Audit and Security of Networks, Operating Systems ... - MIS Training

The Global Leader In 

Audit and Information Security Training 

Audit and Security 

of Networks, 

Operating Systems 

and Databases 

Beyond the basics – a four-day 

hands-on workshop for auditors who 

need to extend their knowledge 

of new technologies 

It Audit 

4 DAY COURSE: 

13 - 16 November 2012 

London 

‘Excellent training for future audits 

regarding new technologies’ 

IT auditor, 

GE Money Bank Switzerland 

‘The course was great from all 

aspects – the instructor, the facilities 

and the materials’ 

IT Auditor, 

Garanti Bank 

‘The course was very enlightening & 

had a very practical approach 

which made it easy to understand’ 

Course Director 

Steve Rimell 

Steve has an enviable reputation as the 

most respected authority in the UK with 

over 20 years practical experience in 

information systems auditing 

■ Learn the principles of networking and data 

communications 

■ Discover practical methods for exploring and auditing 

networks 

■ Gain an understanding of computer operating systems, 

and the most important areas of audit interest 

■ Explore database systems and find out how to use their 

built-in features to assist your audit 

■ Learn how client/server systems operate, where the 

controls are, and how to audit them 

Systems Auditor 

Register Online at: 

www.mistieurope.com/training 

Quoting Code: 

ITA120910-W



Operating 

Systems and 

Databases 


hands-on workshop for auditors 

who need to extend their knowledge 


Course focus and features 

In this workshop, you will learn, the principles of auditing 

communication networks, how to audit operating systems 

and system software, how to audit database and 

client/server systems. The more technical areas of IT audit 

such as networks and databases have always been a 

problem area for auditors. 

Just knowing where to start is a problem in itself. This course 

builds on the knowledge gained on the IT Audit School and 

provides you with the knowledge you need to tackle the more 

specialised areas of IT auditing. Using hands-on practical 

exercises based on the most common technology in use today, 

our course tutor will explain where the main risks are, how to plan 

the audit approach and how to ask the right questions when the 

audit takes place. 

You will also receive a set of audit programmes showing you what 

to ask, why to ask it and what sort of findings are likely in a typical 

audit. At the end of the course, you will have a solid grounding in 

the principles of networking operating systems, database and 

client/server systems, and the confidence to plan and audits in 

these important areas. 

Who Should Attend 

Internal and external computer auditors and IT security staff who 

need to understand more about computer auditing. 

Course Director 

Steve Rimell 

Steve has an enviable reputation as the most respected 

authority in the UK with over 20 years practical experience in 

information systems auditing. He provides training, security 

reviews, consulting services, and internal audit support for a 

wide range of public and private sector clients in the UK, 

Europe and many other countries. He has also had extensive 

experience as an audit manager running a commercial IS 

audit service. Steve specialises in the more technical aspects 

of information systems audit, having extensive knowledge of 

the security and control of UNIX, Oracle, Windows, and 

networking environments such as TCP/IP. 

He has presented hands-on training courses in this subject 

for MIS Training since 1996, where he proves to the students 

that apparently highly technical areas are not as hard to audit 

as they appear. Steve is a member of CIPFA and the Institute 

of Internal Auditors, and is a founder member of the Institute 

of Information Security Professionals (IISP). 

Advanced Preparation: None 

Training Type: Group-Live (Hands on 

Training) 

Learning Level: Advanced 

Price: GBP £2,595 

CPEs: 30 

‘Steve is a great instructor’ 

IT Auditor, 

Banque Saudi Fransi 

As well as training for MIS Steve is presently engaged in a 

variety of projects to develop audit automation software for 

network and operating system security testing. 

