Securing and Auditing Your Application Software Infrastructure HANDS-ON - ASG232


The course focus is the software infrastructure controls used to design, operate, and secure distributed business applications. The course covers major threats, risks, best practice controls of distributed configuration systems, checklists, security concerns and tools to understand the intricacies of logical access controls.


Tuition cost


NASBA Certified CPE

40 Credits


Why you should attend

You should attend because computerized applications are the lifeblood of modern organizations yet are very complex and can be the source of significant risks. Auditors must verify the effectiveness of controls that can cause significant loss.

Who should attend

Internal and external IT auditors performing general controls and application audits. IT Security and compliance professionals needing to perform technical software security audits and risk assessments.

What You'll learn

You will learn about software infrastructure and security essentials, risks to distributed applications, security policies, log management, Unix/Linux essentials, how to collect audit data, and how to prepare audit programs.


  • Intermediate IT Audit (ITG241)
  • CISA or equivalent knowledge of or experience, especially in the area of logical access controls

Software Infrastructure Essentials:

  • logical access control objectives and audit targets for distributed applications
  • defining and documenting distributed application software architectures: computing models, middleware concepts, software building blocks and infrastructures
  • risks to distributed applications
  • auditing TCP/IP application security
  • auditing file sharing protocols

Securing and Auditing Operating Systems and Other System Software:

  • defining types and roles of different types of system software
  • software and user privileged authority risk, safeguards, and audit procedures
  • fundamental security controls for operating systems and other system software components
  • collecting audit data from server operating systems
  • virtualization (hypervisor) security and audit

Securing and Auditing Windows Server/Active Directory:

  • windows server architecture
  • windows user accounts and groups
  • windows security policies
  • windows access authorization and privileged authority
  • windows system software security
  • windows security audit (event) log management
  • windows server best practice security checklist

Securing and Auditing Unix/Linux Systems:

  • surveying the Unix/Linux landscape
  • Unix system policies and configuration
  • Unix user identification and authentication
  • Unix file system data protection
  • Unix system software security
  • Unix security audit (event) log management
  • Unix/Linux server best practice security checklist

Securing and Auditing Database Management Systems:

  • Database Management Systems (DBMS) terminology
  • Structured Query Language (SQL) concepts and targets
  • security risks associated with DBMS systems
  • DBMS security safeguards
  • DBMS audit data collection and analysis
  • DBMS best practice security checklists

Testing the Security of Your Web Storefront:

  • web application architectures–building blocks and control points
  • web application technology security risks
  • discovering, enumerating and vulnerability testing for web applications

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: America/New_York

September 2021

Sep 20th, 2021-Sep 24th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: