Virtual Catalog




		Dedicated to the Improvement of the Audit Profession and Management Practices

ARTI Global...A provider of timely and targeted courses to a global community of Audit Professionals

About this electronic catalog: Welcome to ARTI Global’s virtual course catalog. This catalog contains details about our courses, in a format similar to those you would find in paper-based catalogs you receive once or twice a year (maybe more?), but better!. With this electronic system you do not have paper pages to go through. Here you find a particular title, click on it and you are there! You want to go back to the index, not a problem at the bottom of the course description section we have provided links that take you back to this page. You want your employees or colleagues to pick and chose or just look at courses they want to take? Well this electronic catalog can be looked at by ALL of your employees/colleagues at the same time.

About our courses listed in this catalog:The courses in this catalog are described in their originally designed length and content. As a service to our customers, these courses can be delivered in shorter time frames. Please contact our In-house Sales Department for more information about our effective, efficient and cost justified programs by clicking on the following link In-House Programs or click on the following link Contact Us to go to our company's directory.

Click on the course you wish to consider.

Introductory through Intermediate Audit Seminars

IA01 - Introduction to Information Systems Auditing
IA02 - Auditing and Assessing Projects Under Development
IA03 - Project Management Audit Concepts and Organization
IA04 - Managing an Audit Department for the 21st Century
IA05 - Auditing Fraud 101
IA06 - Auditing Contingency Planning and Disaster Recovery Process
IA07 - Information Systems Auditing - Intermediate Level
IA08 - Auditing Data Integrity in Application Systems
IA09 - Improving Management and Employee Performance
IA10 - Fundamentals of Information Systems for Audit Managers
IA11 - Auditing Internal Controls
IA12 - Auditing End User Environments (see note below)
IA13 - Re-Engineering-The Next Logical Step for Auditing (see note below)

Note: These two courses are currently under design and will be available at the end of March 2009. We have not included course outlines for these courses in this web site. Please contact us for more information.

Audit Banking Seminars

AB01 - Auditing Internet Banking
AB02 - Sarbanes Oxley (SOX) and the Banking Industry

To our Advanced Technical Students:

The course outlines listed below are designed to comply with the various professional certifying organizations’™ documentation requirements. For example, professionals with CIA, CISA, CISM, and CISSP certifications will find that the course content, suggested CPE, attendance record retention, workbook organization and certificate of completion comply with the requirements of these organizations. Students should review content information to ensure application to their certification.

Advanced IT Audit and IT Professional Seminars

AIT01B -Fundamentals of Information Security for Auditors
AIT02J-Auditing E-Commerce Applications
AIT03J-Internet Security & Control
AIT04J-Auditing FireWall-1
AIT05J-Technical Audit of Firewall Implementation
AIT06J-Auditing Risk and Controls in Client/Server Environments
AIT07J-Audit of Firewall and Router Security

Operating Systems and database Security Audit Seminars

ODS01J-Audit & Security of Windows 2000
ODS02J-Audit & Security of Windows 2003
ODS03J-Unix Security & Audit
ODS04J-Linux Security & Audit
ODS05J-Database Security & Audit
ODS06J-Audit & Security of Oracle
ODS07J-Audit & Security of Microsoft SQL Server
ODS08B-Audit, Control and Security of Windows NT
ODS09B-Windows 2000 Active Directory
ODS10B-Tools for Administering Windows NT (and NT4)
ODS11B-Windows 2000 Group Policy & IPSEC
ODS12B- Auditing The Operating System A Systematic Approach

Network Security Audit Seminars

NSA01J-Introduction to TCP/IP
NSA02J-Network Security Fundamentals
NSA03J-20 Key Tools for a Network Security Audit
NSA04J-Network Penetration Tools & Techniques
NSA05J-Audit & Security of CISCO routers
NSA06J -Data Communications Security
NSA07B-Understanding and Securing TCP/IP Networks
NSA08B-A Systematic Approach to Attack and Penetration Testing
NSA09B-Fundamentals of Encryption
NSA10B-Network Security & Authentication
NSA11B-Wireless Security
NSA12B-Internet Security Fundamentals
NSA13B-Introduction to Network Penetration
NSA14B-Network Security Firewalls,Vulnerability Assessments and Penetration Testing
NSA15B-Understanding and Implementing Firewalls
NSA16B -Incident Response - Building a CSIRT

Computer Forensic Auditing

CFA01J-Computer Forensic Analysis and Investigation

IA01 - Introduction to Information Systems Auditing

(4 day Format)

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Basic

Prerequisite: 1 year experience in Auditing

Suggested Field of Study: Auditing

Who Should Attend: Financial/Operational Auditors, Accountants and New IS Auditors

Course Description: This four day course addresses all the key areas of Information Systems auditing a new auditor to this field will require. The participant will be exposed to a significant level of detail in this full version course. The course carefully directs the participants to first assess why it is important to understand and maybe move into this field. The participants will be provided with functional roles and responsibilities for Information Systems auditors that are actually perceived by management as the role this group has been charged with. The new IS or IT auditor will be exposed to the most current laws that impact this profession. For example a summary review of the Sarbanes Oxley Act or SOX. This review ensure the new IS/IT auditor familiarity with the newest requirements in the industry.

After this initial introduction, the participants move on to the more technical side of the profession. The participants are first provided with the description of legacy systems their functionality even today and comparing these old and trusted system with the newest kids on the block; the client/server or distributed processing environments. These chapters are furthered enhanced by today’s modern communication systems. These connecting points or Networks as they are commonly known, provide the back bone of every modern organization today. So the new IS/IT auditor has to become familiar with this environment. This is followed by disclosing how companies developed trusted environments so proper mitigation of risk takes place.

At this point in the course, the participants will know that the IS/IT areas are labeled as high risk because of your organization's reliance on its availability and services. So failure to operate in a controlled manner or simply operate at all could result in significant losses. The participants are, therefore, thoroughly thrust into understanding about General Controls and their impact on the business internal control mechanisms. Further, a sampling of the most significant areas of the Information Technology Division is performed. This review provides significantly understanding on how all of this works.

The last four chapters deal with understanding the many uses of automation to perform IS/IT audits, the changing auditing environment requiring all auditors to stay current or be lost in the rapidly moving technology, the planning process required for an IS/IT audit that includes the use of non technical auditors using an integrated approach, and finally a phased approach to performing IS/IT audits is described as a sample of how these audits are coordinated and executed.

Click here to return to the first page

IA02 - Auditing and Assessing Projects Under Development

(4 day Format)

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisite: 2 years experience in Auditing

Suggested Field of Study: Auditing

Who Should Attend: Financial/operational Auditors and IS Auditors

Course Description:

In this four day course the participants will be provided with a thorough review of the system development process, its basic management structure, project organizational mechanism, and an actual real-world case study to show you how to audit each of the development phases.

In the first segment, the course material will set the stage for the eventual audit process by explaining in detail the following areas of information: Management and Audit Roles and Responsibilities, understanding what a project is and what are the requirements and pitfalls to avoid in project management, issues to consider when your organization decides to outsource project management, Work Breakdown Structures and how it works, and pre-audit information that helps the auditor to understand from the first steps in auditing your system development project to understanding prototyping/iterative development strategies.

In the next segment, the participants will evaluate each of the six modern phases used in today's development projects. Each chapter begins with the objectives for that phase, what needs to be done by the auditor to ensure compliance to objectives, and an audit program specifically designed for each phase. After reviewing the audit program, the participants will be asked to organize themselves into groups and evaluate each case study for the corresponding phases presented in the course. Each group will be ask to assess each of the issues noted using the audit programs provided after each chapter and information obtained from the author's presentation. At the last phase, the groups will be asked to provide an overall rating/opinion using a numerical assessment evaluation system.

In addition to the lecture and detailed case studies, the workbooks provided will also include a bibliography of reference materials, sample client/server, Internet and other technical terminology used today, and a sample risk model which contains unique categories for examining pertinent aspects of each project. This risk model can assist you in selecting the most appropriate project to audit.

Click here to return to the first page

IA03 - Project Management Audit Concepts and Organization

(4 day format)

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate Prerequisite Responsibilities in this area

Prerequisite: 2 years experience in Auditing

Suggested Field of Study:Auditing

Who Should Attend: Auditing personnel, project managers and members of management

Course Description:

In this four day course the participants will learn from the basic fundamentals of what constitutes a project to the advanced methods of today's project management; such as the Virtual Project Management process.

The seminar will be divided into three logical segments that will allow auditors to complete their examination.

In the first segment we prepare the auditor will provided with definitions and structure of a project. This will be enhanced by delving into the process itself and how it should operate. Next, we will look at how project management, as a discipline was applied then, how it is applied today in light of SOX compliance issues.