Telephone: 

+44 (0)20 7779 8454 

Email: 

training@mistieurope.com

Day One: 

Tuesday 21st April 

Session 1: Audit and security of networks 

networking 

• Principles of data communication 

• Understanding the terminology of networking 

• The OSI model and its importance to auditors 

• Communication protocols 

• Examples of networking – TCP/IP and NetBIOS 

• Network management protocols 

• Network risks and countermeasures 

– How networks are attacked 

– Network reconnaissance 

– Identifying risky systems 

– Risks of insecure network infrastructure 

devices 

– Tools and techniques – scanners and network 

utilities 

– Firewalls – how they work 

– When the firewall won’t protect you – malware 

and application attacks 

– Secure routers 

– Network intrusion detection and prevention 

• Local area networks 

– LAN controls – accounting for network 

devices 

– Hubs and switches 

– VLANs 

– Networked data storage – SANS and NAS 

Day Two: 

Wednesday 22nd April 

Session 1: Networking, encryption, 

operating systems and system software 

data encryption 

• Types of encryption 

• Practical use of encryption tools 

• Public Key Infrastructures 

• The special security issues of wireless networking 

• Voice over IP (VoIP) networks and how to audit 

them 

• Control of mobile computing – BlackBerry and 

PDA devices 

Session 2: Operating systems 

• Why audit the operating system? 

• The role of an operating system 

• The nature of system software 

• Operating system security standards 

– Examples – UNIX, Netware and the 

Windows 2000/3/XP family 

• Practical steps to the audit of an operating system 

– Installation and configuration issues 

– Audit of the Trusted Software Base 

– Code libraries 

– Tools for the auditor – operating system utilities 

and vulnerability scanners 

• An operating system audit program 

Day Four: 

Friday 24th April 

Session 1: Databases and client/server 

systems 

• Auditing database systems 

• What controls to look for in a database audit 

– Database networking issues 

– User management 

– Database roles 

– Separation of functions 

– Real and virtual objects 

– System privileges 

– Audit trails 

– Databases and business continuity issues 

• Extracting audit data from database systems 

Session 2: Client/server computing 

• What is client/server computing? 

• Data, business and presentation logic 

• Multi-tier systems 

• Middleware 

• Audit issues in client/server development 

• System development controls 

• Locating the application controls 

• Prototyping and RAD 

• Components and reusable software 

• Building and evaluating a client/server application 

Day Three: 

Thursday 23rd April 

Session 1: Programming languages and 

databases 

• Programming languages and system 

development controls 

– Visual programming languages 

– Java 

– Scripting Languages and their audit uses 

• Change management, and how to audit it 

Session 2: Database systems 

• What is a database? 

• Why use database systems? 

• Risks of database development 

• Database components 

– Tables and views 

– Stored procedures 

– Triggers 

– Database audit trails 

Examples: Oracle and SQL server 

Save up to 50% 

with In-House Training 

Tailored and personalised In-House training 

Why choose In-house training? 

Savings - Running an in-house course in your offices will ensure you avoid the 

costs of travel and accommodation. Plus we charge per day not per delegate. 

You can train six or sixteen people for the same price! 

Convenience - We can arrange a course that fits your team’s schedule. Any dates, any 

location, simply tell us what works best for you. Avoid the hassle of coordinating travel 

arrangements and accommodation for your staff 

Tailored training - We have over 150 existing training courses you can mould to fit your 

exact requirements or if you prefer we can just create a new agenda. You will have complete 

control over the course content 

Confidentiality - You can focus on potentially thorny issues that may be specific to your 

organization which are best resolved in private with the expert guidance of your course director 

www.mistieurope.com/inhouse 

Some of the companies we have 

worked with 

PwC • International Labour Office • Barclays 

• Capital One • Legal and General • Deloitte 

• European Court of Auditors • Lukoil • Credit 

Suisse AG • Euroclear • AIB • U.S. Steel, 

Corp. • Novartis • National Commercial Bank 

• Qatar National Bank 

Visit www.mistieurope.com/inhouse 

Call us on 0207 779 8457 

Email sales@mistieurope.com 

Register Online at: 

www.mistieurope.com/training 

Quoting Code: 

