Advanced IT Audit School

Audit

IT Audit

Length: 32h modules icon

Modules: 4 instructor led icon

Instructor LedAdvanced32 CPE Credits

Course Overview

This course covers the building blocks of IT audit and security, including identity and access management, web-based e-commerce application threats, vulnerabilities, and standards associated with privacy issues and intellectual property concerns. It places special emphasis on discovering best practices and standards for auditing web (HTTP) servers and application servers and enables participants to walk away with tools, techniques, and checklists for discovering and testing web and application server security. It also covers auditing database management systems within the context of robust but practical enterprise architecture and governance models and reviews web services and service-oriented architectures, including SOAP, ReST, SOA, and ESB. Participants will also review safeguard concepts and best practices for secure mobile and wireless applications.

Who This Course is For

IT, Internal and External Auditors; IT Audit Managers, Information Security Managers, Analysts with 5+ years of experience, or those tasked with auditing web servers, application services, Database Management Systems, and enterprise architecture.

Why You Should Take This Course

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Prerequisites

Network Security Essentials Intermediate IT Audit School

or equivalent experience

Advanced Preparation

None

Here are the learning objectives we’ll cover

Expand knowledge of IT terminology associated with complex business applications.
Identify key multi-tiered application building blocks and associated risks.
Develop methodology to locate, document, and test control points and associated security safeguards for complex applications.
Expand application audit tool kit knowledge with checklists, information resources, and automated tools to improve IT application audit effectiveness and efficiency.

Here are the topics we’ll cover

1. Identity and Access Control Management (I&ACM) Architecture
- Fundamental Principles of Information Security
- Making the Business case for Information security
- Distributed computing Control and Security Risks
- Defining an Identity and Access Management (I&AM) Architecture
- Access control Models and Architectures
- Security Audit Log Management ain Multi-Tiered Applications
- TCP/IP Network Application Services Security
- Risk Analysis
- Enterprise Directory services
- Client/Server and Middleware Security for Multi-Tiered Applications
- Locating Control Points in Multi-Tiered Applications
- Security Awareness
- Application Security Audit

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/

Participation Policy for On-Demand, Self-Paced Courses

Students enrolled in on-demand, self-paced courses are expected to take an active role in their learning by progressing through the course materials in a timely and consistent manner. Because these courses are self-directed, full completion of all modules, videos, labs, and assessments with a passing score of 70 are required to receive credit and any applicable CPEs.

Learners are encouraged to set a regular study schedule to stay on track and maximize comprehension. CPE credits will be awarded based on the total course hours and verified completion of all required activities.