Audit and Security of Networks, Operating Systems ... - MIS Training
Audit and Security of Networks, Operating Systems ... - MIS Training
Audit and Security of Networks, Operating Systems ... - MIS Training
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
The Global Leader In<br />
<strong>Audit</strong> <strong>and</strong> Information <strong>Security</strong> <strong>Training</strong><br />
<strong>Audit</strong> <strong>and</strong> <strong>Security</strong><br />
<strong>of</strong> <strong>Networks</strong>,<br />
<strong>Operating</strong> <strong>Systems</strong><br />
<strong>and</strong> Databases<br />
Beyond the basics – a four-day<br />
h<strong>and</strong>s-on workshop for auditors who<br />
need to extend their knowledge<br />
<strong>of</strong> new technologies<br />
It <strong>Audit</strong><br />
4 DAY COURSE:<br />
13 - 16 November 2012<br />
London<br />
‘Excellent training for future audits<br />
regarding new technologies’<br />
IT auditor,<br />
GE Money Bank Switzerl<strong>and</strong><br />
‘The course was great from all<br />
aspects – the instructor, the facilities<br />
<strong>and</strong> the materials’<br />
IT <strong>Audit</strong>or,<br />
Garanti Bank<br />
‘The course was very enlightening &<br />
had a very practical approach<br />
which made it easy to underst<strong>and</strong>’<br />
Course Director<br />
Steve Rimell<br />
Steve has an enviable reputation as the<br />
most respected authority in the UK with<br />
over 20 years practical experience in<br />
information systems auditing<br />
■ Learn the principles <strong>of</strong> networking <strong>and</strong> data<br />
communications<br />
■ Discover practical methods for exploring <strong>and</strong> auditing<br />
networks<br />
■ Gain an underst<strong>and</strong>ing <strong>of</strong> computer operating systems,<br />
<strong>and</strong> the most important areas <strong>of</strong> audit interest<br />
■ Explore database systems <strong>and</strong> find out how to use their<br />
built-in features to assist your audit<br />
■ Learn how client/server systems operate, where the<br />
controls are, <strong>and</strong> how to audit them<br />
<strong>Systems</strong> <strong>Audit</strong>or<br />
Register Online at:<br />
www.mistieurope.com/training<br />
Quoting Code:<br />
ITA120910-W
<strong>Audit</strong> <strong>and</strong> <strong>Security</strong><br />
<strong>of</strong> <strong>Networks</strong>,<br />
<strong>Operating</strong><br />
<strong>Systems</strong> <strong>and</strong><br />
Databases<br />
Beyond the basics – a four-day<br />
h<strong>and</strong>s-on workshop for auditors<br />
who need to extend their knowledge<br />
<strong>of</strong> new technologies<br />
Course focus <strong>and</strong> features<br />
In this workshop, you will learn, the principles <strong>of</strong> auditing<br />
communication networks, how to audit operating systems<br />
<strong>and</strong> system s<strong>of</strong>tware, how to audit database <strong>and</strong><br />
client/server systems. The more technical areas <strong>of</strong> IT audit<br />
such as networks <strong>and</strong> databases have always been a<br />
problem area for auditors.<br />
Just knowing where to start is a problem in itself. This course<br />
builds on the knowledge gained on the IT <strong>Audit</strong> School <strong>and</strong><br />
provides you with the knowledge you need to tackle the more<br />
specialised areas <strong>of</strong> IT auditing. Using h<strong>and</strong>s-on practical<br />
exercises based on the most common technology in use today,<br />
our course tutor will explain where the main risks are, how to plan<br />
the audit approach <strong>and</strong> how to ask the right questions when the<br />
audit takes place.<br />
You will also receive a set <strong>of</strong> audit programmes showing you what<br />
to ask, why to ask it <strong>and</strong> what sort <strong>of</strong> findings are likely in a typical<br />
audit. At the end <strong>of</strong> the course, you will have a solid grounding in<br />
the principles <strong>of</strong> networking operating systems, database <strong>and</strong><br />
client/server systems, <strong>and</strong> the confidence to plan <strong>and</strong> audits in<br />
these important areas.<br />
Who Should Attend<br />
Internal <strong>and</strong> external computer auditors <strong>and</strong> IT security staff who<br />
need to underst<strong>and</strong> more about computer auditing.<br />
Course Director<br />
Steve Rimell<br />
Steve has an enviable reputation as the most respected<br />
authority in the UK with over 20 years practical experience in<br />
