Online Course on General IT Audit

Introduction :

Information Technology (IT) is a critical enabler of business. Assuring an organization’s governance, risk management, compliance and control processes requires internal auditors to understand the role of IT within their organizations and to develop adequate knowledge and skills to audit IT systems as the line separating “IT” and “non-IT” audits is beginning to disappear, except in the very technical IT areas.

As technology gets increasingly fused with business processes, business auditors need to be better prepared to provide integrated audit services that encompass process and technology audit areas. This course is specially designed to equip business auditors with skills and knowledge to assess IT risks and related controls, IT governance and management controls.

Learning Outcomes :

• Ability to identify and evaluate business risks in the IT environment and propose solutions to address the identified risks.
• Ability to identify IT-related business risks and evaluate IT general controls and IT application controls in a business context.
• Ability to prepare an audit programme for the audit of an IT system which addresses both IT general control and IT application control objectives
• Ability to participate effectively in the design, development, testing and implementation of a new IT system, providing appropriate audit advisory and consultancy services from the business context.

Who should attend ?

Business auditors, as well as other professionals who have an interest in general IT audit

Course Outline :

Day – I

Overview

Definition and scope of IT audit

The CIA Triage (Confidentiality, Integrity and Availability

IT Audit Process

• IT audit planning
• Conduct of IT audit fieldwork
• Reporting of IT audit observations
• IT Audit Risks
• Assessing IT Risk
• Designing IT Controls
• Business Process Controls

IT Governance, Risk Management and Compliance (GRC)

• Objectives and scope of GRC
• Business and IT Alignment
• Third-party risk management
• GRC systems – Desired Outcomes

Standards

• COBIT
• ISO/IEC 27001
• NIST SP-800s
• SANS
• Center for Internet Security (CIS)

Regulations

• Sarbanes-Oxley
• HIPAA/HITECH
• Privacy & GDPR & CCPA

Disaster Recovery and Business Continuity

• Disaster recovery planning site concepts
• Systems and data backup
• Systems and data recovery procedures
• BCP/DRP planning considerations
• Crisis management

Day – II

Database terms and internet terms

Basic IT infrastructure

Network concepts

• Defining types of networks
• OSI model
• TCP/IP

Networking Risks & Controls

• Remote access and authentication
• Common vulnerabilities

Threat models, e.g., social engineering, malware, Advanced Persistent Threat (APT), Denial of Service (DoS)

Network security Tools & resources

Understanding Vulnerability Assessment and Penetration Testing (VAPT)

Web application testing methodology, tools & demos of OWASP top 10

Darknet & deep web

General IT audit checklist

Understanding cyber security framework of RBI, SEBI, IRDAI

Speaker Profile :

Sachin Dedhia (CISA, CEH, CEI, ISO 27001 LA)

He is an independent Cyber Crime Investigator & also a Certified Ethical Hacker (EC-Council, USA). He is also a certified international trainer in the field of Cyber Security, Ethical Hacking, Cyber Crime Investigations & Digital forensics. Since many years he has been working as an Independent Cyber Crime Investigator and also as a IT security expert for various MNC’s, SME’s, Govt depts., Corporate & individuals. He has also provided training to Mumbai, various other State Police Departments. He has also been assisting various other Govt Departments of India with respect to their Cyber Crime queries.

Since 2010, he has been successfully conducting various seminars & workshops across numerous Schools, Colleges, Universities, Chartered Accountants Chapters, Rotary clubs, Hospitals Etc. Overall, it covered all the sectors of the society. He is one of the most popular speaker in Mumbai University for the Refresher & Orientation courses In 2010, he was privileged to give seminar in the Rajbhavan i.e. in Governor’s office of Mumbai. 9 years of experience in vulnerability Assessment and Penetration Testing (VAPT), ISO 27001 Network VAPT, Web Application VAPT. He has conducted numerous audits for various International as well as national clients, Corporate & Govt. depts.

He has been conducting Corporate Workshops at and is associated with various prestigious associations like Indo-American society, Princeton academy, ICAI and Bankers Training college.

He has successfully conducted over 1000+ seminars & workshops across India, & enlightened over 75,000 participants.

Contact Details :

Revati Khare || Assistant Director – Information & Communication Technology Committee
Email : revati.khare@bombaychamber.com
Tel. (D) + 91 22 6120 0231; (M) + 91 9892029473