MindGrove - the Audit and Risk SpecialistsMindGrove Public Courses page - header image of people

 Home
 About us
 Training
 In-house training
bullet pointPublic courses 2010
 Download brochure
 eLearning
 Consultancy
 Resources
 Clients
 Contact us


















TO BOOK THIS COURSE

This course is run in partnership with the Institute of Internal Auditors (IIA). Please visit the IIA's website or call the IIA's Training & Events Department on 0207 498 0101 for costs, venue details and to book a place.



Networks and Networked Applications

Most organisations are heavily reliant on the delivery of services via networks and networked applications. This unique course, new for 2009, brings together the commonest elements of networked systems to provide a single source for an auditor’s all round understanding of network auditing.

 

Suitability and duration

Suitability: Intermediate

Duration: 2 days

 

Who should attend

This intensive course is intended for those with at least six months of IT Audit experience, those that have attended the Introduction to Information Systems Auditing course, or those who are newer to audit but with some experience of IT. The course assumes a basic understanding of auditing.

 

Benefits

Skills

After completion of this course, you will be able to:

  • Comprehend how networks and networked applications work together

  • Demonstrate an understanding of the common component parts of network based systems

  • Describe issues and risks associated with common networking hosts and application delivery strategies

  • Audit unidirectional and bidirectional data flows and to evaluate the risks and controls associated with network messages and transactions

  • Understand how the integrity and confidentiality of data can be protected in a networked environment

 

Support Materials

This course is accompanied by a substantial manual that includes full briefing notes.

 

Programme 

Network infrastructure and risks

  • Hardware: load balancers, web-servers, routers, firewalls, other appliances and services – issues, risks and key controls
  • Reading infrastructure maps, diagrams and models
  • Database and application servers – issues, risks and key controls
  • Illustrative service network structures: web based information servers; simple web based and non-web based applications, complex client server systems – issues, risks and key controls
  • TCP/IP and message transmission – some basics and the issues, risks and key controls
  • HTTP –some basics and the issues, risks and key controls
  • Auditing infrastructures – a process flow based approach

 

Unilateral data flow issues and risks

  • Web servers, information kiosks, text to phone, other one-way information feeds
  • Active X, OLE, Flash, and scripting content
  • Navigational and W3C accessibility issues
  • Controlling anonymous web browsing users
  • Auditing infrastructures  – a data flow approach

 

Bilateral data flow issues and risks

  • Web based and non-web based networked applications, applets and scripts
  • Forms design and data transmission
  • Data validation
  • Sensitive data content
  • Cookie controls
  • Authentication strategies: unilateral and bilateral
  • Auditing two way services – a risk based approach

 

Safe delivery of data

  • Lawful usage and collection of sensitive and private data
  • Integrity preservation controls
  • Implementation of cryptographic controls to protect the safe network transport of private and sensitive data
  • Non-repudiation controls
  • Auditing delivery protection control

 

 

Course designed, developed and presented by MindGrove.

 

 

  Call us on +44 (0) 1925 732 757Site map | Contact us 
© 2010 MindGrove Ltd. All rights reserved
 Valid XHTML 1.0 TransitionalValid CSS!