Three Day Seminar: Technology Audit Foundation

Course Code:
CPE Hours:
Course Start Date:
February 19, 2020
Course End Date:
February 21, 2020
9.00 AM - 5.30 PM
Registration Deadline :
February 12, 2020
Level of course:
Level 1
John Lim & Sunny Sin
Competency areas:
Business Acumen [BA]
Course venue:

Nanyang Polytechnic

Course fee (IIA/ ISACA member):
(Inclusive of GST)
Course fee (non-member):
(Inclusive of GST)
Other Memberships valid for discount:
10% off non-member rate for ISCA and ACCA member
Lunch Provided:
Tea Break:
Course Overview:

This hands-on Technology Audit Foundation Workshop incorporate various practices and hands-on activities for business auditors to develop better understanding on how to assess IT risks, IT governance and management controls, covering between 45 and 50 per cent of the Certified Information Systems Auditor (CISA) certification curriculum. CISA is globally-recognised for Information System (IS) audit control, assurance and security, as well as COBIT, a comprehensive framework of globally-accepted practices, analytical tools and models that help enterprises address business issues through governance and management of information technology.


Auditors or non-IT professionals who want to be equipped with knowledge of IT risks, IT governance and management controls. 

Course description :

• Overview of IT Audit standards, Information Security policies, standards and frameworks
• Understand the IT Audit function, IT Governance framework and how it supports organisational objectives
• Describe security challenges facing IT applications, including web and mobile applications
• Describe security features in IT networks and infrastructure
• Appreciate the concepts behind incident detection and response


Module 1: IT Audit Process and IT Governance Framework

1. IT Audit Process
1.1 IT Audit Strategy and Planning
1.2 IT Audit Standards
1.3 Stakeholder Communication
1.4 Continuous Improvement
Case Study 1

2. IT Governance
2.1 IT Strategy and Business Alignment
2.2 IT Governance and Organisation
2.3 IT Policies, Procedures and Standards
2.4 IT Resource Management/Investment Prioritisation
2.5 IT Portfolio Management
2.6 IT Risk Management
2.7 IT Continuous Monitoring
Case Study 2

Tool(s) used: Simplerisk RIsk Management Dashboard

Module 2: IT Applications
1. Motivations and challenges behind securing applications
2. Web applications security
2.1 Authentication and authorisation
2.2 OWASP Top 10
2.3 Web applications policies
3. Mobile security
3.1 Mobile platform security
3.2 Mobile applications security
3.3 BYOD
3.4 Mobile security policies
4. Designing and secure IT applications
4.1 Threat modelling
4.2 Software testing
4.2.1 Black/Gray/White box testing
4.2.2 Penetration testing
4.2.3 Fuzz testing
4.3 Malware
5. Information Security policies, standards and frameworks

Tool(s) used:

  • SQL Injection Exercise
  • Mobile app security evaluation using MobSF
  • Threat Modeling Tool

Module 3: IT Infrastructure
1. Motivations and challenges behind network and systems security
2. Introduction to Cryptography
3. Introduction to network security

3.1 Challenges in securing networks
3.2 LAN security
3.3 WLAN security
3.4 Bluetooth security
4. Introduction to systems security
4.1 OS security
4.2 Security baselines
4.3 Configuration and patch management
4.4 Cloud security
5. Monitoring and response
5.1 Intrusion detection
5.2 Security events management
5.3 Cyber intelligence
5.4 Disaster Recovery Planning
5.5 Business Continuity Planning
5.6 IT Service Management
6. Auditing emerging technologies

Tools used:

  • Windows Server Active Directory
  • Wireless Security Hacking

Assessment component

Participants will be assessed during the Programme through the practical sessions, which will be graded for competency by the instructor(s). The assessment consists of multiple-choice questions with the practical assessment being included as part of the course structure via workshops; duration for completion of the written segment of the assessment is 1.5 hours (i.e. 0.5 hour per day over the 3 days).

CISA bridging course (After this workshop)
A bridging course, estimated to be 3 days, will be separately developed and offered by ISACA Singapore Chapter. This bridging course will cover the remaining portion of the CISA curriculum, as well as prepare participants of this Programme for the CISA certification examinations.

John Lim

Manager/ Senior Lecturer
John is Manager/ Senior Lecturer for Cybersecurity courses in the School of Information Technology, Nanyang Polytechnic. He has over 15 years’ experience in information and cyber security, focusing on domains such as Applications & Web Security, IT Audit & Governance. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is active in the activities of ISACA Singapore Chapter, having served as its president in 2014 & 2015. He is certified in CISA, CISM, CRISC & CGEIT from ISACA and also CEH, CHFI & ECSA from EC-Council and is a Certified Instructor for EC-Council certifications.

Sunny Sin
Deputy Manager / Senior Lecturer
Sunny is Deputy Manager/ Senior Lecturer in the School of Information Technology, Nanyang Polytechnic. He has over 20 years’ experience in Network and Systems Technology and Security. His current focus is in Operations Security, Network Security and Digital & Cyber Forensics. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is fluent in various forensic toolkits, including Encase and FTK. He is certified in CISA, CISSP from ISACA. He is also a GCFA and GPEN from GIAC.line


Make the payment of your registration fees via PayNow/PayLah! transfer by following the steps below:


1. Upon completing your registration, proceed to payment and select the “Cheque/Fund Transfer” option.
2. Login to Internet Banking or Mobile Banking.
3. Scan our corporate PayNow/PayLah! QR code.
4. Verify our UEN number (S76SS0058D) and release funds.
NOTE: Kindly include the details below under the UEN/Bill Reference Number (text limit of up to 25 characters).


5. Once payment is made, please print screen the transaction and email to for our tracking purposes.

Please refer to PayNow and PayLah! for more information.line

Group Discount
Register as a group of 4 or more participants for the same course and enjoy a 10% group discount!
Applicable for participants from the same company registered within the same day. Discount will be indicated and processed on a single invoice.

Terms and Conditions
1. Registered participants will be liable for the full fee even in the event of non-attendance.
2. A processing fee of $100 will be imposed for any cancellation. Cancellation must be submitted in writing 7 days prior to the event date and subject to IIAS’s approval. Substitutions will be permitted and conditions will apply.
3. All registrations must "Proceed to Payment" to complete registration. Full payment must be received prior the course commencement.
4. Contact Person will be notified VIA EMAIL upon successful registration of the course.
5. Complimentary parking will be provided on a first-come-first-served-basis.
6. IIAS reserves the right to revise the programme as necessary.
7. IIAS reserves the right to cancel or postpone the training should the minimum class size is not met.line


A system generated email will be sent upon successful registration of the mentioned seminar.
Once the course is confirmed, an email confirmation will be sent to the registrants’ contact email addresses 1 week prior to the course commencement date
If you do not receive any email notification regarding your course registrations, please call IIA Academy at 6324 9029.

Registration Closed.