In the second segment we will examine more advance topics. We will compare the Request for Funding Process and the Proof of Concept to determine how management evaluates which one will best work for the organization. We then examine the value and need for a corporate wide System Development Methodology from a risk and control perspective and also from a compliance perspective (both corporate and regulatory issues).

And, in the last segment, we will look at some of the project management tools available to your audit client. This section will provide the auditor with insights into the mechanisms that should be used and whether they are being used as required by management. Other topics discussed will be the criteria developed by management to search for or acquire the services of a Project Manager. Because this person is so critical in the successful completion of a project, management's selection process becomes an integral part of the project and in the audit engagement.

Because of the high investment and high expectations from each project, we will examine in detail who is responsible for what. With the modern concepts and practices of today, everyone has a specific role in product development. Therefore, we will discuss roles and responsibilities of System Owners, Information Technology group, Senior Management and Internal Audit.

We end our segment and the course by discussing risks associated with outsourcing project management, and the hot new concept of a Virtual Project Management Office.

As a bonus to our participants, we will also include a bibliography of additional resources, and a glossary of project management terms.

Click here to return to the first page

IA04 - Managing an Audit Department for the 21st Century

(2 day format)

CPE Hours: 16

Delivery Method: Lecture and Class Participation

Suggested Field of Study: Specialized Knowledge and Application

Skills Level: Intermediate

Prerequisites: 3 to 5 years Audit Experience

Who Should Attend: Audit Seniors, Supervisors and Managers

Course Description: In this 2-day course the participants will learn about the key components of managing in today's highly automated and changing roles for auditors. The course effectively targets the building blocks on good supervision and management. Specifically, methods and practices regarding how employees can be a significant contributor, how they can become stronger in managing their projects, and ensuring their communication skills are asset and not a liability. Special sections such as the improvement of management skills and how to manage ethical behavior is discussed. The remaining sections discuss key components for implementing rotational leadership, adding value to all work performed (or as least have management acknowledge that you are adding value), how to best influence your auditees (customers) and a conceptual design overview of the reengineering process in a implement able matrix format.

Click here to return to the first page

IA05 - Auditing Fraud 101

(1 day format)

Suggested CPE Hours: 8

Skills Level: Basic/Intermediate

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Prerequisite: Understand Internal and General Controls, Applicable Crime Laws (not mandatory but helpful), some working knowledge of COSO, COBIT, Governmental rules and regulations (if applicable)

Who Should Attend: Financial/Operational Auditors, Single Audit Auditors, Accountants, Treasurers, New Information Technology Auditors, Management, those charged with responsibilities in this area.

Learning Objectives: Participants will learn about the genesis of a fraud in today's environment, its detection and solutions for correcting, and mitigating risk of further abuse.

Course Description: As a result of this course's unique design and expert delivery, the participants are immersed into what really is important by addressing the key areas of fraud in today's modern operations.To this end, the course quickly and efficiently addresses the genesis of a fraud, its markers or indicators, responsibilities for this crime and the solution to mitigate risk; so that this crime does not occur again. The course contains the following topics:

Today’s Most Common Fraud Activities and Why

Technology Hit Parade

Cyber Crimes

Physical and Logical Access

Portable Mini and Micro Drives

Wireless

The Human Factor

Societal Crimes

Private Sector Crimes

Responsibilities for Detecting Fraud

Management

Audit (External third party, Internal/Inspectors)

Employees

Structures that Promote Fraud

Management or the lack of it

Integrity of Operational and Technical Designs

Topical Issues Dealing with Fraud or the Appearance of Fraud

Elections...the paperless environment

Identity Theft...Public Records

Virtual Office

Employee Exit process

Key Elements

Indicators/Detectors (are they present?)

Actuators (the engine that makes it possible)

Fraud Prevention/Solutions

Performing Risk Assessments

IT Systems

Auditors

Click here to return to the first page

IA06 - Auditing Contingency Planning and Disaster Recovery Process

(4 day format)

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years audit experience and/or active involvement in the Contingency and Disaster Recovery process

Who Should Attend: Professionals responsible for either performing audits in this area and/or professionals involved in the design and implementation of the organization's Contingency and Disaster Recovery process. Specifically:

IS/IT auditors
Financial auditors
Operational auditors
Accountants
IS/IT audit managers
IS/IT security/control professionals

Course Description: In this four day course, the participants will be provided with a comprehensive understanding of the current Contingency Planning and Disaster Recovery issues. The material covers ALL the components of the Contingency Planning and Disaster Recovery process that are crucial in today's business activities. The information provided associates the risk of the ongoing technology evolution to the contents of the Contingency Plan and associated Disaster Recovery Testing. The participants will be provided with ideas on how to audit each of the key areas in the Plan and the Disaster Recovery Test. Along with the information provided by area, a real world case study has been inserted in each of the areas of the plan and disaster recovery test to ensure comprehension.

This course significantly improves or adds to your understanding of this very important process. Any organization that is either required to have a contingency plan or wants to do it because it is good business, needs to have its people attend this course.

Click here to return to the first page

IA07 - Information Systems Auditing - Intermediate Level

(4 day format)

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate intended for attendees with a basic understanding of IT audit and 2 to 3 years operational, financial, and/or performance auditing experience.

Prerequisite:See note below

Suggested Field of Study: Auditing

Who Should Attend: All auditors meeting the suggested prerequisite experience level and background.

Course Description:This four day course is designed as a continuation of the Fundamentals or Introduction to Information Systems Auditing course. This course assumes an understanding of certain terminology, and control practices as described in such control framework structures as COBIT and COSO. The participants will be provided with methods and practices to assist them in performing comprehensive audits of significant areas of the Information Systems Department (ISD). While all areas of the ISD are important, the areas chosen for this course represent significant risk in today’s networked, and decentralized processing environment. Included in the course is a chapter totally dedicated to the Sarbanes Oxley Act (SOX) and other issues related to AICPA’s SAS99 and the SEC’s PCAOB. There are also exercises by specific audit area to ensure participants understand the concepts and methodology discussed in the seminar. And, several appendix sections are included with the work book which provide participants with an understanding of technical terms, references related to the subject matter found on the Internet that can be of use for further studies; and audit programs of a few key areas to assist participants in their audit.

Sample of the topics covered in this timely and insightful course:

Internet Operations
Sox, SAS 99 and SEC’s PCAOB
Network Environments
Firewall Rules
Application Auditing
Change Management/Quality Assurance
Data Security Administration
Programming Department.
Data Center Operations
Tape/media librarian functions
Physical Security
Decentralized Processing Centers
Hot Site Testing
Integrated Auditing

Prerequisite: Minimum of two to three years of audit experience and the participant should have taken a Fundamentals or Introduction to Information Systems Auditing course no more than one year of taking this course. We also recommend the participant have some hands on experience in performing limited Information Systems Auditing. This experience criteria is important but not mandatory to participate and to understand the concepts discussed in this course.

Special Note: This course is not targeted for veteran IT auditors or IT auditors with more than 4 or 5 years experience in IT Auditing. While these auditors are welcome to attend the course as a refresher, their expectations should not include learning something to which they have never been exposed to.

While we believe this is a good course for IT professionals, the course does assume the following fundamental concepts from a previous audit introduction course like an Introduction to IS Auditing or a related Fundamentals Cobit course:

Work paper creation
Auditing interviewing skills
Auditing standards which meet both legal and professional criteria
Assessing and understanding controls and how they impact risk
Audit behavior and ethics
And, audit operational skills.

While the course explores areas that IT professionals are already familiar with, the material is presented only from an auditing perspective - not a technical view point.

Click here to return to the first page

IA08 - Auditing Data Integrity in Application Systems

(2 day format)

CPE Hours: 16 hours

Delivery Method: Lecture, Class Participation

Skills Level: Basic to Intermediate

Prerequisite: Familiar with Controls and their impact on financial statements

Field of Study: Auditing

Who Should Attend: Financial/Operational Auditors, and New IS Auditors. Experienced IS auditors are welcomed to attend the course as a refresher and possibly to learn a new way of performing application audits.

Learning Objectives: The students will be able to not only understand how to perform an effective application review but actually be provided with methods and practices for performing one as soon as they return to their respective organizations.

Overview of Course Content: This two-day course provides the participants with a real world innovative way of performing application reviews. The participants will learn about scoping the review, assessing roles and responsibilities, determining the impact of financial statement integrity through the evaluation of internal, general and application controls, and evaluating the different application systems and their expected control environment. Once these concepts are understood, the course will actually walk the participants through every step of the audit process; from planning to reporting.

Course Content:

The course contains the following topics:

Application Systems Audit Scope
Relating Internal, General and Application Systems Functionality Control to Financial Statement Reliability
Various Application Platforms and their expected controls
Phase 1: Audit Planning
Phase 2: Audit Research
Phase 3: Audit Testing
Phase 4: Audit Testing Processed Data
Phase 5: Consolidated Audit Report
Appendix section

Sample Audit Programs

Click here to return to the first page

IA09-Improving Management and Employee Performance

(1 Day Format

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Business Management and Organization

Skill Level: Basic to Advance

Prerequisite No preexisting requirements

Who Should Attend: All are invited

Course Description: This one day seminar focuses on developing today’s employees and management personnel to effectively build cost effective communication and organizational skills. This includes:

How to build and maintain an effective and productive team
Establishing a baseline of understanding
Mastering effective communication skills
Acquiring Time Management skills
Becoming a successful and effective performer
and Developing form management

Click here to return to the first page

IA10 - Fundamentals of Information Systems for Audit Managers

(2 day format)

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skill Level: Introductory to Intermediate Level

Prerequisite: 3 to 5 years audit experience.

Who Should Attend: New and existing audit managers, supervisors and seniors moving into management positions.

Course Description: This two day course starts by addressing issues relating to management expectations and works through describing roles and responsibilities for information systems, also illustrating security breaches in the past and today. Specific attention or emphasis is placed on managing this technical environment and also addressing issues such as audit’s role as consultants in dealing with SOX requirements. Throughout the remaining portions of the course, the attendees are treated to selected key components of the Information Systems area that are pertinent to examination. Key issues and areas detailed include:

Identifying today’s complex systems
How organizations today create trusted environments
Assessment of General and Internal controls
Components of an Information Systems Audit
Internal Auditors as Consultants and relationship to SOX requirements
Components of planning and executing today’s Information Systems Audits
And, performing the audit in a simple but effective phased approach

Click here to return to the first page

IA11-Auditing Internal Controls

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skill Level: Intermediate

Prerequisite: Basic understanding of the operation, its current control environment (if applicable), and some basic understanding of COSO, Governmental rules and regulations (if applicable)

Who Should Attend:Accountants, Financial Analyst, Financial/Operational Auditors, Single Audit Auditors, Treasurers, Management, and those charged with responsibilities of: suggesting, implementing, evaluating and sustaining the control environment.

Learning Objectives: This course is based upon the frame work of COSO with emphasis on the establishment, delivery and continuous support of the organization’s control environment. As such, the participants will learn about the elements of internal controls, their place in the organization, methods and practices for establishing and maintaining the internal control environment.

Course Description:. To accomplish our objectives for this course, the participants will be exposed to the basic COSO structure and how the critical elements of the framework apply to their environment as a guide to effective and efficient controls. Additionally, the course will incorporate real world ideas on the quality of a control and how the participants can measure its potential impact. Included in this course are the following areas to support this learning process:

Understanding COSO’s definition of Internal Controls
Effective Management
Causes for Compensating Controls
Monitoring
Risk and how it plays a part in Internal Controls
How to measure the appropriateness of a control
Documentation and Communication Standards
How controls are organized into manageable disciplines
Financial Statement Controls
How technology impacts the Internal Control Environment
Advancements and Their Impact on State and Federal Agencies

AB01- Auditing Internet Banking(4 1/2 day format)

CPE Hours: 36

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skill Level: Intermediate Level and higher

Prerequisite It is recommended that the participants should have already taken the Introduction to Information Systems Auditing or equivalent, that they are familiar with some aspects of their regulatory environment, and are eager to move up to the front of their careers and shine.

Who Should Attend: Financial, Compliance, Operational Auditors; also, Audit Management and User Management responsible for Internet Banking.

Course Description: This four day course offers the participant with comprehensive detailed insights into auditing the highly visible and risky Internet Banking process. The material associates issues addressed by United States Banking regulators such as the OCC (using the FFIEC procedures) and Federal Reserve (using their Electronic Banking procedures). This course provides the participants with the information needed to skillfully dissect the key areas of auditing Internet Banking products/services, and associating it to regulatory requirements. A special chapter is included to address the compliance issues with the Graham Leach Bliley Act (GLB). Other areas included for discussion and evaluation are Intrusion Detection, Virus Management, Outsourcing Internet Banking, Cash Management through the Internet and Security are among the topics covered. Also, included in the work books are technology terms and sample audit steps to supplement the detailed material offered.

Click here to return to the first page

AB02- Sarbanes Oxley (SOX) and the Banking Industry

(Two Day Format)

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skill Level: Intermediate Level and higher

Prerequisite: 1 year Audit Experience andparticipants should have already taken the Introduction to Information Systems Auditing or equivalent, and that they are familiar with some aspects of their regulatory environment.

Who Should Attend: Financial, Compliance, Operational Auditors; also, Audit Management and User Management .

Course Description

This course is designed for all banking audiences including the auditors. The material cuts through the mounds of pages found in today’s regulations and pin points key areas needing attention. The course contains the following topics:

Fundamentals of the Act Back when and Now
Internal Control Reports
New Corporate and Regulatory Governence Standards
SOX Affect on Regulatory Supervision
SOX Examiner Key Focus
Internal Audit services

Click here to return to the first page

AB03- Bank Secrecy ACT (BSA)/Anti Money Laundering (AML) Auditing and Compliance---Not availabel until August 2007

(Two Day Format)

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Suggested Field of Study: Auditing

Skill Level: Intermediate Level and higher

Who Should Attend: Financial, Compliance, Operational Auditors; also, Audit Management and User Management .

Course Description: This course comprehensively illustrates and enhances the participants knowledge into BSA/AML, the Patriot Act and the role of the FINCen. The learning objectives of this course is to ensure that the participants are aware of the requirements, and the repercussion with not complying. Also, the participants will learn how to utilize Internal Audit and/or the Compliance Office to ensure adequacy an quality of the process. The course contains the following topics:

Impact 911 has had on the BSA/AML
Explaining what BSA/AML is all about
Patriot Act
FINCen and their role
Web filing
Internal Audit and Compliance office oversight and involvement

Click here to return to the first page

AIT01B-Information Security Fundamentals

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 1 year of IT audit experience.

Who Should Attend: IT auditors, IT audit managers, IT supervisors and non IT audit staff wishing to increase their knowledge in IT security. Also, any IT manager and IT professionals, Data Security Administrators are all welcomed.

This course provides an overview of information security for anyone new to the field. Geared to the new IT auditor, Security Manager or anyone thrust into this exciting area, it provides a comprehensive perspective, touching on all aspects and providing you with a sound basis for understanding what is involved in IT Security today.

This is also a great seminar for those aspiring to obtain their CISSP, CISM or CISA designation. The session can be used to determine what key areas the student may be weak in and need additional study prior to taking the exam.

Attendees will learn that IT Security includes an immense area and touches almost every aspect of business. The course will ensure that you gain an understanding of all the key areas, as well as become conversational in the terminology of the security world. The seminar will focus on both technology and management practices, ensuring that you are aware of the full compliment of elements necessary for a good security program.

Finally, you will also learn about key standards and practices and related methodologies such as COBIT, ISO 17799 and the International Information Systems Security Certification Consortium (ISC2). These will help provide you with an understanding of where the field is heading and help prepare you for the future.

Key topic areas include:

1.Policies, Standards and Procedures, including ISO 17799
2.Security Architecture/Model/Strategy
3.Training and Security Awareness
4.The Security Organization
5.Understanding Cobit, GSSP and ISC(2)
6.Understanding and Using effective Risk Management
7.Ethics and Investigations
8.Physical Security
9.Disaster Recovery and Business Continuity Planning
10.Security Monitoring and Reports
11.Network Security
12.Access Controls and Operating Systems
13.Database Security Controls
14.Encryption
15.Network Penetration, issues and controls

Click here to return to the first page

AIT02J-Auditing E-Commerce Applications

CPE Hours: 24 (this seminar is also presented in a two day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience and/or active involvement in auditing e-commerce solutions. Also IT professionals who have an interest in this subject and/or responsible for supporting e-commerce products.

Who Should Attend: IT Audit Managers, IT Auditors, IT Managers and IT professionals

Course Description: This seminar will present a practical framework for understanding and auditing e-commerce infrastructures and application systems environments.

