An IT auditor with the skills, knowledge and competencies to help organizations navigate through the complex environment of IT risks has never been in higher demand. Every organization in every industry has become aware of the importance of proactively identifying then evaluating and monitoring IT risks. This course is designed to help reinforce and enhance the principles of assessing IT risks. The leaner will emerge with the ability to incorporate and implement the elements of risk assessment and audit planning; identify and apply pertinent audit and security resources; utilize tools of evaluating logical security; evaluate risks within database management systems; monitor risks within change management; test network perimeter security and cloud computing; evaluate threats within the internet of things; add value in the IT auditor’s organization regarding business continuity and disaster recovery planning and IT governance. The learner will also emerge with increased skills regarding effective communication and presentation of the results of the IT audit to various levels of leadership within the organization. The learner will be engaged through case studies of real-life examples and scenarios. The learner will emerge with a wealth of resources, templates and guides which can be adapted to and incorporated into any industry. The course is designed for an IT auditor who has perhaps been in the field for 1-2 years and is looking to increase his/her skills and competencies to move into a more seasoned position of leadership in IT auditing.
This course provides audit practitioners a comprehensive understanding of the types of fraud affecting organizations and shows proven techniques for preventing and detecting fraud.
|More and more today, companies are deciding to undertake the journey to employ Development Security Operations (DevSecOps) as an evolutionary extension of the Agile principles. Change management processes are continuous and largely automated in a DevSecOps environment, which can be challenging for Internal Audit teams, as they must shift their mindsets about IT risks and the controls in place to mitigate them.|
DevSecOps is a software development and delivery approach that emphasizes communication and collaboration between development, security, and IT operations, building on Agile and Lean thinking to provide technology faster, with greater stability, quality, scalability, and security. DevSecOps encompasses many teams involved in the software development and delivery process. The “Dev” side incorporates developers, front-end designers, and quality assurance. The “Ops” area brings in system administrators and support teams responsible for the product after it’s been moved to production. The “Sec” area covers all the cybersecurity professionals responsible for system control, compliance, and secure applications.
In a DevSecOps centric organization, tools are used to automate historically manual tasks, such as code quality checks, execution of test scripts, and deployments. These factors raise some questions about the efficacy of traditional change management controls in the environment, especially Separation of Duties (SoD).
Automation does not have to mean that humans are left out of the process. Manual decisions still need to be made to tell the automated tools how to perform. These human-centric aspects of the process should also be considered in the risk-management approach.
All these challenges and more need to be identified, discussed, and put into perspective as organizations seek to make the transition towards a DevSecOps methodology. The benefits can be numerous, but the risks are plentiful, and the decisions your customers make are the difference between successful implementation and failure. In this course, we will delve into the DevSecOps methodology, assessing how and where auditors can find their footing. We will cover best practices that need to be on the forefront of business leaders’ minds as a DevSecOps culture is adopted, identifying key shifts in mindset that must occur for a seamless transition from manual transactions to automated process flows. Finally, with a forward-thinking approach, we will address how organizational teams can work together in a DevSecOps environment, prioritizing tools and resources that will facilitate meaningful collaboration.