• Overview of IT Audit standards, Information Security policies, standards and frameworks
• Understand the IT Audit function, IT Governance framework and how it supports organisational objectives
• Describe security challenges facing IT applications, including web and mobile applications
• Describe security features in IT networks and infrastructure
• Appreciate the concepts behind incident detection and response
Module 1: IT Audit Process and IT Governance Framework
1. IT Audit Process
1.1 IT Audit Strategy and Planning
1.2 IT Audit Standards
1.3 Stakeholder Communication
1.4 Continuous Improvement
Case Study 1
2. IT Governance
2.1 IT Strategy and Business Alignment
2.2 IT Governance and Organisation
2.3 IT Policies, Procedures and Standards
2.4 IT Resource Management/Investment Prioritisation
2.5 IT Portfolio Management
2.6 IT Risk Management
2.7 IT Continuous Monitoring
Case Study 2
Module 2: IT Applications
1. Motivations and challenges behind securing applications
2. Web applications security
2.1 Authentication and authorisation
2.2 OWASP Top 10
2.3 Web applications policies
3. Mobile security
3.1 Mobile platform security
3.2 Mobile applications security
3.4 Mobile security policies
4. Designing and secure IT applications
4.1 Threat modelling
4.2 Software testing
4.2.1 Black/Gray/White box testing
4.2.2 Penetration testing
4.2.3 Fuzz testing
5. Information Security policies, standards and frameworks
Module 3: IT Infrastructure
1. Motivations and challenges behind network and systems security
2. Introduction to Cryptography
3. Introduction to network security
3.1 Challenges in securing networks
3.2 LAN security
3.3 WLAN security
3.4 Bluetooth security
4. Introduction to systems security
4.1 OS security
4.2 Security baselines
4.3 Configuration and patch management
4.4 Cloud security
5. Monitoring and response
5.1 Intrusion detection
5.2 Security events management
5.3 Cyber intelligence
5.4 Disaster Recovery Planning
5.5 Business Continuity Planning
5.6 IT Service Management
6. Auditing emerging technologies
Participants will be assessed during the Programme through the practical sessions, which will be graded for competency by the instructor(s). The assessment consists of multiple-choice questions with the practical assessment being included as part of the course structure via workshops; duration for completion of the written segment of the assessment is 1.5 hours (i.e. 0.5 hour per day over the 3 days).
CISA bridging course (After this workshop)
A bridging course, estimated to be 3 days, will be separately developed and offered by ISACA Singapore Chapter. This bridging course will cover the remaining portion of the CISA curriculum, as well as prepare participants of this Programme for the CISA certification examinations.
ABOUT THE TRAINER
Manager/ Senior Lecturer
John is Manager/ Senior Lecturer for Cybersecurity courses in the School of Information Technology, Nanyang Polytechnic. He has over 15 years’ experience in information and cyber security, focusing on domains such as Applications & Web Security, IT Audit & Governance. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is active in the activities of ISACA Singapore Chapter, having served as its president in 2014 & 2015. He is certified in CISA, CISM, CRISC & CGEIT from ISACA and also CEH, CHFI & ECSA from EC-Council and is a Certified Instructor for EC-Council certifications.
Deputy Manager / Senior Lecturer
Sunny is Deputy Manager/ Senior Lecturer in the School of Information Technology, Nanyang Polytechnic. He has over 20 years’ experience in Network and Systems Technology and Security. His current focus is in Operations Security, Network Security and Digital & Cyber Forensics. He is involved in both the full-time Diploma courses and full & part-time professional courses. He is fluent in various forensic toolkits, including Encase and FTK. He is certified in CISA, CISSP from ISACA. He is also a GCFA and GPEN from GIAC.
Make the payment of your registration fees via PayNow/PayLah! transfer by following the steps below:
1. Upon completing your registration, proceed to payment and select the “Cheque/Fund Transfer” option.
2. Login to Internet Banking or Mobile Banking.
3. Scan our corporate PayNow/PayLah! QR code.
4. Verify our UEN number (S76SS0058D) and release funds.
NOTE: Kindly include the details below under the UEN/Bill Reference Number (text limit of up to 25 characters).
5. Once payment is made, please print screen the transaction and email to firstname.lastname@example.org for our tracking purposes.
Please refer to PayNow and PayLah! for more information.
Register as a group of 4 or more participants for the same course and enjoy a 10% group discount!
Applicable for participants from the same company registered within the same day. Discount will be indicated and processed on a single invoice.
Terms and Conditions
1. Registered participants will be liable for the full fee even in the event of non-attendance.
2. A processing fee of $100 will be imposed for any cancellation. Cancellation must be submitted in writing 7 days prior to the event date and subject to IIAS’s approval. Substitutions will be permitted and conditions will apply.
3. All registrations must "Proceed to Payment" to complete registration. Full payment must be received prior the course commencement.
4. Contact Person will be notified VIA EMAIL upon successful registration of the course.
5. Complimentary parking will be provided on a first-come-first-served-basis.
6. IIAS reserves the right to revise the programme as necessary.
7. IIAS reserves the right to cancel or postpone the training should the minimum class size is not met.
A system generated email will be sent upon successful registration of the mentioned seminar.
Once the course is confirmed, an email confirmation will be sent to the registrants’ contact email addresses 1 week prior to the course commencement date
If you do not receive any email notification regarding your course registrations, please call IIA Academy at 6324 9029.