Performing IT security audits at the enterprise level can be a daunting task. How should you determine which systems to audit first? How do you assess the risk to the organization related to information systems and business processes? What settings should you check on the various systems under scrutiny? Is there a set of processes that can be put into place to allow an auditor to focus on the business processes rather than the security settings? How do you turn this into a continuous monitoring process? The material covered in this course will answer all of these questions and more.
AUD507 teaches students how to apply risk-based decision making to the task of auditing enterprise security.
This track is organized specifically to provide a risk driven method for tackling the enormous task of designing an enterprise security validation program. After covering a variety of high-level audit issues and general audit best practice, the students will have the opportunity to dive deep into the technical "how-to" for determining the key controls that can be used to provide a high level of assurance to an organization. Real-world examples provide students with tips on how to verify these controls in a repeatable way and many techniques for continuous monitoring and automatic compliance validation. These same real-world examples help the student learn how to be most effective in communicating risk to management and operations staff.
AUD507 allows students to practice new skills in realistic hands-on labs
Each day of the course affords students with opportunities to use the tools and techniques discussed in class. The labs are designed to simulate real-world enterprise auditing challenges and to allow the students to use appropriate tools and techniques to solve these problems. Students learn how to use technical tests to develop the evidence needed to support their findings and recommendations. We go beyond discussing the tools students could use; we give them the experience to use the tools and techniques effectively to measure and report on the risk in their organizations.
Day six of the course is an all-day lab! Students have the opportunity to challenge themselves by solving realistic audit problems using the tools and techniques they have learned in class.
The skills students learn in AUD507 can be used immediately after class
Students will leave the course with the know-how to perform effective tests of enterprise security in a variety of areas. The combination of high-quality course content, provided audit checklists, discussion of common audit challenges and solutions, and ample opportunities to hone their skills in the lab provides a unique opportunity for students to learn how to be an effective enterprise auditor.
A Sampling of Course Topics
- Audit planning and techniques
- Effective risk assessment for control specification
- Time-based assessment and auditing
- Delivering effective reports to management
- Auditing virtualization hosts
- Understanding and auditing cloud services and containers
- Effective network population auditing
- Performing useful vulnerability assessments
- Detailed router, switch and firewall auditing
- Technical validation of network controls
- OWASP Top Ten Proactive Controls for web applications
- Auditing traditional web applications
- Auditing web APIs, AJAX, and single-page applications
- Windows PowerShell
- Windows system auditing & scaling to the enterprise
- Auditing Active Directory
- Building an audit toolkit
- Linux/UNIX auditing
- Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit
- Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities
- Establish a well-secured baseline for computers and networks as a standard to conduct audit against
- Perform a network and perimeter audit using a repeatable process
- Audit firewalls to validate that rules/settings are working as designed, blocking traffic as required
- Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources
- Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit
- Utilize scripting to build a system which will baseline and automatically audit Active Directory and all systems in a Windows domain
- Utilize scripting to build a system which will baseline and automatically audit Linux systems