O

Secure Your Future with a New Career path in:

IT CYBERSECURITY AUDIT
PROFESSIONAL DEVELOPMENT AND
CAREER ENHANCEMENT PROGRAM
Course Format:
Live On-line, Instructor Led Interactive and Hands-On Training

For Enrollment: Call 240-988-3845

JOB TRAINING | INTERVIEW PREPPING | JOB PLACEMENT | NETWORK BUILDING | PERSONAL BRANDING | CAREER MENTORING

Powered by FeatSure in collabora on with www.securefeat.com

IT Cybersecurity Audit
Third line of defense

As cyber threats are becoming more rampant and a Business units and the information technology (IT)
growing reality for businesses and organizations across function integrate cyber risk management into day-
all sectors, the need for highly trained cyber security to-day decision making and operations and comprise
professionals is becoming more critical than ever before. an organization’s first line of defense. The second
line includes information and technology risk
An urgent call to action management leaders who establish governance and
oversight, monitor security operations, and take
Internal audit has a critical role in helping organizations action as needed.
in the ongoing battle of managing cyber threats, both by
providing an independent assessment of existing and Increasingly, many companies are recognizing the
needed controls, and helping the audit committee and need for a third line of cyber defense–independent
board understand and address the diverse risks of the review of security measures and performance by the
digital world. internal audit function. Internal audit plays an
integral role in assessing and identifying
opportunities to strengthen enterprise security. IT
Auditors have a duty to inform the organization
management that the controls for which they are
responsible are in place and functioning correctly.

Professional Training in
IT & Cybersecurity Audit
Designed to meet the needs of today’s businesses,
and with a focus on hands-on experience and
problem solving, SECUREFEAT Professional Training
in IT and Cybersecurity Audit is the ideal program for
those looking to pursue a career in this specialized
field, delivering cutting-edge education and virtual
hands-on learning application to help you stand out
in the field and advance your career from day one

Key To Success

Learn how to leverage and master the tools and

techniques required to perform a comprehensive IT
Security audit. These 8 weeks (32 hours) of hands-on
and intensive IT audit training course will equip you
with the "value-add" experience and requisite skills
to be a sought-after IT Cybersecurity Audit
Professional, providing an on-demand information
technology consulting and auditing for organizations
and its assets.
Career Launchers:

IT Professionals who want to

supplement their current IT jobs or
specialize in cybersecurity as a way
to move up in a high-growth field
with high-demand job
opportunities, job security and as a
way of generating sustainable
income.

Career Builders:

Junior/mid-level IT risk and audit

professionals who want to
advance their career with
knowledge needed to excel in
cybersecurity audits, to improve
their organization's preparedness
and response against cyberattacks
and grow their career as leaders in
cybersecurity strategies.

Career Switchers:

Non-IT professionals in marketing,

sales, human resources,
operations, or any other field,
looking to transition or switch to
cybersecurity audit as a specialty
Professional Certification:
to refresh their career and take
This course also set you on the track towards preparing for the
advantage of the demand for
ISACA - Certified Information Systems Auditor (CISA)
cybersecurity professionals.
certification.
Program Schedule – Topics & Activities
Course Objective:
This training program is aimed to introduce you into IT audit, develop and empower you with the knowledge
of performing audit of information systems that support business processes. Most important how to kick start
your career in Information Systems Audit.

There are 6 modules in this course spread across 8 consecutive weeks with 4 hours each week. The first 5
modules will help students develop the confidence and skills in auditing methodology and techniques. The last
module will focus on the final exams, building an effective resume, applying for jobs and preparing students
for interviews.
Module One:
Overview of IT Risk, Auditing Concepts and Controls -

This first week module introduces students to the fundamentals of Information technology, threats and
vulnerability and the risks they pose to a business/ organization. Additionally, we will take a deep dive into IT
Audit processes, functions and explore the stages of an audit. Students will gain understanding of internal
controls and how these controls are implemented to offer protection to IT assets. Key topics and Activities
include:
Introduction to Technology/Cybersecurity Risk
o IT Risk Management and Assessment
o Internal Control Functions
o IT Audit definition and Objectives
o General Concept of Security
o IT General Controls & Business Process Controls
o IT Audit Types and Classifications
o IT Audit Process and Planning
o Skills Needed to Perform IT Audits

