A week no longer passes that does not include more headline-grabbing news of a large “cyberattack” or “cyberbreach”. These hacker threats, evolving technologies, and staff shortages challenge IT auditors to address the enterprise’s increasing IT risks. The common thread through these security incidents is the requirement for information security, individual privacy and effective controls at all levels of the enterprise. In this practical four-day seminar, attendees will immerse themselves in a risk and compliance approach to IT auditing to protect the confidentiality, integrity and availability of information assets throughout an enterprise. We will discuss how you can use common frameworks and standards as an overall framework for planning IT audits.
To help arrive at organization-specific risk and compliance IT auditing benchmarks, we will identify authoritative sources for audit program requirements associated with major US and international government and industry legislation, standards, and frameworks. We will concentrate on determining risk and compliance levels in such critical management and technical areas as IT governance, information security, operating systems, database management systems, network infrastructure security, application software development, change management and business continuity planning. Each topic will be accompanied with detailed discussions representing IT control best practices.