information systems auditing. He provides training, security<br />
reviews, consulting services, <strong>and</strong> internal audit support for a<br />
wide range <strong>of</strong> public <strong>and</strong> private sector clients in the UK,<br />
Europe <strong>and</strong> many other countries. He has also had extensive<br />
experience as an audit manager running a commercial IS<br />
audit service. Steve specialises in the more technical aspects<br />
<strong>of</strong> information systems audit, having extensive knowledge <strong>of</strong><br />
the security <strong>and</strong> control <strong>of</strong> UNIX, Oracle, Windows, <strong>and</strong><br />
networking environments such as TCP/IP.<br />
He has presented h<strong>and</strong>s-on training courses in this subject<br />
for <strong>MIS</strong> <strong>Training</strong> since 1996, where he proves to the students<br />
that apparently highly technical areas are not as hard to audit<br />
as they appear. Steve is a member <strong>of</strong> CIPFA <strong>and</strong> the Institute<br />
<strong>of</strong> Internal <strong>Audit</strong>ors, <strong>and</strong> is a founder member <strong>of</strong> the Institute<br />
<strong>of</strong> Information <strong>Security</strong> Pr<strong>of</strong>essionals (IISP).<br />
Advanced Preparation: None<br />
<strong>Training</strong> Type: Group-Live (H<strong>and</strong>s on<br />
<strong>Training</strong>)<br />
Learning Level: Advanced<br />
Price: GBP £2,595<br />
CPEs: 30<br />
‘Steve is a great instructor’<br />
IT <strong>Audit</strong>or,<br />
Banque Saudi Fransi<br />
As well as training for <strong>MIS</strong> Steve is presently engaged in a<br />
variety <strong>of</strong> projects to develop audit automation s<strong>of</strong>tware for<br />
network <strong>and</strong> operating system security testing.<br />
Telephone:<br />
+44 (0)20 7779 8454<br />
Email:<br />
training@mistieurope.com
Day One:<br />
Tuesday 21st April<br />
Session 1: <strong>Audit</strong> <strong>and</strong> security <strong>of</strong> networks<br />
networking<br />
• Principles <strong>of</strong> data communication<br />
• Underst<strong>and</strong>ing the terminology <strong>of</strong> networking<br />
• The OSI model <strong>and</strong> its importance to auditors<br />
• Communication protocols<br />
• Examples <strong>of</strong> networking – TCP/IP <strong>and</strong> NetBIOS<br />
• Network management protocols<br />
• Network risks <strong>and</strong> countermeasures<br />
– How networks are attacked<br />
– Network reconnaissance<br />
– Identifying risky systems<br />
– Risks <strong>of</strong> insecure network infrastructure<br />
devices<br />
– Tools <strong>and</strong> techniques – scanners <strong>and</strong> network<br />
utilities<br />
– Firewalls – how they work<br />
– When the firewall won’t protect you – malware<br />
<strong>and</strong> application attacks<br />
– Secure routers<br />
– Network intrusion detection <strong>and</strong> prevention<br />
• Local area networks<br />
– LAN controls – accounting for network<br />
devices<br />
– Hubs <strong>and</strong> switches<br />
– VLANs<br />
– Networked data storage – SANS <strong>and</strong> NAS<br />
Day Two:<br />
Wednesday 22nd April<br />
Session 1: Networking, encryption,<br />
operating systems <strong>and</strong> system s<strong>of</strong>tware<br />
data encryption<br />
• Types <strong>of</strong> encryption<br />
• Practical use <strong>of</strong> encryption tools<br />
• Public Key Infrastructures<br />
• The special security issues <strong>of</strong> wireless networking<br />
• Voice over IP (VoIP) networks <strong>and</strong> how to audit<br />
them<br />
• Control <strong>of</strong> mobile computing – BlackBerry <strong>and</strong><br />
PDA devices<br />
Session 2: <strong>Operating</strong> systems<br />
• Why audit the operating system?<br />
• The role <strong>of</strong> an operating system<br />
• The nature <strong>of</strong> system s<strong>of</strong>tware<br />
• <strong>Operating</strong> system security st<strong>and</strong>ards<br />
– Examples – UNIX, Netware <strong>and</strong> the<br />
Windows 2000/3/XP family<br />
• Practical steps to the audit <strong>of</strong> an operating system<br />
– Installation <strong>and</strong> configuration issues<br />
– <strong>Audit</strong> <strong>of</strong> the Trusted S<strong>of</strong>tware Base<br />
– Code libraries<br />
– Tools for the auditor – operating system utilities<br />
<strong>and</strong> vulnerability scanners<br />
• An operating system audit program<br />
Day Four:<br />
Friday 24th April<br />
Session 1: Databases <strong>and</strong> client/server<br />