Seminar Highlights
Live e-commerce environment and application system presented in class to demonstrate key concepts and audit areas /steps

Demonstration and discussion of audit tools and techniques
Background on E-Commerce Models

B2BB2C
ISP / ASP
Understanding E-Commerce Risks
System Development
Network Application

E-Commerce Audit

Application System Components and Controls, including client side (web browser)controls and issues. (This will include identification & authentication, access to resources; and audit trails)
Web Server configuration audit (with specific focus on Microsoft Internet Information Server)
Application and Database Server configuration and audit
Network Infrastructure Audit including firewalls and routers
IDS Deployment Audit

Security and Audit Tools & Techniques

Demonstrations of audit tools and techniques
Useful reference material

Click here to return to the first page

AIT03J-Internet Security & Control

CPE Hours: 24 (This seminar can also be presented in two days)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites: 2 years IT audit experience , and/or IT professionals with responsibilities in this area. Non IT auditors are also invited to attend but should have a working understanding of technology and its control environment.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professional staff and Financial/Operational Audit manager and staff.

Course Description: This seminar provides the participants with a thorough understanding of the threats and risks associated with doing business on the Internet. It is designed to provide basic understanding of the environment as well defining the advanced facilities needed to function in this environment.

Seminar Highlights

Internet Concepts
TCP/IP Security
Internet Threats & Vulnerabilities
World Wide Web (WWW) Security Firewall Concepts & Issues
Security Tools & Techniques

Click here to return to the first page

AIT04J-Auditing FireWall-1

CPE Hours: 24 (This seminar can also be presented in one and two formats)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors and IT Auditors. And, IT professionals wishing to enhance their understanding of firewalls and the risk addressed by the Audit Department.

Seminar Overview

This seminar will provide a detailed technical discussion and suggested audit approach to assessing an organizationâ™s Checkpoint Firewall-1 implementation

Seminar Overview

This seminar will provide a detailed technical discussion and suggested audit approach to assessing an organization’s Checkpoint Firewall-1 implementation

Firewall Concepts & Issues

Firewall Security Architectures
Packet Filtering
Stateful Inspection
Application Level Proxies
Network Address Translation
Technical Firewall Audit

Note: Checkpoint Firewall-1 configurations will be used for example purposes

Firewall Security Policy

Firewall Configuration Parameters
OS Security & Hardening
Network Interfaces and DMZ
IP Forwarding
Packet Filter Rules
Stateful Inspection Rules
Application Proxy Rules
Firewall Logging
Intrusion Detection
Firewall Administration

Security Tools & Techniques

Security and Audit Testing Approaches
Security Toolkit
Audit Checklist Network Vulnerability and Penetration Testing

Security & Audit Resources

Security References
WWW & FTP Sites
Mailing Lists/Advisories
Firewall Newsgroups
Firewall Security Publications

Click here to return to the first page

AIT05J-Technical Audit of Firewall Implementation

CPE Hours: 24 (This seminar can be delivered in a two day format)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate/Advance

Prerequisites:A minimum of 2 years audit experience and/or active involvement in auditing firewalls, and IT personnel interested in learning about audits involvement and their focus in firewall audits.

Who Should Attend: Auditors with four or more years in IT Audit and Network personnel.

Seminar Highlights

Firewalls are used in today’s business environments to protect Internet, Extranet, Intranet, VPN and internal network segments. Different types of architectures and technologies can be deployed to provide required levels of security.

This seminar will provide a detailed technical discussion and suggested audit approach to assessing an organization’s firewall implementations.

A live firewall environment will be used in class to demonstrate key concepts and audit areas.

.Firewall Concepts & Issues

Firewall Security Architectures
Firewall Design Issues
Packet Filtering
Stateful Inspection
Application Level Proxies
Hybrid Firewalls
Appliance Firewalls
Network Address Translation
Commercial Firewall Products

Technical Audit Areas
(Note: Checkpoint Firewall-1 and Cisco Pix Firewall configurations will be used for example) purposes
Firewall Security Policy

Firewall Configuration Parameters
OS Security & Hardening
Network Interfaces and DMZ
IP Forwarding
Packet Filter Rules
Stateful Inspection Rules
Proxy Rules
Firewall Logging
Intrusion Detection
Administration

Security and Audit Testing

Security Tools & Techniques
Security Toolkit
Audit Checklist
Network Vulnerability and Penetration Testing

Security & Audit Resources

Security References
WWW & FTP Sites
Mailing Lists/Advisories
Firewall Newsgroups
Firewall Security Publications

Click here to return to the first page

AIT06J-Auditing Risk and Controls in Client/Server Environments

CPE Hours: 36 (This seminar can also be delivered in 2,3 and 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate/Advance

Prerequisites:A minimum of 2 years ITaudit experience.

Who Should Attend: All IT Auditors

Seminar Description

Today’s client server application system environments are complex in terms of technologies and connectivity between components that support the application systems. Security and control decisions are made at many layers of the environment. In addition, many application systems are now web-enabled which introduces key security and control issues that need to be addressed. The focus of the seminar is to understand client server architectures, how to identify components and how to perform an audit of security and control mechanisms in the client server architecture including operating systems, web servers, application servers, database servers and network security components.

Highlights:

Live client/server environment used for demonstration and discussion purposes
Audit case studies
Demonstration of audit tools and techniques
Audit Checklist

Seminar Contents:

Part I - System Architecture Components
Part II - N-Tier Application System Architecture
Part III - Web Application System Architecture
Part IV Session Summary

Part I Client/Server System Architecture Components

Client tier components
Application tier components
Data tier components
System interfaces
Application System Functional Security
Network Security components
How to identify, document and evaluate

Part II - N-Tier Application System Architecture Example

System Architecture DiagramExplanation of key security mechanisms
Audit Questions
Windows NT/2000 Security Controls
Unix Security Controls
Application Server Security Controls
Database Security Controls

Part III - Web Application System Architecture Example

System Architecture Diagram
Explanation of key security mechanisms
Key Audit Questions
Operating System Security Controls
Web Server Controls
Application Server Security Controls
Database Security Controls
Network and Firewall Security Controls

Part IV Resources and Reference Material

Click here to return to the first page

AIT07J-Audit of Firewall and Router Security

CPE Hours: 36 (This seminar can also be delivered in 2,3, and 4 formats)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate/Advance

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Auditors meeting the above experience criteria

Seminar Description

Firewalls and routers are used in today™s business environments to protect Internet, Extranet, Intranet, VPN and internal network segments. Different types of architectures and technologies can be deployed to provide required levels of security.

This seminar will provide a detailed technical discussion and suggested audit approach to assessing an organization™s router and firewall implementations.

Seminar Highlights

A firewall environment and case studies will be used in class to demonstrate key concepts and audit areas.

1.Firewall Concepts & Issues

Firewall Security Architectures
Firewall Design Issues
Packet Filtering
Stateful Inspection
Application Level Proxies
Hybrid Firewalls
Appliance Firewalls
Network Address Translation
Commercial Firewall Products

2.Cisco Router Audit

Overview of Cisco routers
Cisco IOS software functions
Use of Cisco Routers in firewall architectures and solutions
Use of access control lists (ACL) for packet filtering
Examples of packet filters which can be used to provide different levels of security
Router Logging and Intrusion Detection mechanisms
Router management via console; telnet and SNMP
Access and Enable verification passwords
Network management issues
Router network vulnerability and penetration testing
Security and audit tools
Security references on Cisco routers

3.Technical Firewall Audit

Note: Checkpoint Firewall-1 and Cisco Pix Firewall configurations will be used for example purposes

Firewall Security Policy
Firewall Configuration Parameters
OS Security & Hardening
Network Interfaces and DMZ
IP Forwarding
Packet Filter Rules
Stateful Inspection Rules
Application Proxy Rules
Firewall Logging
Intrusion Detection
Firewall Administration

4.Security Tools & Techniques

Security and Audit Testing Approaches
Security Toolkit
Audit Checklist
Network Vulnerability and Penetration Testing

5.Security & Audit Resources

Security References
WWW & FTP Sites
Mailing Lists/Advisories
Firewall Newsgroups
Firewall Security Publications

Click here to return to the first page

ODS01J-Audit & Security of Windows 2000

CPE Hours: 36 (this seminar can also be presented in 2, 3 and 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 1 or more years IT audit experience. IT professionals who with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Supervisors, IT auditors and new IT auditors, and IT professionals

Seminar Description

This seminar will focus on the audit and security issues related to the use of Windows 2000 and 2003 Server Operating Systems.

Seminar Highlights

Detailed discussion of Windows 2000 architecture and security components
Use of Windows 2000/2003 server operating systems to demonstrate key security features
Demonstrations of Windows 2000 security and audit tools
Discussion of Windows 2003 Server security features

Seminar Contents

1.Windows 2000 Concepts
   Overview of Windows 2000
   Versions (including Windows 2000 Professional)
   Service Packs & Hotfixes

2.Understanding Windows 2000 Security Components
   Active Directory Services (ADS)
   Kerberos Authentication Services
   Group Policy
   Security Configuration Toolset
   Encrypting File System (EFS)
   IPSec

3.Windows 2000 Security and Control Issues
   ADS Access Control & Permissions
   Windows 2000 Domains
   Trusts
   Group Policy
   User Accounts and Groups
   Kerberos & NTLM Authentication
   Resource Access Controls
   Audit Facilities “ Event Logs
   Network Security
   Security Administration

4. Auditing the Windows 2000 Environment
   Audit Objectives
   Automated Tools/ Scripts for Audit Testing
   Approach to Windows 2000 Security Audit

5.Security and Audit Tools & Techniques
   Demonstrations of Windows 2000 Security Tools
   Windows 2000 Resource Kit
   WWW Sites related to Windows 2000 Security & Control

Click here to return to the first page

ODS02J-Audit & Security of Windows 2003

CPE Hours: 36 ( this seminar can also be delivered in 2,3, and 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience, IT professionals with responsibilities in the subject area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description

This seminar will focus on the audit and security issues related to the use of Windows 2003 Server Operating System.

Seminar Highlights

Detailed discussion of Windows 2003 architecture and security components
Use of Windows 2003 server operating systems to demonstrate key security features
Demonstrations of Windows 2003 security and audit tools
Discussion of new Windows 2003 Server security features, including default security settings, security hardening steps and use of the new Group Policy Management Console (GPMC)

Seminar Contents:

1. Windows 2003 Concepts
   Overview of Windows 2003
   Versions
   Service Packs & Hotfixes

2. Understanding Windows 2003 Security Components
   Active Directory Services (ADS)
   Kerberos Authentication Services
   Group Policy
   Security Configuration Toolset
   Encrypting File System (EFS)
   IPSec3.Windows 2003 Security and Control Issues
   ADS Access Control & Permissions
   Windows 2003 Domains
   Trust Relationship Mechanisms
   Group Policy
   User Accounts and Groups
   Kerberos & NTLM Authentication
   Resource Access Controls
   Audit Facilities “ Event Logs
   Network Security
   Security Administration

4. Auditing the Windows 2003 Environment
   Audit Objectives
   Automated Tools/ Scripts for Audit Testing
   Approach to Windows 2003 Security Audit

5. Security and Audit Tools & Techniques
   Demonstrations of Windows 2003 Security Tools
   Windows 2003 Resource Kit
   WWW Sites related to Windows 2003 Security & Control

Click here to return to the first page

ODS03J-Unix Security & Audit

CPE Hours: 24 ( this seminar can also be presented in 1, and 2 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/ Intermediate

Prerequisites:A minimum of 2 years IT audit experience. And IT professionals new to this area and those with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, and IT professionals.

Seminar Description

This seminar will focus on the audit and security issues related to the use of Unix Operating Systems.

Seminar Highlights

Detailed discussion of Unix security mechanisms
Use of Linux operating system to demonstrate key security features and audit tests
Audit Checklist and Script

Seminar Contents:

1. Introduction to Unix and TCP/IP

   Unix Overview
   TCP/IP Fundamentals

2.Unix Security & Audit Areas

   User Accounts
   etc/passwd & etc/shadow
   Security configuration files and settings
   Controlling Root and privileged users
   Unix Groups
   Directory & File Permissions
   Set UID / Set GID Programs
   Unix Logging Mechanisms
   Syslog Facility
   Security Bulletins and Patch Management
   Using Tripwire or md5sum

3.TCP/IP Security

   TCP/IP Security Overview
   TCP/IP Services “ security and audit issues
   Using Nmap and Nessus tools to perform Unix vulnerability assessments

4. Audit Tools and Techniques

   Audit Approach
   Audit Checklist
   Shell scripts for audit
   Public Domain Security and Audit Tools
   Unix Security References
   WWW References

Click here to return to the first page

ODS04J-Linux Security & Audit

CPE Hours: 16 ( this seminar can also be presented in a 1 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals new this area or existing IT professionals desiring to learn the required control environment needed to support this environment.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

This seminar will focus on the audit and security issues related to the use of Linux Operating Systems. The principle objectives are to:

Understand Linux Operating System security and control mechanisms
Understand TCP/IP Services available on Linux OS
Demonstrate tools and audit scripts for audit of Linux workstation or server
Provide audit approach to Linux security assessment

Highlights:

Detailed discussion of Unix security mechanisms
Use of Linux operating system to demonstrate key security features and audit tests
Audit Checklist

Course Contents:

1. Introduction to Linux and TCP/IP

Linux Overview
TCP/IP Fundamentals

2. Linux Security & Audit Areas

User Accounts
etc/passwd & etc/shadow
Startup files
Security configuration files and settings
Controlling Root and privileged users
Linux Groups
Directory & File Permissions
Set UID / Set GID Programs
Logging Mechanisms
Syslog Facility

3. TCP/IP Security

TCP/IP Security Overview
TCP/IP Applications “ security and audit issues

4. Audit Tools and Techniques

Audit Checklist
Shell scripts for audit
Security and Audit Tools
Linux Security References

Click here to return to the first page

ODS05J-Database Security & Audit

CPE Hours: 36 ( this seminar can be presented in 2, 3, and 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

The focus of this seminar will be on the audit, control and security issues related to the use of database management systems in today™s business environments. A specific focus of the track will be security and audit of Oracle 8i/9I and Microsoft SQL Server 2000 environments. Learn practical approaches and techniques for evaluating the implementation of database security and control in a client-server environment.

Seminar Highlights

Particular attention will be given to security and audit complexities of Internet and web application system environments as well as examining the control exposures that can arise.

Live demonstrations using Oracle 9i & SQL Server 2000 database environments and detailed case studies will reinforce the principles presented.

Seminar Contents:

1.Database Concepts

Relational database concepts
Database objects (tables, views, stored procedures, triggers)
Database schemas, instances
Database design overview
SQL components
SQL examples
ODBC
Using SQL as an audit tool

2.Audit and Control Issues in Database Environments

Database security in client-server environments
Internet applications utilizing web server and database server

3.Comparison of Oracle and Microsoft SQL Server Security

Database server versions
Architecture and components
Audit & Control objectives
Initialization parameters
Data dictionary
Database connection
Identification and authentication
Password administration
System and object privileges
Tables and views
Stored procedure security
Controlling user resources
Audit trails and security logs
Utility programs
Role of operating system security
Known security vulnerabilities
Security patches

4.Audit & Security Tools & Techniques

Audit Testing Approaches
Audit Toolkit
Audit Checklist
Database Vulnerability and Penetration Testing

5.Security & Audit Resources

Audit & Security References
WWW & FTP Sites
Mailing Lists/Advisories
Newsgroups
Database Security Publications

Click here to return to the first page

ODS06J-Audit & Security of Oracle

CPE Hours: 40 ( this course can also be presented in 1,2,3, or 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with experience in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

This seminar will focus on the audit and security issues related to the use of Oracle versions 8I and 9i. Practical approaches and techniques will be reviewed for evaluating the implementation of Oracle in a client/server environment. Particular attention will be given to security and audit complexities of the Oracle environment as well as examining the control exposures that can arise.

Seminar Highlights

A live Oracle environment will be used for demonstration purposes.
Detailed case studies will be used to demonstrate key concepts and audit review steps.
A detailed audit checklist to perform an Oracle Audit and Security Review will be provided.
Topics to be covered include:

Seminar Content

1.Oracle Database Concepts

Relational Database Concepts
Database Objects (Tables, Views, Stored Procedures, Triggers)
Oracle Versions
Oracle Components
Oracle Instances

2.SQL Components

DDL, DML, DCL
GRANT/REVOKE Statements
PL/SQL Examples

3.Oracle Database Security

Security and Audit Objectives
Operating System Security
Initialization Parameters
Oracle Listener
Oracle Data Dictionary
Database Connection
Oracle User Accounts
Password Administration
System Privileges
Object Privileges
Oracle Roles
Oracle Audit Trails
Database Links
Backup & Recovery
Advanced Security Features e.g. Virtual Private Databases

4.Audit & Security Tools & Techniques

Audit Testing Approaches
Audit Toolkit
Audit Checklist
Database Vulnerability and Penetration Testing

5.Security & Audit Resources

Audit & Security References
WWW & FTP Sites
Mailing Lists/Advisories
Newsgroups
Database Security Publications

Click here to return to the first page

ODS07J-Audit & Security of Microsoft SQL Server

CPE Hours: 32 (this course can also be delivered in 1 or 2 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

The focus of this seminar will be on the audit, control and security issues related to the use of Microsoft SQL Server 2000. Participants will learn practical audit approaches and techniques for evaluating the database security and control in a Microsoft SQL Server environment.

