About the course
Instructor: Clay Risenhoover
One of the most significant obstacles facing many auditors today is how exactly to go about auditing the security of an enterprise. What systems really matter? How should the firewall and routers be configured? What settings should be checked on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do we turn this into a continuous monitoring process? All of these questions and more will be answered by the material covered in this course.
This track is organized specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high level audit issues and general audit best practice, the students will have the opportunity to dive deep into the technical "how to" for determining the key controls that can be used to provide a level of assurance to an organization. Tips on how to verify these controls in a repeatable way and many techniques for continuous monitoring and automatic compliance validation will be given from real world examples.
One of the struggles that IT auditors face today is assisting management to understand the relationship between the technical controls and the risks to the business that these affect. In this course these threats and vulnerabilities are explained based on validated information from real world situations. The instructor will take the time to explain how this can be used to raise the awareness of management and others within the organization to build an understanding of why these controls specifically and auditing in general is important. From these threats and vulnerabilities, we will explain how to build the ongoing compliance monitoring systems and how to automatically validate defenses through instrumentation and automation of audit checklists.
You'll be able to use what you learn the day you get home. Five of the six days in the track will either produce or provide you directly with continuous monitoring scripts and a general checklist that can be customized for your audit practice. Each of these days includes hands-on exercises with a variety of tools discussed during the lecture sections so that you will leave knowing how to verify each and every control described in the class and know what to expect as audit evidence. Each of the five hands on days gives you the chance to perform a thorough technical audit of the technology being considered by applying the checklists provided in class to sample audit problems in a virtualized environment.
A great audit is more than marks on a checklist; it is the understanding of the what the underlying controls are, what the best practices are and why. Sign up for this course and experience the mix of theory, hands-on, and practical knowledge.
A Sampling of Topics
Audit planning and techniques
Effective risk assessment for control specification
Firewall and perimeter auditing
Windows auditing & scaling to the enterprise
Active Directory auditing
A proven six-step audit process
Time based auditing
Effective network population auditing
How to perform useful vulnerability assessments
Uncovering "Back Doors"
Building an audit toolkit
Detailed router auditing
Technical validation of network controls
Web application auditing
AUD507.1: Effective Auditing, Risk Assessment, Reporting
AUD507.2: Effective Network & Perimeter Auditing / Monitoring
AUD507.3: Web Application Auditing
AUD507.4: Advanced Windows Auditing & Monitoring
AUD507.5: Advanced UNIX Auditing & Monitoring
AUD507.6: Audit the Flag: A NetWars Experience