systems<br />
• <strong>Audit</strong>ing database systems<br />
• What controls to look for in a database audit<br />
– Database networking issues<br />
– User management<br />
– Database roles<br />
– Separation <strong>of</strong> functions<br />
– Real <strong>and</strong> virtual objects<br />
– System privileges<br />
– <strong>Audit</strong> trails<br />
– Databases <strong>and</strong> business continuity issues<br />
• Extracting audit data from database systems<br />
Session 2: Client/server computing<br />
• What is client/server computing?<br />
• Data, business <strong>and</strong> presentation logic<br />
• Multi-tier systems<br />
• Middleware<br />
• <strong>Audit</strong> issues in client/server development<br />
• System development controls<br />
• Locating the application controls<br />
• Prototyping <strong>and</strong> RAD<br />
• Components <strong>and</strong> reusable s<strong>of</strong>tware<br />
• Building <strong>and</strong> evaluating a client/server application<br />
Day Three:<br />
Thursday 23rd April<br />
Session 1: Programming languages <strong>and</strong><br />
databases<br />
• Programming languages <strong>and</strong> system<br />
development controls<br />
– Visual programming languages<br />
– Java<br />
– Scripting Languages <strong>and</strong> their audit uses<br />
• Change management, <strong>and</strong> how to audit it<br />
Session 2: Database systems<br />
• What is a database?<br />
• Why use database systems?<br />
• Risks <strong>of</strong> database development<br />
• Database components<br />
– Tables <strong>and</strong> views<br />
– Stored procedures<br />
– Triggers<br />
– Database audit trails<br />
Examples: Oracle <strong>and</strong> SQL server<br />
Save up to 50%<br />
with In-House <strong>Training</strong><br />
Tailored <strong>and</strong> personalised In-House training<br />
Why choose In-house training?<br />
Savings - Running an in-house course in your <strong>of</strong>fices will ensure you avoid the<br />
costs <strong>of</strong> travel <strong>and</strong> accommodation. Plus we charge per day not per delegate.<br />
You can train six or sixteen people for the same price!<br />
Convenience - We can arrange a course that fits your team’s schedule. Any dates, any<br />
location, simply tell us what works best for you. Avoid the hassle <strong>of</strong> coordinating travel<br />
arrangements <strong>and</strong> accommodation for your staff<br />
Tailored training - We have over 150 existing training courses you can mould to fit your<br />
exact requirements or if you prefer we can just create a new agenda. You will have complete<br />
control over the course content<br />
Confidentiality - You can focus on potentially thorny issues that may be specific to your<br />
organization which are best resolved in private with the expert guidance <strong>of</strong> your course director<br />
www.mistieurope.com/inhouse<br />
Some <strong>of</strong> the companies we have<br />
worked with<br />
PwC • International Labour Office • Barclays<br />
• Capital One • Legal <strong>and</strong> General • Deloitte<br />
• European Court <strong>of</strong> <strong>Audit</strong>ors • Lukoil • Credit<br />
Suisse AG • Euroclear • AIB • U.S. Steel,<br />
Corp. • Novartis • National Commercial Bank<br />
• Qatar National Bank<br />
Visit www.mistieurope.com/inhouse<br />
Call us on 0207 779 8457<br />
Email sales@mistieurope.com<br />
Register Online at:<br />
www.mistieurope.com/training<br />
Quoting Code:<br />
ITA120910-W
The Global Leader In<br />
<strong>Audit</strong> <strong>and</strong> Information <strong>Security</strong> <strong>Training</strong><br />
<strong>Audit</strong> <strong>and</strong> <strong>Security</strong><br />
<strong>of</strong> <strong>Networks</strong>,<br />
<strong>Operating</strong><br />
<strong>Systems</strong> <strong>and</strong><br />
Databases<br />
Beyond the basics – a four-day<br />
h<strong>and</strong>s-on workshop for auditors<br />
who need to extend their knowledge<br />
<strong>of</strong> new technologies<br />
Register Online at: www.mistieurope.com/training<br />
IMPORTANT INFORMATION - YOUR REGISTRATION CODE:<br />
IA120910-W<br />
Please ensure you enter your booking<br />
code when registering <strong>and</strong> you will<br />
be entered into our monthly prize draw<br />
to win £50 Visa Credit<br />
LONODN<br />
13 - 16 NOVEMBER 2012<br />
PRICE GBP £2,595+VAT<br />
Price includes tuition, course folder with all<br />
course notes, lunch <strong>and</strong> refreshments <strong>and</strong> a<br />
prestigious certificate. Delegates are responsible<br />
for their own accommodation. You can request<br />