Seminar Highlights

Live demonstrations using an SQL Server 2000 database environment and a detailed case study will reinforce the principles presented.

Seminar Contents

SQL Server Architecture and components
Audit & Control objectives
Key security configuration parameters
SQL Server Authentication Modes
SQL Server Logins
Database Users
Server and Database Roles
Statement and Object Permissions
Extended Stored Procedures
Audit trails and security logs
Operating system security requirements
Known security vulnerabilities
Security patches
Audit Testing Approaches
Security and Audit Toolkit
Audit Checklist

Click here to return to the first page

ODS08B-Audit, Control and Security of Windows NT

CPE Hours: 12

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

IS audit professionals need to keep up with the rapidly changing systems and architectures in the information technology profession; this includes being fully competent and confident to evaluate new operating systems and the pitfalls and risks associated with them. This one and one-half day workshop provides the basis for understanding Microsoft Windows NT Server, its components, architecture, vulnerabilities and potential risks.

It will provide a baseline set of controls used to perform a rudimentary compliance check, as well as practical, effective approaches, tools and techniques for reviewing the security and control of the NT server. It will provide live demonstrations of the NT Server 4.0 operating system. The participant will receive useful reference guides and learn about various audit tools to help automate and facilitate the audit process.

Click here to return to the first page

ODS09B-Windows 2000 Active Directory

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

Active Directory Services is the newest generation of distributed security and authentication for Microsoft Windows 2000 platform. This session will focus on exploring the unique security issues present within deployment and use of Active Directory within an organization. It will discuss auditing guidelines, areas of focus for security assessments and new areas where additional training and resources will be required to maintain a secure environment based upon Microsoft's Active Directory.

The participant will learn more about:

What is new in Windows 2000 active directory services
The basic gains and exposures
What is available to manage these risks

Click here to return to the first page

ODS10B-Tools for Administering Windows NT (and NT4)

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

Click here to return to the first page

ODS11B-Windows 2000 Group Policy & IPSEC

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate

Prerequisites:A minimum of 3 years IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

This seminar explores Group Policy to ensure you fully understand this complex mechanism. After reviewing the concepts you will learn how to exercise complete control over your Windows environment, including how to increase or decrease security depending upon your business needs. You will learn how Group Policy flows and how it can be controlled across the environment, adding or removing security as needed. Finally, Group Policy can be used to harden security over your production servers and workstations as well as ensuring that your Internet based systems contain even tighter levels of control. This seminar will show you how to effectively use this important aspect of Windows 200 and XP.

Finally, we will deal with enhancing security through the use of IPSEC. This security protocol is imbedded within Windows 2000 and offers a significant level of protection for your network. It begins with a clear understanding of how IPSEC works including the theory and underlying architecture. From there, you learn how to implement it within your network in various practical ways. These include securing network traffic from one workstation to another, one workstation to a server or on a group by group basis.

Click here to return to the first page

ODS12B- Auditing The Operating System A Systematic Approach

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 1 year IT audit experience. IT professionals with responsibilities in this area.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, IT professionals

Seminar Description:

The new auditor or information security manager may not always be aware of the security mechanisms available in each of the operating systems in use throughout their firm. However, by understanding the basic components of operating systems and their security the auditor can understand what needs to be accomplished while the manager can help ensure that staff remain focused on the appropriate controls.

The course will focus on understanding and auditing any O/S. It will begin with the system architecture and how operating systems provide security. This will include the core concepts of identification, access control and monitoring. You will then learn what security mechanisms are available, the various types of security and control policies, how to review users and groups and what audit and system logs should be available. You will also learn about the various file and directory controls available. In addition, you will see how some systems interact across domains and across operating systems. You will also discover why it is still important to maintain physical security. Finally, you will be better able to discuss the pros and cons of various security levels to help ensure that you implement the appropriate level of security in your business.

This course takes the participant through an effective approach to auditing any operating system. Examples used will be drawn from many popular operating systems such as Windows NT, OS/390, UNIX, VAX/VMS, Windows 2000, NetWare and others which are found in almost all business' information technology environments.

The session will cover many important areas, including:

the system architecture and how operating systems provide security
the core concepts of identification, access control and monitoring
what security mechanisms are available and the various types of security and control policies
how to review users and groups and what audit and system logs should be available
the various file and directory controls available and how systems interact across domains and across operating systems
The course includes a sample audit checklist that helps place it all in perspective and provides a tool for you to use back in the office.

Click here to return to the first page

NSA01J-Introduction to TCP/IP

CPE Hours: 24 ( this course can be delivered in 1 and 2 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Auditors

Seminar Description:

This seminar will focus on providing auditors with a basic understanding of TCP/IP protocols and networking.

Seminar Highlights

Understanding of TCP/IP audit issues
Use of live TCP/IP network to demonstrate key concepts and audit tools

Seminar Content

1.Understanding TCP/IP

TCP/IP Network Fundamentals
IP Protocol
ICMP Protocol
TCP and UDP Protocols
TCP/IP Application Protocols
IP Addressing
Domain Name Service (DNS)
Network Routing

2.TCP/IP Applications

Understanding security in TCP/IP applications
Role of Operating System security
Threats & Vulnerabilities
Dangerous TCP/IP Services
SANS Top 20 vulnerabilities as they relate to TCP/IP

3.Audit Tools and Techniques

Audit Checklist for TCP/IP network audit
Using standard network tools for audit purposes “ ping, traceroute, snmp
Network Discovery Tools
Information Gathering Tools
TCP/IP Port Scanning Tools - nmap
Packet Capture & Analysis Tools “ tcpdump, ethereal, ettercap, dsniff
Vulnerability Assessment Tools - nessus

4.Security Controls

Firewall and network segmentation concepts
Encryption
IDS Concepts
Virtual Private Networks (VPN) concepts

5.Security & Audit Resources

Security-related Web sites
Mailing Lists/Advisories
Books/Periodicals

Click here to return to the first page

NSA02J-Network Security Fundamentals

CPE Hours: 40 ( this course can also be delivered in 2, 3, and 4 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, IT Auditors, and IT professionals that have network responsibilities.

Seminar Description:

This seminar will focus on providing an understanding of TCP/IP protocols, networking and network security fundamental

Seminar Highlights

Understanding of TCP/IP audit issues
Use of live TCP/IP network to demonstrate key concepts and tools, including firewall and IDS demonstrations
Detailed Case Studies to illustrate key network security concepts

1.Understanding TCP/IP Networks

TCP/IP Network Fundamentals
IP Protocol
ICMP Protocol
TCP and UDP Protocols
TCP/IP Application Protocols
IP Addressing
Domain Name Service (DNS)
Network Routing
IPSEC
IPv6

2.TCP/IP Applications

Understanding security in TCP/IP applications
Role of Operating System security
Network Risk Assessment
Network Security Threats & Vulnerabilities
Dangerous TCP/IP Services
SANS Top 20 vulnerabilities as they relate to TCP/IP

3.Network Security Controls

Network Security Architecture and Design
Firewall and network segmentation concepts
Security for Internet-accessible network segments (e.g. E-Commerce network environments)
Routers and switches, including VLAN Security
Virtual Private Networks (VPN) concepts
Remote Access Security
Wireless Network Security
IDS Concepts
Intrusion Response and Incident Handling

4.Network Security & Audit Tools and Techniques

Checklist for TCP/IP network security review
Standard Network Tools
Network Management Tools for security and audit purposes
Network Discovery Tools
Information Gathering Tools
TCP/IP Port Scanning Tools
Packet Capture & Analysis Tools
Network Vulnerability Assessment Tools

5.Security & Audit Resources

Security-related Web sites
Mailing Lists/Advisories
Books/Periodicals

Click here to return to the first page

NSA03J-20 Key Tools for a Network Security Audit

CPE Hours: 24 ( this course can be delivered in 1 or 2 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:IT Auditors and IT professionals with Basic Understanding of TCP/IP

Who Should Attend: IT Auditors, IT professionals

Seminar Description:

The session will discuss 20 key tools and techniques that can be used to perform a comprehensive network security assessment. Demonstration of tools and practical tips on using the tools will be a main focus of the session.

Seminar Highlights

The session will use a live TCP/IP network with Windows and Unix operating systems to demonstrate network mapping and discovery; TCP/IP port scanning, network vulnerability assessment tools and network packet capture and analysis tools. A structured approach to network security assessment from an auditor™s perspective will be discussed and used to provide the framework for the practical use of tools and techniques.

