Practical Aspects of Information System Audit (For Beginner)

Practical Aspects of Information System Audit (For Beginners)

Ratings 4.53 / 5.00
Practical Aspects of Information System Audit (For Beginner)

What You Will Learn!

  • We have designed the course in such a way that it simulates on-the job kind of training.
  • This course is primarily designed for the beginners/freshers in information system audit and hence we will start from basic aspects of IS audits.
  • After completion of this training program, you will be able to independently handle the IS audits.
  • For effective and efficient audit program, we have bifurcated Information System audits into 12 step processes.

Description

  • We assure you that this is not a theory class. Except for this introduction, there will be no other PPTs.

  • We have designed the course in such as a way that it simulates on-the job kind of training. This course is primarily designed for the beginners/freshers in information system audit and hence we will start from basic aspects of IS audits.

  • We assure you that after completion of this training program, you will be able to independently handle the IS audits.

  • For effective and efficient audit program, we have bifurcated Information System audits into 12 step processes. For your easy understanding we have designed exclusive video for each step.

  • For each step we will guide you about data requirements, audit procedure, evidence to be evaluated and how to write the audit report.

  • Also, you can download readymade templates from resource section of this course.

Step-wise Audit Program:


Step 1 is about checking the information security policy. In this step, as an auditor you need to check:


o availability of the policy,

o whether policy is approved by appropriate authority?

o whether policy is updated at periodic interval and other aspect with respect to policy?


We will discuss in detail about how to audit and validate these controls in our step 1 video.


Step 2 is about auditing the controls related to applications. In this step, as an auditor you need to check:


o whether application is appropriately categorized?

o Whether each application is owned by dedicated owner?

o How many factors of authentication is applied?

o Whether user access review in conducted for each application at periodic level?


We will discuss in detail about how to audit and validate these controls in our step 2 video.


Step 3 is about auditing the controls related to database. We check


o whether database is appropriately categorized?

o Whether each database is owned by dedicated owner?

o Whether Operating system is updated? Organization should not be using end of life/end of support OS.

o Whether backup arrangement is appropriate?


We will discuss in detail how to audit and validate these controls in our step 3 video.


Step 4 is about auditing the controls related to datacenter. You need to check


o whether datacentre is audited at periodic interval?

o Whether SLA is available for external datacentre?

o Whether secondary datacentre is at offsite location?



Step 5 is about auditing the controls related to network devices. You need to check


o Whether device is owned by dedicated owner?

o Whether device configuration is reviewed at period interval?


Step 6 is about auditing the controls related to endpoint devices like computers, laptops, tablets, mobile etc. You need to check


o Whether asset inventory is maintained and updated?

o Whether end point device is owned by dedicated owner?

o Whether anti-virus is installed for all the devices?


Step 7 is about auditing the controls related to email. You need to check


o whether SPF is enabled? Don’t worry about technical terms. We will simplify the same while discussing the step 7.

o whether DMARC is enabled?

o whether attachments are scanned before downloading?


Step 8 is about auditing the controls related to outsourcing. You need to check


o Whether service level agreement is available for the outsourced services?

o whether service provider is audited at periodic interval?


Step 9 is about auditing the controls related to desktop security You need to check


o Whether operating system is updated and licensed?

o Whether anti-virus is installed and signatures are updated?

o Various user restrictions are implemented?

o Use of latest browsers.


Step 10 is about auditing the controls related to BCP and Incident management. You need to check


o Whether Business Continuity Policy & Incident Management policy is available?

o Whether Business Continuity plan is tested at periodic interval?


Step 11 is about auditing the controls related to users. You need to check


o Whether users are trained at periodic interval on information security?

o whether background verification is conducted for new hires?



These 11 steps cover almost all the important and critical information security requirements. As a step 12, you need to review all other checkpoints as required by the objective of audit.

Who Should Attend!

  • Information System Auditor, Internal Auditor, IT Risk Professionals, IT Compliance Professionals

TAKE THIS COURSE

Tags

  • Information Systems
  • IT Auditing

Subscribers

2271

Lectures

54

TAKE THIS COURSE



Related Courses