an invoice or pay online. Please note, payment<br />
must be received prior to course start.<br />
Travelling To London From Abroad?<br />
<strong>MIS</strong> <strong>Training</strong> has been accredited by the BAC,<br />
making your trip to London easier which should<br />
make your visa application process much smoother.<br />
We can help with your visa.<br />
Email: training@mistieurope.com<br />
Join <strong>MIS</strong> <strong>Training</strong> Institute’s LinkedIn Group<br />
Search - Global <strong>Security</strong> Forum<br />
What can you expect from the group?<br />
■ Lively debate with other audit pr<strong>of</strong>essionals<br />
■ Access to the latest audit news from across the globe<br />
■ <strong>Audit</strong> quizzes <strong>and</strong> questionnaires<br />
■ Exclusive white papers <strong>and</strong> articles<br />
■ <strong>Training</strong> <strong>and</strong> salary surveys<br />
■ Exclusive <strong>MIS</strong> <strong>Training</strong> <strong>of</strong>fers<br />
Group Booking Discount**<br />
2 delegates -<br />
5% discount<br />
3 delegates -<br />
10% discount<br />
4 delegates -<br />
12% discount<br />
5 delegates -<br />
15% discount<br />
**Available for delegates from one organisation attending the same course<br />
Data Protection:<br />
Use <strong>of</strong> your information: The information you provide on this form will be used by<br />
Euromoney Institutional Investor PLC <strong>and</strong> its group companies (“we” or “us”) in relation<br />
to your registration for this event. We may also monitor your use <strong>of</strong> our website(s),<br />
including information you post <strong>and</strong> actions you take, to improve our services to you<br />
<strong>and</strong> track compliance with our terms <strong>of</strong> use. Except to the extent you indicate your<br />
objection below, we may also use your data (including data obtained from monitoring)<br />
(a) to keep you informed <strong>of</strong> our products <strong>and</strong> services; (b) occasionally to allow<br />
companies outside our group to contact you with details <strong>of</strong> their products/services. As<br />
an international group, we may transfer your data on a global basis for the purposes<br />
indicated above, including to countries which may not provide the same level <strong>of</strong><br />
protection to personal data as within the European Union. By submitting your details,<br />
you will be indicating your consent to the use <strong>of</strong> your data as identified above. Further<br />
information on our use <strong>of</strong> your personal data is set out in our privacy policy, which is<br />
available at www.mistieurope.com or can be provided to you separately upon request.<br />
Marketing choices: If you object to contact as identified above by telephone ❑, fax ❑,<br />
or email ❑, or post ❑, please tick the relevant box. If you do not want us to share your<br />
information with other companies ❑ please tick this box.<br />
Cancellation Policy:<br />
Cancellation or transfer requests must be made in writing (letter or fax) <strong>and</strong><br />
reach the <strong>MIS</strong> <strong>Training</strong> <strong>of</strong>fice 30 days before the course commencement<br />
date. A full refund less a £100 administration fee will be given. Delegates<br />
who cancel less than 30 days before the course commencement date, or<br />
who do not attend, are liable to pay the full course fee <strong>and</strong> no refunds will<br />
granted. If you wish to transfer to a different course within a six month<br />
period, you will be invoiced a 25% additional charge to transfer your<br />
registration <strong>and</strong> any difference in course prices. You will not incur any<br />
additional charges if you wish to send a replacement delegate <strong>and</strong> your<br />
registration meets the above terms.<br />
Accommodation:<br />
All training venues will be confirmed 3-4 weeks prior to the course start<br />
date. <strong>MIS</strong> <strong>Training</strong> Institute has negotiated special accommodation rates in<br />
4 star hotels in central London (Zone 1) for UK courses.<br />
VAT:<br />
All delegates attending are liable to pay VAT.<br />
Overseas delegates can claim a VAT refund under<br />
the European Union (EU) 8th <strong>and</strong> 13th Directives on<br />
all eligible business expenses such as course fees,<br />
hotel accommodation, meals, car hire<br />
etc., provided you are not registered for VAT in the<br />
UK. For more information please visit<br />
www.mistieurope.com/VAT or<br />
email training@mistieurope.com.<br />
Printed on paper from a sustainable<br />
source, using vegetable oil based inks