Seminar Contents:

Audit Approach to Network Security Assessments
Standard Network Utilities for network mapping and information gathering
SNMP tools for auditing
Port Scanning and OS Fingerprinting Tools
Network Vulnerability Identification and Assessment Tools
Firewall and Router Audit Tools
Wireless Audit Tools
Dial-up / Remote Access Audit Tools
Network Traffic Capture and Analysis Tools

Click here to return to the first page

NSA04J-Network Penetration Tools & Techniques

CPE Hours: 32 ( this seminar can be delivered in 1, 2, or 3 formats)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate

Prerequisites:A minimum of 3 years IT audit experience.

Who Should Attend: IT Audit Manager, IT Supervisors, IT Auditors, Data Security Administration, Firewall Administrators, and Network Administrators

Seminar Description:

This technical session will include explanations and live demonstrations of the penetration tools and techniques available to take advantage of network security exposures.

Areas covered will include network entry, physical access to cable, password œgrabbers and Trojan horses, Ethernet packet capture and analysis, remote workstation operations and other related areas.

Seminar Highlights:

An Ethernet network with the TCP/IP communication protocols, Unix and Windows 2000 operating systems will be used to provide live demonstrations of cracking tools and network penetration techniques.

Seminar Contents:

Network Penetration Techniques Part 1 (Information Gathering)

ping
traceroute
ping sweeps
banner grabbing
os fingerprinting
host enumeration
tcp/ip service port scanning
null sessions
snmp

Network Penetration Techniques Part 2 (Vulnerability Identification & Exploit)

Unix and Windows exposures

physical access exposures
network file sharing
trojan horse programs
password cracking
escalation of privilege
remote control
Network Sniffing
Web Server exploits
Database Server exploits

Security Tools

Network Tools & Utilities
Vulnerability Scanning Tools
Host-based Auditing Tools

Penetration Safeguards

Current Security Measures
Hardening Guidelines
Network Security Products
Encryption Techniques
Integrity Checking
Intrusion Detection Tools
Logging and Audit Mechanisms

Sources of Hacking Tools and Techniques

Newsgroups
Security Mailing Lists
WWW and FTP Sites
Security References

Click here to return to the first page

NSA05J-Audit & Security of CISCO routers

CPE Hours: 16 (this course can be delivered in a 1 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Intermediate/Advanced

Prerequisites:A minimum of 4 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Seminar Description:

Cisco routers are prevalent in today’s wide area network communications environments. In addition to providing routing of network protocols, including TCP/IP, Cisco routers provide a number of security and control mechanisms, primarily focused on packet filtering, which can be used to protect both Internet connections and provide partitioning of a company’s network segments. This seminar will provide a detailed approach to auditing router configurations and security settings

Seminar Highlights

Sample router configurations and an audit checklist will be provided in the seminar material

Seminar Contents:

Overview of Cisco routing and switching products
Cisco IOS software (for example 11.x and 12.x) in use and associated functions
Use of Cisco Routers in firewall architectures and solutions
Use of access control lists (ACL) for packet filtering
Examples of packet filters which can be used to provide different levels of security
Router Logging and Intrusion Detection mechanisms
Security Issues relating to router management via console; telnet and SNMP
Access and Enable verification passwords and related security issues
Network management issues
Router network vulnerability and penetration testing
Security and audit tools
Security references on Cisco routers

Click here to return to the first page

NSA06J-Data Communication Security

CPE Hours: 32 (this course can be delivered in 2, or 3 day formats)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Seminar Description:

This seminar will focus on audit methodologies, tools and techniques to perform security audits of network infrastructure components.

Seminar Highlights

Detailed discussion of network security infrastructure audit
Use of TCP/IP network environment to demonstrate key concepts
Demonstrations of network security audit tools and techniques
Focus on Financial Institution network environments
Sample Audit Checklists

1.Network Components and Technologies

Network Architecture and Design
Internet / E-Commerce Infrastructures
Firewall Infrastructure
Virtual Private Networks
Remote Dial-in Access
Network Encryption Techniques

2.Network Security Risks

Network Perimeter Security
Confidentiality, Integrity and Availability Risks

3.Network Security Audit

Network Perimeter
LAN / WAN Security
Firewall and Router Audit
Audit of Intrusion Detection System (IDS) Deployment
VPN Audit
Switches and VLANs
Remote Access (Dial-in) Audit
Outsourced Network Services

4. Audit Tools and Techniques

Audit Scope & Objectives
Automated Tools/ Scripts for Audit Testing
Network Mapping & Discovery Tools
Fingerprinting Tools
Port Scanning Tools
Vulnerability Scanning Tools
Network Security Audit Checklist

Click here to return to the first page

NSA07B-Understanding and Security TCP/IP Networks

CPE Hours: 16

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Transmission Control Protocol/Internet Protocol (TCP/IP) is an extremely popular network protocol used to link computers and transfer data. While using TCP/IP brings tremendous opportunities for sharing and obtaining information, it also introduces a whole new series of security exposures. This one and one half-day workshop will explore the fundamentals of TCP/IP, including details on the physical network media, lower-level protocols, and devices. It will explain how TCP/IP enables the exchange of information between client and server processes covering the common TCP/IP-based applications. Finally, it will consider the mechanisms and procedures to address the security and audit exposures identified.

Click here to return to the first page

NSA08B-A Systematic Approach to Attack and Penetration Testing

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

This full-day seminar will provide a slightly different focus than some of the other network penetration seminars. It will introduce a step by step approach to test a network for vulnerabilities. It begins by outlining an attack and penetration process using a checklist. This checklist details all the steps to complete an extensive audit of the environment and includes a list of tools and web sites to obtain additional information. Following the overview, the workshop will demonstrate attacks on web servers, the network and routers, as well as network sniffing and other methods for stealing user information and performing denial of service attacks. It will explain a number of tools and techniques for these attacks. The workshop will demonstrate how to test for workstation vulnerabilities using keystroke grabbers and other techniques. Finally, it will look at operating systems: how to protect them and testing them with proven penetration attacks. The workshop will review attacks against NetWare, UNIX, Windows NT, Windows 2000 and Windows XP. While not all tools and techniques can be demonstrated due to equipment needs, participants will witness a large number of attacks against the instructor's demonstration network.

Click here to return to the first page

NSA09B-Fundamentals of Encryption

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Perhaps you think of encryption as some elaborate technique that really has no practical application outside of the military. However, at the same time you are hearing and reading about the risks posed to your business data due to threats across the network and Internet, stolen laptops and intercepted electronic mail. Can you really protect this information against unauthorized disclosure or modification?

What the Seminar Includes:

This seminar provides you with an understanding of what encryption is and how you can use it to protect your important data. During this session you will learn how to use practical, effective tools and techniques for encrypting data and electronic mail. First you will develop a solid understanding of private and public key techniques. We will also consider how the different types of keys function and how they are managed. You will then examine a number of actual encryption applications, including demonstrations of encryption packages. You'll learn how IPSEC can secure all your transactions whether peer-to-peer or client server based.

Throughout the seminar you are exposed to live demonstrations of the different techniques and products, helping enhance your understanding of this key area.

Click here to return to the first page

NSA10B-Network Security & Authentication

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

IT/IS audit professionals are required to review information security on an ongoing basis. The IT/IS auditor must have a solid understanding of information security, especially at the network level to perform detailed security reviews. This seminar deals with understanding and auditing a network environment and begins with a quick review of key terms and technologies before moving into more detailed discussion. The attendee begins by exploring TCP/IP fundamentals to ensure that the foundation is well understood.

The seminar will then focus on examining network authentication methods, technologies, and encryption. Attendees will learn how to audit this critical aspect of their network, while viewing demonstrations of how the various methods work. Next, we will study network threats and possible solutions, as well as how to use penetration vulnerability testing to help ensure the network remains secure. The seminar then looks at critical security controls for popular operating systems, focusing on hardening these machines.

It ends with a detailed lecture on the new wireless technologies, how they are transforming the network, and the risks and need for controls.

Review of TCP/IP fundamentals
Network Authentication methods
Firewalls
Router controls
VPNs
Securid
Metaframe, etc
Network Penetration - An update
Advanced Operating System Controls
Windows NT
Windows 2000
Auditing and logs - managing potential incidents
Wireless networks - Security & Control
Incident Response - Building a CSIRT (1 day)

The purpose of building a Computer Security Incident Response Team is to enable an adequate, informed and effective response to security incidents. An incident response procedure defines a predictable response plan to a wide spectrum of Information Technology Security Incidents. Between them, your organization will be prepared to manage and contain any incidents that occur, supporting the organizations Code of Conduct, Information Security Policy and Security Standards.

In this seminar, the attendees will learn the key aspects of such a team and how to pull all the parts together to create a viable entity for responding to incidents on a timely manner. We will define the various roles and responsibilities, learn the key players, understand the steps the team should take and review the post-mortem processes.

By creating, understanding and following sound security incident processes, Canadian Tire will be better prepared to take action should the unthinkable occur.

