Besides the semianr on RPG tomorrow, there is another Midrange
seminar now scheduled. It is at the College Park Holiday Inn in
COllege Park, MD outide of Washington. (So the RPG Seminar in Ft
Washington begins to look nice and close by, doesn't it? Still time
to register for the RPG Seminar!

Here is the low-down on the seminar coming to Maryland March 17 &
18 - - - Introduction to IT Audit - - -

Who should attend: This course is targeted towards beginning to mid
level auditors (refresher), and other IT and security professionals
tasked with system auditing. It is designed to increase the technical
knowledge and understanding of participants at these levels. The
course will also benefit those preparing for certification exams such
as the Certified Information Systems Auditor (CISA), Certified
Information Security Manager (CISM), Certified Information Systems
Security Professional (CISSP), Certified Internal Auditor (CIA) and
Certified Public Accountant (CPA).


Introduction to IT Audit is designed for new IT auditors, financial
auditors who need to learn more about IT, and moderately experienced
IT auditors who want a refresher in the basics. You will learn: what
IT auditing is and how to conduct it, from planning and scoping,
through evidence collection and analysis, to verification and the
closing meeting.
You will learn basic Information Technology terms and a basic level
of how various IT technologies work. Each section of the class will
teach you either a new aspect of IT technology or a new aspect of how
to audit IT.

DAY 1 Agenda

Introduction
What IT Audit Is and How It Differs From Financial Auditing
Computer Basics: Types of Computers, Parts of Computers,
Programming Languages
The IT Audit Process: Planning and Scoping; Leveraging Work Papers
The Data Center: Its Components, What It Means to an Audit
The IT Audit Process: Standards and Objectives, the Glue that
Makes the Audit Easy
Distributed Data Processing: What It Is, What it Means to an Audit
The IT Audit Process: Evidence Collection and Analysis
Networks: Types, Topologies, Technologies, Protocols
The IT Audit Process: Verification and the Closing Meeting
Basic Types of System Software: Job Schedulers to Intrusion Detection
Summary

DAY 2:
IT Audit Practical Exercises shows you how to conduct various types
of IT
audit by involving you in case studies. Each case will illustrate a
different type of audit, and a different stage of the audit process,
from planning through final deliverables. The cases illustrate the
concepts introduced in DAY 1, and show you how to go about thinking
about each type of audit. Each case starts with a description of the
critical points for a given type of audit, and then introduces the
class to an example of that type of audit. You will learn from class
discussion of the cases the types of problems likely to be
encountered, and what the really important aspects of each audit type
are.

Agenda (Please note that due to time restrictions, not all types of
audit listed in the agenda may be covered in class.)

Introduction
Basic Principles
Application Controls Review: Core knowledge and Practical Exercise
Data Center Audit: Physical Security: Core Knowledge and Practical
Exercise
Data Center Audit: Management Controls: Core Knowledge and
Practical Exercise
Security Audit: Core Knowledge and Practical Exercise
Network Audit: Core Knowledge and Practical Exercise
Business Resumption Plan (Disaster Recovery Plan) Audit: Core
Knowledge and Practical Exercise
Chargeback System Audit: Core Knowledge and Practical Exercise
Firewall Audit: Core Knowledge and Practical Exercise
HIPAA Compliance Audit: Core Knowledge and Practical Exercise
Summary: What the Good Audits Have in Common


Speaker: Stu Henderson

Speaker Profile: Stu Henderson is an experienced consultant, auditor,
and systems programmer who specializes in Information Technology
Security and audit. He is editor of the Mainframe Audit News and the
RACF User News. His website www.stuhenderson.com provides articles,
links to other useful sites, and other information useful to
auditors. He has taught CISA preparation courses for the National
Capital Area ISACA chapter for the past several years. His
information security and "How to Audit..." seminars are taught
nationally. He speaks frequently at CACS, and has taught ISACA
chapters from Victoria, British Columbia to Central Maryland.