of private
and sensitive data
-
Implementation of
cryptographic strategies to protect media storage of sensitive and private
data
-
Implementation of
cryptographic strategies to protect mobile devices and wireless network
used in the provision of E-Services
-
Evaluating the usefulness
and deployment of cryptographic services
PRESENTED BY:
This course is designed, developed and presented by MindGrove Ltd. |