ITA120910-W

The Global Leader In 

Audit and Information Security Training 



Operating 

Systems and 

Databases 


hands-on workshop for auditors 

who need to extend their knowledge 


Register Online at: www.mistieurope.com/training 

IMPORTANT INFORMATION - YOUR REGISTRATION CODE: 

IA120910-W 

Please ensure you enter your booking 

code when registering and you will 

be entered into our monthly prize draw 

to win £50 Visa Credit 

LONODN 

13 - 16 NOVEMBER 2012 

PRICE GBP £2,595+VAT 

Price includes tuition, course folder with all 

course notes, lunch and refreshments and a 

prestigious certificate. Delegates are responsible 

for their own accommodation. You can request 

an invoice or pay online. Please note, payment 

must be received prior to course start. 

Travelling To London From Abroad? 

MIS Training has been accredited by the BAC, 

making your trip to London easier which should 

make your visa application process much smoother. 

We can help with your visa. 

Email: training@mistieurope.com 

Join MIS Training Institute’s LinkedIn Group 

Search - Global Security Forum 

What can you expect from the group? 

■ Lively debate with other audit professionals 

■ Access to the latest audit news from across the globe 

■ Audit quizzes and questionnaires 

■ Exclusive white papers and articles 

■ Training and salary surveys 

■ Exclusive MIS Training offers 

Group Booking Discount** 

2 delegates - 

5% discount 

3 delegates - 

10% discount 

4 delegates - 

12% discount 

5 delegates - 

15% discount 

**Available for delegates from one organisation attending the same course 

Data Protection: 

Use of your information: The information you provide on this form will be used by 

Euromoney Institutional Investor PLC and its group companies (“we” or “us”) in relation 

to your registration for this event. We may also monitor your use of our website(s), 

including information you post and actions you take, to improve our services to you 

and track compliance with our terms of use. Except to the extent you indicate your 

objection below, we may also use your data (including data obtained from monitoring) 

(a) to keep you informed of our products and services; (b) occasionally to allow 

companies outside our group to contact you with details of their products/services. As 

an international group, we may transfer your data on a global basis for the purposes 

indicated above, including to countries which may not provide the same level of 

protection to personal data as within the European Union. By submitting your details, 

you will be indicating your consent to the use of your data as identified above. Further 

information on our use of your personal data is set out in our privacy policy, which is 

available at www.mistieurope.com or can be provided to you separately upon request. 

Marketing choices: If you object to contact as identified above by telephone ❑, fax ❑, 

or email ❑, or post ❑, please tick the relevant box. If you do not want us to share your 

information with other companies ❑ please tick this box. 

Cancellation Policy: 

Cancellation or transfer requests must be made in writing (letter or fax) and 

reach the MIS Training office 30 days before the course commencement 

date. A full refund less a £100 administration fee will be given. Delegates 

who cancel less than 30 days before the course commencement date, or 

who do not attend, are liable to pay the full course fee and no refunds will 

granted. If you wish to transfer to a different course within a six month 

period, you will be invoiced a 25% additional charge to transfer your 

registration and any difference in course prices. You will not incur any 

additional charges if you wish to send a replacement delegate and your 

registration meets the above terms. 

Accommodation: 

All training venues will be confirmed 3-4 weeks prior to the course start 

date. MIS Training Institute has negotiated special accommodation rates in 

4 star hotels in central London (Zone 1) for UK courses. 

VAT: 

All delegates attending are liable to pay VAT. 

Overseas delegates can claim a VAT refund under 

the European Union (EU) 8th and 13th Directives on 

all eligible business expenses such as course fees, 

hotel accommodation, meals, car hire 

etc., provided you are not registered for VAT in the 

UK. For more information please visit 

www.mistieurope.com/VAT or 

email training@mistieurope.com. 

Printed on paper from a sustainable 

source, using vegetable oil based inks

Audit and Security of Networks, Operating Systems ... - MIS Training

Create successful ePaper yourself

Delete template?

Save as template?