Module Two:
IT Governance Frameworks and Standards -

In week 1 module, we discussed about internal controls and how they are implemented to protect and
safeguard information and information systems. There are a variety of laws and regulations put in place to
strengthen the security of information within which companies' information systems are entrusted. As a result
of the laws and regulations, various security control "standards" and "frameworks" have evolved and become
popular means to meet the requirements of the laws. Here, we will look at some of the prominent IT standards
in use today. Key topics and Activities include:

Introduction to IT Security Frameworks and Standards

o COSO
o COBIT
o ISO/IEC 27001 and 27002
o The Sarbanes-Oxley Act of 2002 (SOX)
o National Institute of Standards and Technology (NIST) standards
o The Federal Information Security Management Act (FISMA) of 2002
o FISCAM and OMB CIRCULAR A-123 AUDITS
o Mapping of FISCAM to NIST Special Publication 800-53
Module Three:
Performing IT Controls Audit -

Here, student will be familiarized with auditing techniques proper and learning the various approaches to
auditing controls. These controls are information technology general controls (ITGC) over IT infrastructures
such Access Control, Change Management and IT Operations. Also we will discuss business process
application controls, how to audit applications controls and security to ensure that application’s transactions
and the data it process and output are secure, accurate and valid. Key topics and Activities include:
Information Technology General Controls (ITGC)
o Why are IT General Controls Important?
o Detailed ITGCs Review and Test Objectives
o Access Controls
o Change Management Control
o Computer Operations Controls
Business Process Application Controls
o Categories of Applications (Input, Processing, and Output Controls)
o Application Controls Versus IT General Controls
Approach to Auditing Application Controls
o Application input controls
o Application processing controls
o Application output controls
o Interface controls
o Auditing Application Security

Module Four:
Auditing IT Infrastructures for Security (Cybersecurity Audit) I -

As we have learnt in module 1, how Computers and information systems are essential parts of every business
today. This module is packed with a lot of information about the technological products and environment you
are going to audit such as operating Systems (Windows, Linux/Unix OS), Windows Active Directory, Auditing
Cloud Storage, Network devices, Databases, Data Center and Disaster Recovery. Key topics and Activities
include:
Networking Essentials
o Key networking concepts and technologies.
o Networking Risks & Controls
o Remote access and authentication
o Network Devices, Tools & resources
o General Procedures for Testing Network Infrastructures and Devices
o Common Network Vulnerabilities
Operating Systems and Functions
Auditing UNIX/Linux: Risks & Controls
o Access control
o Authentication
o Key configurations
o Change control
Auditing Windows Operating Systems/Servers
o Windows Server 2012/2016: risks & controls
o Access control
o Authentication
o Key configurations
o Change control
Module Five:
Auditing IT Infrastructures for Security (Cybersecurity Audit) II -

In this module, we shall continue our on discussion of auditing IT infrastructures. Key topics and Activities
Database Basics and Security Audit
o Database Management Systems (DBMS)
o Relational databases
o Database design
Oracle Database: risks & controls
o Access control
o Authentication
o Roles
o Privileged accounts
SQL Database: risks & controls
o Access control
o Authentication
o Roles
o Privileged accounts
Backup and Disaster Recovery
o Recovery objectives.
o Availability concepts.
o Business continuity.
o Disaster recovery.
o Incident response.
o Auditing Backup controls and recovery processes.
Cloud Computing
o Basics of cloud computing.
o Cloud environments.
o Benefits of cloud computing
o Cloud service risks.

Module Six:
Auditing ERP Systems and Regulatory Compliance -

In our last module, we shall look into ERP systems, which evolved out of manufacturing resource planning
systems for the manufacturing industry, use data from a wide range of business areas to provide cross-
departmental management and process information. The audit of an ERP system requires the IS auditor to
have specific knowledge and an understanding of the complex features and integrated processes built into
and required for the successful implementation, use and control of specific vendor products. Additionally, we
conclude this module on conducting IT Infrastructure audit for compliance. Key topics and Activities include:

Auditing Enterprise Resource Planning (ERP) Systems

o SAP ERP System
o SAP ERP Components and Modules
o SAP ERP Audit Steps to perform

Auditing IT Infrastructure for Regulatory Compliance

o Statement on Standards for Attestation Engagements (SSAE)
o Service and Organization Controls (SOC) Audit Reports and Compliance
o Health Insurance Portability and Accountability Act of 1996 (HIPPA)
o Payment Card Industry (PCI) Data Security Standard