Boston Professional Events List


Advanced IT Audit School - ITG341


Date
Apr 24, 2017 - 07:00 AM - Apr 27, 10:00 PM
Organizer
MISTI
Location
Hilton Boston Back Bay 40 Dalton Street Boston, MA United States 02115,

Boston,
MA ,
US,
ZIP: 02115
Phone: (508) 879-7999

"This class is a must-have for any senior level IT Auditor or above"
-IT Auditor, First National Bank of Omaha

In this information-packed four-day seminar, we will cover, in depth, key building blocks of modern IT audit, physical and logical security, including identity & access management, access control models. We will pay particular attention to the threats and vulnerabilities to web-based e-commerce. We will place special emphasis on discovering best practices and standards for auditing web (HTTP) servers and application servers and walk away with tools, techniques and checklists for discovering and testing web and application server security. 

We will also cover auditing database management systems within the context of robust but practical enterprise architecture and governance models and go over web services and service-oriented architectures including SOAP, ReST, SOA and ESB. Together, we will also review safeguard concepts and best practices for secure mobile and wireless applications. We will also discuss standards associated with privacy issues and intellectual property concerns.

Prerequisite: Intermediate IT Audit School (ITG241)​ or Network Security Essentials (ASG203)​ or equivalent experience. Familiarity with basic IT controls terminology and concepts is assumed.
Advance Preparation: None                  
Learning Level: Advanced
Field: Auditing
Delivery Method: Group-Live     



Agenda


What You Will Learn:

1. Identity and Access Control Management (I&ACM) Architecture
• fundamental principles of information security
• making the business case for information security
• defining an enterprise I&ACM architecture
• access control models and architectures
• security audit log management in multi-tiered applications
• TCP/IP network application services security risk analysis
• enterprise directory services
• client/server and middleware security for multi-tiered applications
• locating control points in complex, multi-tiered applications
• security awareness

2. Laws and Standards Affecting IT Audit
• computer crimes, investigations, evidence, forensics
• laws, directives, and regulations
• types of laws
• privacy issues and legislation
• intellectual property, copyright laws, and software piracy
• European Union Data Protection Act
• prominent US and international laws
• information security and auditing standards

3. Web Application Architectures
• inventorying your application software environments
• Web application building blocks and control points
• HTTP protocol and state management
• Web application markup languages
• single/reduced sign-on (SSO) pros and cons
• common Web application threats and vulnerabilities
• Web application security strategies

4. Auditing Web (HTTP) Servers 
• summary of baselines for secure server operating system security
• physical threats, vulnerabilities, risks, and countermeasures
• perimeter security, boundary protection, and facilities access controls
• electrical, temperature, water, and other environmental controls
• fire detection, prevention, and suppression
• information storage media protection, sanitization, and disposal
• emergency procedures
• human resources controls: hiring practices, badges, terminations and transfers
• goals for information security safeguards in applications
• Web server configuration: operational and security requirements
• Web server access control security features: Apache, Microsoft IIS
• perils and protections for remote Web application development
• application firewalls and intrusion prevention systems
• tools, techniques, and checklists for discovering and testing Web server security

5. Business Application Software Development and Audit
• server-side Web page programming security
• mobile code security
• common security vulnerabilities and attacks on Web application software
• attacks on Web servers: cross-site scripting, SQL injection, buffer overflow
• input validation and editing
• software change controls and configuration management
• web application vulnerability and testing tools
• tools, techniques, and checklists for auditing security in application design

6. Auditing Application (Middleware) Servers
• roles, architecture, and security control points for XML/object-oriented development environments and associated application servers
• defining key sources of application server security: declarative vs. programmatic controls, database and Enterprise Information System (EIS) connectors
• audit and security features in components and servers
• tools and techniques for auditing and securing application servers

7. Auditing Database Management Systems
• methods for providing data access to users and other applications
• data access control, authorization, and audit
• relational database management systems (DBMS)
• Structured Query Language (SQL): more than just query
• security risks associated DBMS systems
• audit and security features for major DBMS products
• tools, techniques, and checklists for securing and auditing DBMS components

8. Web Services and Service-Oriented Architectures
• Simple Object Access Protocol (SOAP) Web services definition and architecture
• SOAP Web services standards
• Service Oriented Architectures (SOA)
• SOA Enterprise Service Bus (ESB)
• Representational State Transfer (REST) Web services
• web services audit and security tools, and techniques

9. Auditing Remote Access and Mobile Applications 
• key control points in remote access and mobile applications
• how mobile application differ from internal server based applications
• tools and techniques for protecting the contents of mobile devices
• gateways for mobile applications: vulnerabilities and safeguards
• checklist for secure mobile and wireless application best practices


Event Categories
Keywords: access , applications, architecture , architectures, class , learn, Learning , Management , mobile, network




Comments








Events Calendar

SunMonTueWedThuFriSat
26 27 28 29 30 31 1
2 3 4 5 6 7 8
9 10 11 12 13 14 15
16 17 18 19 20 21 22
23 24 25 26 27 28 29
30 1 2 3 4 5 6

Tag Cloud

Event Location

Newsletters

Subscribe
VIP Life Time Subscription to our Newsletters!
$399.99
$299.99