Three Day Seminar: Technology Audit Foundation

CPE Hours: 25

 

This hands-on Technology Audit Foundation Workshop incorporate various practices and hands-on activities for business auditors to develop better understanding on how to assess IT risks, IT governance and management controls, covering between 45 and 50 per cent of the Certified Information Systems Auditor (CISA) certification curriculum. CISA is globally-recognised for Information System (IS) audit control, assurance and security, as well as COBIT, a comprehensive framework of globally-accepted practices, analytical tools and models that help enterprises address business issues through governance and management of information technology.

 

Auditors or non-IT professionals who want to be equipped with knowledge of IT risks, IT governance and management controls.

 

 

1.1 IT Audit Strategy and Planning

1.2 IT Audit Standards

1.3 Stakeholder Communication

1.4 Continuous Improvement

Case Study 1

 

2.1 IT Strategy and Business Alignment

2.2 IT Governance and Organisation

2.3 IT Policies, Procedures and Standards

2.4 IT Resource Management/Investment Prioritisation

2.5 IT Portfolio Management

2.6 IT Risk Management

2.7 IT Continuous Monitoring

Case Study 2

 

 

2.1 Authentication and authorisation

2.2 OWASP Top 10

2.3 Web applications policies

 

3.1 Mobile platform security

3.2 Mobile applications security

3.3 BYOD

3.4 Mobile security policies

 

4.1 Threat modelling

4.2 Software testing

4.2.1 Black/Gray/White box testing

4.2.2 Penetration testing

4.2.3 Fuzz testing

4.3 Malware

 

 

 

 

3.1 Challenges in securing networks

3.2 LAN security

3.3 WLAN security

3.4 Bluetooth security

 

4.1 OS security

4.2 Security baselines

4.3 Configuration and patch management

4.4 Cloud security

 

5.1 Intrusion detection

5.2 Security events management

5.3 Cyber intelligence

5.4 Disaster Recovery Planning

5.5 Business Continuity Planning

5.6 IT Service Management

 

 

Participants will be assessed during the Programme through the practical sessions, which will be graded for competency by the instructor(s). The assessment consists of multiple-choice questions with the practical assessment being included as part of the course structure via workshops; duration for completion of the written segment of the assessment is 1.5 hours (i.e. 0.5 hour per day over the 3 days).

 

A bridging course, estimated to be 3 days, will be separately developed and offered by ISACA Singapore Chapter. This bridging course will cover the remaining portion of the CISA curriculum, as well as prepare participants of this Programme for the CISA certification examinations.

 

Mr John Lim, Manager/ Senior Lecturer

John is Manager/ Senior Lecturer for Cybersecurity courses in the School of Information Technology, Nanyang Polytechnic. He has over 15 years’ experience in information and cyber security, focusing on domains such as Applications & Web Security, IT Audit & Governance. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is active in the activities of ISACA Singapore Chapter, having served as its president in 2014 & 2015. He is certified in CISA, CISM, CRISC & CGEIT from ISACA and also CEH, CHFI & ECSA from EC-Council and is a Certified Instructor for EC-Council certifications.

 

Mr Sunny Sin, Deputy Manager / Senior Lecturer

Sunny is Deputy Manager/ Senior Lecturer in the School of Information Technology, Nanyang Polytechnic. He has over 20 years’ experience in Network and Systems Technology and Security. His current focus is in Operations Security, Network Security and Digital & Cyber Forensics. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is fluent in various forensic toolkits, including Encase and FTK. He is certified in CISA, CISSP from ISACA. He is also a GCFA and GPEN from GIAC.