A Practical Guide to Controls for IT Professionals

 View Dates & Sign Up ·  Print Brochure ·  Email Page ·  Bring On-site

Seminar Brochure

How Effective Controls Secure Your Organization's Vital Information

Seminar Focus and Features
Legislation such as the Gramm-Leach-Bliley Act, HIPAA, and Sarbanes-Oxley mandate that today’s organizations provide increasing levels of assurance that the enterprise’s information is protected. These and other regulations require IT departments to continuously assess and improve their controls and security over the information processed through their enterprise applications. As a result, IT management and professionals are feeling the heat to gain an understanding of controls and how they directly impact data security and integrity.

This three-day seminar is designed to provide all levels of IT personnel with an understanding of what controls are and why they are critical to safeguarding information assets. You will discover why it is important to have a business-process view of IT controls and review the critical role they play in providing for a smooth running, efficiently managed IT environment. You will review the COSO and COBIT control frameworks and get tips on how they can be applied to your day-to-day activities. You will also compare control frameworks with IT standards, including ISO 17799 and ITIL and gain an understanding of IT control best practices. You will learn the importance of application and general controls, cover how to perform control self-assessments within your areas of responsibility, and find out how system development methodologies fit into the control framework. You will leave this intensive seminar with the know-how to “talk the talk” with IT auditors and to play a high-profile role in assuring your organization’s vital information is secure.

Prerequisite: None

Learning Level: Intermediate

Who Should Attend
IT Management and Staff, and other IT personnel who need to know what controls are and how they work; IT Auditors

What You Will Learn
1. What Is a Control?

• - control definitions
• - control objectives
• - control components
• - control frameworks
• - types of controls
• - why controls provide value to the organization
• - impact of GLBA, HIPAA and Sarbanes-Oxley on controls

2. Control-Setting Organizations and Control Frameworks

• - COSO Control Framework
• -- control environment
• -- risk assessment
• -- control activities
• -- information and communication
• -- monitoring
• - The Institute of Internal Auditors (IIA): IIA Professional Practices Framework
• - Information Systems Audit and Control Association (ISACA)
• -- COBIT: Control Objectives for Information Technology
• -- ISACA Standards for Information System Auditing
• -- Certified Information System Auditor (CISA)
• - IT Governance Institute
• - ISO 17799
• - ITIL

3. Internal Control Components

• - preventive, detective, corrective controls
• - cost/benefit considerations
• - control points
• - control environment and associated threats

4. Risk Assessment

• - identifying risk factors, vulnerabilities and threats
• - business and technical risks
• - determining risk
• - effects of risk
• - risk assessment factors
• - management risks in an automated environment
• - security risks

5. IT Controls

• - IT governance
• - general IT controls
• - application controls
• - centralized vs. distributed controls
• - GLBA, HIPAA, Sarbanes-Oxley security/control requirements

6. General Controls

• - general control categories
• - centralized vs. distributed controls
• - logical security
• -- authentication
• -- authorization
• -- tokens and smart cards
• -- biometrics
• -- audit trails
• -- single sign on
• -- security administration
• -- security monitoring
• - physical security
• - system software
• - patch management
• - database management systems
• - IT operations
• - networks
• - encryption
• - remote access
• - wireless
• - environmental protection
• - change management
• - disaster recovery and business continuity planning

7. Application Controls

• - relationship between general controls and application controls
• - business applications risks
• - transaction life cycle
• - system development methodology
• - data integrity controls
• - completeness and accuracy of input
• - completeness and accuracy of processing
• - exception reporting
• - output controls
• - access controls
• - application change management
• - application continuity planning

8. IT Governance Controls

• - IT organization and management
• - policies and procedures
• - IT steering committees
• - separation of duties
• - outsourcing IT functions

9. Using COBIT

• - COBIT framework
• - control objectives
• - how COBIT can effectively be utilized in IT
• - implementing the COBIT framework

10. Interfacing with the Auditors: Making Sure You Are All on the Same Page

• - objectives of IT audits
• - internal vs. external auditors
• - types of IT audits
• - system development and acquisition audits
• - risk-based auditing
• - audit planning, execution and closing
• - audit programs
• - Sarbanes-Oxley audits
• - control self-assessments

Sponsor Background:
MIS Training Institute was founded in 1978 for the express purpose of providing quality training exclusively for audit and information security professionals. A leader in the field of audit and security education, its seminar curriculum offers over 70 courses in the areas of Modern Internal Auditing, EDP Auditing, Data Base, Microcomputer, Systems, and Software, Data Communications, and Information Security. In its dedication to serving the audit and information security community, MIS also offers a variety of products and services which include special topical conferences, video training, publications, microcomputer software, and consultation.

This seminar has 2 available dates/locations. Click the button below to view them all and to sign up for this seminar. To quickly return to this seminar at a later time, you can search by its QuickCode: QQBRLJ.

Get updated when new dates are added for this seminar.

Get a free personalized recommendation from our experts!

Questions? Please call us Toll-free at (877) SEM-INFO.