Click here to return to the first page

NSA11B-Wireless Security

CPE Hours: 16 (this course can be delivered in a 1 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Today's networks are complex and wide-spread. More and more organizations are implementing and using wireless configurations for executives, tablet PCs and a rising number of other scenarios. These new wireless network technologies are increasing in frequency and the resulting vulnerabilities are introducing unprecedented levels of risk. In many cases, organizations are vulnerable without even knowing they are at risk.

These risks can be controlled. This 2-day seminar will provide the attendee with not only a detailed understanding, but with techniques and tools to use for verifying the security and controls within their wireless network, including valuable hands-on demonstrations! Attendees will see a live wireless LAN environment in class for key concepts and security, audit and control experience.

Seminar Highlights include:

History and Types of Wireless Networks
M-Commerce and Data.
Live wireless LAN network
Learn set up and control options and architectures.
802.11 Security and Architecture
The architecture. All versions and their controls and weaknesses.
Learn new audit and security tools and techniques
Wireless network discovery. Finding Access Points. Spoof attacks and data sniffing.
Using Encryption to protect the network
Using WEP, EAP, IPSEC and VPNs.
Understanding and Implementing Best Practices
Learn security standards. Implementation Do's and Don'ts

Click here to return to the first page

NSA12B-Internet Security Fundamentals

CPE Hours: 32

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

In this seminar you will learn about the potential Internet risks. Through the use of hands-on demonstrations and interactive sessions, you will discover how security tools and security methods fit into each other and how to make your network a "fortress"

Seminar Contents

Sources of risk and threat scenarios due to the Internet
Security tools for protecting your network: Firewall, Router, Switches, IDS, ACM
Methods and procedures to secure the data transportation:

VPN
PKI
SSL
IPSEC
L2TP
IKE
PGP

Security and E-Commerce: Requirements, security architecture, paying systems, M-Commerce
SOURCES OF RISK AND THREAT SCENARIOS DUE TO THE INTERNET Intruders
Motivation and the methods of intruders
Threat scenarios of various Malicious Codes: Virus, Worms, and Trojan Horses?
Potential risks through email - Distributed Denial of Service (DdoS) attacks, spoofing and ICQ
Risk through sniffers
Telnet, ftp, smtp, pop3, snmp
TCP/IP-protocol: Spoofing and High-jacking
Potential of risk through ActiveX, Java and JavaScript

Security Tools for protecting your network

Firewall-Systems:

Functioning, application and weaknesses (why failures occur)
Overview of the different firewall-products
Basic knowledge of the configuration of a firewall
Integrated virus-scanner
Circuit- and Application-Level-Gateways

Active Content Monitoring Systems (ACM)

Intrusion Detection Systems (IDS)
Host or network based systems
Identification - Surveillance - Protection

Methods and Procedures to secure the data transportation

Authenticity, Authorization and Audit and Monitoring

Pro's and con's of passwords-, people- (biometrics), software and token-based systems (i.e. smartcards)
Single sign on
Audit and monitoring the records

Cryptographic Procedures

The most well-known encoding systems in the web
Symmetric and asymmetric codes
How to apply a Private-Key-Infrastructure (PKI)
SSL, IPSEC, IKE and PGP - Which are the best methods for E-Commerce, E-Mail and Database connections?

Virtual Private Networks (VPN)

Functioning - ESP-Tunnelling methods
Quality of service and remote-access

Security and E-Commerce

Security In E-Commerce

E-Commerce = Webserver + Product Data
Requirements to certified web shops,
Intranet/internet: Security of internal and external data (i.e. data of customers)
Opening of business processes vs. increasing the security - a contradiction?
Payment systems on the Internet: SET, E-Cash and Paybox

Security Architecture

What you need to know when building up E-Commerce architecture
Proactive and reactive elements of the security architecture
Certified products, guidelines CC. ITSEC, ITSEC in GB

Certificates

Building up of certificates X.509
Different types of certificates: personal, for computer, for software
Certificates and their application: shop systems, PCG

Click here to return to the first page

NSA13B-Introduction to Network Penetration

CPE Hours: 24 (this course can also be delivered in a 2 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

Today's networks are complex and wide-reaching. Most organizations are using the Internet to attract customers and conduct e-commerce using web-enabled applications and use remote access to facilitate off-site use of the network. These areas must be tested to ensure they are adequate protected using vulnerability and penetration techniques.

This seminar will provide the attendee with not only the detailed techniques and tools to use for verifying the security and controls within their network, but with actual hands-on experience!

Seminar Highlights include:

Understanding network concepts and technologies
Obtaining tools and learning techniques to perform network penetration
Using penetration tools

Click here to return to the first page

NSA14B-Network Security Firewalls, Vulnerability Assessments and Penetration Testing

CPE Hours: 24

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals wishing to expand or learn about the control environment requirements.

This three-day seminar begins with a review of your initial network perimeter protection, the firewall. Understanding the architecture and design of firewalls is a necessary adjunct to any network audit. We begin by learning about the various architectures available, along with their strengths and weaknesses. You'll learn about network interfaces and perimeter networks (DMZs). Additionally, different techniques such as packet filtering, application proxies and stateful inspection are introduced. The seminar will then explore a detailed approach to auditing a firewall. You will be left with a sound approach and documented steps for performing a firewall audit.

The following two days will begin with the distinction between network vulnerability assessments and penetration testing. While the distinction between vulnerability assessments and penetration testing is a matter of some debate, we will attempt to address this at the onset to clarify the distinctions. During this seminar, you will learn:

Differences between vulnerability assessments and penetration testing
A detailed step-by-step approach for you to use
Planning, scheduling and needs assessment; key criteria for successful engagements
A recap of network fundamentals, TCP/IP and network devices
Initial network connections, identifying servers and information gathering
All about using basic network tools and commands such as arp, traceroute, telnet, along with more sophisticated tools
How to attack web servers and network equipment such as routers
Simple methods for obtaining data by seeing what passes across the network
How denial of service attacks work and the value of such exercises
How vulnerability assessment techniques can be used to attack or assess operating systems.
A surefire method of grabbing passwords on any system that allows access to the keyboard
All about security in wireless networking

Click here to return to the first page

NSA15B-Understanding and Implementing Firewalls

CPE Hours: 8

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals with new responsibility in this area.

This presentation provides an understanding of firewalls and addresses how to assess and implement various products. It will begin with an overview of TCP/IP to provide the attendee an appreciation of implementation and controls offered by firewalls. It will then discuss the components of a firewall: the architecture, hardware and software and the various ways it can be implemented. It will demonstrate how they work, what the major pieces consist of and how to properly assess the various implementation options and security parameters. During the presentation, the attendee will learn the different architectures that can be used to implement firewall protection and why one might be used over another. Finally, the attendee will learn to implement the various log file options to ensure that adequate logging information is produced for ongoing analysis and review. The presentation will provide a generic checklist that will enable you to perform a reasonable compliance check against your organization's firewall needs.

Click here to return to the first page

NSA16B: Incident Response - Building a CSIRT (1 day)

CPE Hours: 8 Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites: A minimum of 2 years IT audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, IT Professionals with responsibility in this area, and Contingency Planning Administrator..

By creating, understanding and following sound security incident processes, Canadian Tire will be better prepared to take action should the unthinkable occur.

Click here to return to the first page

CFA01J-Computer Forensic Analysis and Investigation

CPE Hours: 24 Hours (this course can also be delivered in 1 or 2 day format)

Delivery Method: Lecture, Class Participation

Skills Level: Basic/Intermediate

Prerequisites:A minimum of 3 years It audit experience.

Who Should Attend: IT Audit Managers, IT Audit Supervisors, Senior IT Auditors, Data Security Administrators, Internal Investigations Department, and data related security departments

Seminar Contents

This seminar will focuses on computer forensic analysis and investigation tools, techniques and procedures.

Seminar Highlights

Discussion of computer and network security incidents and initial forensic response procedures
Live forensic investigation of computer incident to demonstrate key tools and techniques

Seminar Contents

1.Computer Forensics Overview

Example Computer Incidents
Example Network Incidents
Incident Response Process
Computer Evidence Issues
Initial Response Procedures

2.Computer Forensic Analysis and Investigation

Pre-Incident Requirements
Response Toolkit
Initial Response Techniques
Forensic Duplication Tools and Techniques
Investigation
Reporting

3.Windows and Linux-based Incident Response Toolkits

Forensic Duplication and Imaging Tools and Techniques
Investigation and Analysis Tools and Techniques

Click here to return to the first page


	[Home] [More for your $] [In House Programs] [Virtual Catalog] [About Us] [Testimonials] [Contact Us] [Privacy Statement]