Save $400 on 4-6 Day Cyber Security Courses at SANS Baltimore Fall 2018. Ends 7/18.

AUD307 Foundations of IT Auditing

Dallas, TX | Mon, Feb 3 - Wed, Feb 5, 2014
This event is over,
but there are more training opportunities.

AUD307: Foundations of Auditing Security and Controls of IT Systems Beta

Mon, February 3 - Wed, February 5, 2014

  • 18 CPEs
  • Laptop Not Needed

IT systems are fundamental to many of the controls that need to be audited for organizations today. It's important for auditors to have a foundational understanding of networks and systems and the controls that should be in place. During this course, we discuss the principles around IT controls, the primary regulatory drivers for IT audit, the audit process, and the primary IT audit controls that auditors should be aware of. Students will walk away with a foundational understanding of what an IT audit involves and be ready to participate in an IT audit with the guidance of an experienced IT auditor.

"* Note: This course is designed as an introduction for IT auditors that do not have an extensive technical background. It is designed to provide a foundation quickly for those that may not have a technical background.


You Will Learn:

  • The foundations of auditing IT controls.
  • A foundational understanding of network and system controls.
  • The regulatory drivers for IT audit and the audit process.
  • The controls that auditors must understand and know how to audit to properly audit IT.



This course does not qualify for any additional discounts as it is being offered at a special beta rate in exchange for your feedback.

Course Syllabus

Tanya Baccam ,
Clay Risenhoover
Mon Feb 3rd, 2014
8:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Foundations
  • Types of Audit Risk
  • Major regulatory and industry drivers of IT audit
  • SOX, PCI, GLBA, HIPAA and more
  • SOC reports
  • IT audit frameworks
  • IT audit process
  • Audit objectives
  • Audit Preparation
  • Entrance meeting
  • Fieldwork
  • OSI model
  • Audit controls for networks
  • Firewalls
  • IDS
  • IPS

Tanya Baccam ,
Clay Risenhoover
Tue Feb 4th, 2014
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Policy
  • Physical Security Controls for Facilities
  • Physical Security Controls for Data Center
  • Encryption 101 for auditors
  • SOD Matrix for key IT positions
  • User and Access Management
  • User provisioning
  • User termination procedures
  • Log Management/SIEM
  • Software, SDLC and Change Control
  • Application Architecture
  • Databases
  • Development, Test and Production Environments

Tanya Baccam ,
Clay Risenhoover
Wed Feb 5th, 2014
9:00 AM - 5:00 PM

CPE/CMU Credits: 6

  • Business Continuity Planning
  • Disaster Recovery
  • Business Impact Analysis
  • Checklist for Auditing BCP
  • Configuration Management
  • Exit Meeting
  • Reporting
  • Reporting Limitations
  • Reporting Samples

Additional Information

  • Internal Auditors
  • IT Specialist Auditors
  • IT Auditors
  • IT Audit Manager
  • Information System Auditor
  • Information Technology Auditor
  • Information Security Officer
  • Financial Auditors
  • Operational Auditors

This course does not have any prerequsites.

  • Effectively conduct an IT audit.
  • Understand the key IT controls that should exist and why they are important.
  • Identify regulatory risks related to IT controls.
  • Conduct detailed audits of change control, business continuity planning and many more IT audit areas.

Courses that are good follow-ups

  • AUD444
  • AUD445
  • AUD507

Author Statement

IT audit is now more important than ever. Businesses rely heavily on IT and the surrounding processes. With the pressures of regulatory compliance, protecting customer and business data, and remaining competitive in a tough business environment, todayâs organizations need to know that their information assets are managed and protected properly. IT auditors help to bridge the knowledge and understanding gap between management and IT operations, and are critical to ensuring the success of the organizations they serve. The exciting thing about this course is that itâs designed to provide students with the perfect mix of technical skills and real-world audit techniques. We teach students how to add value to their audits by selecting the right scope, identifying existing controls, testing technical controls properly and writing useful reports. Students will come away from this class ready to provide top-quality technical audit services to their employers and clients. -Tanya Baccam and Clay Risenhoover