2 pages

English

it-audit-training-series

Choon

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

2 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

IT Audit Series 2009October 22-24, 2009CobiT, ITIL, ISO 27001: Tools for implementing IT GovernanceImplementing governance? Don’t re-invent the wheel! This 3 day course will assist you to implement IT Governance by informing you of some tools that are already available and tested to help you.CobiT, now version 4, provides the complete framework for implementing governance, incorporating both ITIL and ISO 27001. ITIL provides both direction and structure for “best practice” service delivery and service support. And, ISO 27001, the former British Standard BS7799 Part 2, is the recognized, international standard for managing information security.Who should attendIn addition to Information Security and Audit Management professionals and Seniors, this course would be of interest to CIOs, IT managers, and executive management responsible for implementing IT and corporate governance.Learning outcomes■ Why governance is important and now regulated?■ Introduction to CobiT■ Introduction to ITIL Service Delivery■ Service Level management■ What does financial management mean to an IT department■ Capacity management■ Service continuity■ Introduction to ITIL service support■ Problem & incident management■ Change, release and configuration managementAgendaDay 1: Day 2: Day 3: CobiT, ITIL & Service Delivery CobiT, ISO27001 & Security ManagementCobiT, ITIL & Service Support1. Why Governance? 1. Introduction to ISO270011. Service Continuity• The case for IT and ...

Informations

Publié par	Choon
Nombre de lectures	27
Langue	English

Extrait

CobiT, ITIL, ISO 27001: Tools for

implementing IT Governance

Day 1:

CobiT, ITIL & Service Delivery

1. Why Governance?

• The case for IT and corporate

governance: major issues,

legislation including Sarbanes-

Oxley in the USA and beyond

• Executive management

in the global enterprise

2. Introduction to CobiT

• CobiT’s component parts

• CobiT, ITIL & ISO27001

3. Introduction to ITIL Service Delivery

• The IT Infrastructure Library

• The benefits of service

management

4. Service level management:

• CobiT statements as they relate

to SLA’s

5. Financial management: what does it

mean to an IT Department?

• Developing an IT accounting

system, CobiT statements

6. Capacity Management:

Typical activities in capacity

Day 2:

CobiT, ITIL & Service Support

1. Service Continuity

• Considering the scope: risks ‘in’ and

‘out’, CobiT statements

2. Introduction to ITIL Service Support

3. The Service Desk: keeping the

Customer satisfied

• Service Desk Technology: service

desk responsibilities & functions

4. Problem & Incident Management

• Proactive problem management

• Encouraging incident awareness:

relating ITIL to ISO27001

5. Change, release & configuration

management

• Identifying the risks to IT governance

in changes to the IT environment

dealing with special risks including

fraud

• The Change Cycle:

Day 3:

CobiT, ISO27001 & Security Management

1. Introduction to ISO27001

• ISO27001 components

2. Implementing ISO27001

• The Gap Analysis using “Annex A”

• The compliance poject

• Measuring compliance

3. Implementing CobiT, ITIL & ISO27001

• The CobiT Project

• Case Study: implementing CobiT,

ITIL & ISO27001 in a global organi-

zation: how these ‘tools’ were used

to implement a controls infrastruc-

ture across a global enterprise

working in 87 countries in a way

that can be scaled to meet the

needs of any business

4. Summary & Conclusions

Implementing governance? Don’t re-invent the wheel! This 3 day course will assist you to implement IT Governance

by informing you of some tools that are already available and tested to help you.

CobiT, now version 4, provides the complete framework for implementing governance, incorporating both ITIL and ISO 27001. ITIL

provides both direction and structure for “best practice” service delivery and service support. And, ISO 27001, the former British

Standard BS7799 Part 2, is the recognized, international standard for managing information security.

Who should attend

In addition to Information Security and Audit Management professionals and Seniors, this course would be of interest to CIOs, IT

managers, and executive management responsible for implementing IT and corporate governance.

Learning outcomes

■

Why governance is important and now regulated?

■

Introduction to CobiT

■

Introduction to ITIL Service Delivery

■

Service Level management

■

What does financial management mean to an IT department

■

Capacity management

■

Service continuity

■

Introduction to ITIL service support

■

Problem & incident management

■

Change, release and configuration management

IT Audit Series 2009

Agenda

October 22-24, 2009

Information: Hellenic American Union, tel: 210-3680907, 210-3680927, www.hau.gr/management

Day 1

The Risk based approach to auditing

How do we know what to audit?

• What are the elements of business risk. The relationship be-

tween business assets, threats, likelihood, impact, business

risk and exposure

• How should we use business risk when creating the Audit

Program

• How can risk be managed

Tolerated, transferred, treated or terminated?

• What are the standard control types used in addressing

business risk

Preventive, detective, deterrent and corrective controls

Day 2

Specific technology risks

(each with a few pertinent audit questions)

Technology and supporting infrastructure

• Operating systems, networks etc

Physical, logical and environmental security

• From the security boundary to the construction of the com-

puter facility

Networks and the internet

• Special risks of the modern “extended enterprise” in the

global market place

Business continuity

• How long can you be without a computer? And where are

you going to sit to use it?

Social Engineering

• Technology, resources, people and security

Course summary & conclusions

erek

J. O

liver

, CISA, CFE, FBCS, FIAP is an Information Systems Au-

dit & Security specialist with over 20 years experience. He is a Certified

Information Systems Auditor (CISA) a Certified Fraud Examiner (CFE)

and a Fellow of the British Computer Society (FBCS). His background in

computer programming is represented by Fellowship of the Institution of

Analysts & Programmers (FIAP). He is past President of the Information

Systems Audit & Control Association in London (ISACA), current member

of CISA Test Enhancement committee and a member of the Institute of In-

ternal Auditors and the Information Systems Security Association. In 1996

he was made a Freeman of the City of London. Following his early years

in the “Travel Trade” with Thos. Cooks and Trans World Airlines, 15 years’

service with H.M. Customs & Excise, Mr. Oliver became head of the UK in-

ternal audit team of First Data Corporation, the world’s largest third-party

processor of credit and debit transactions. Since 1985 he has conducted

both high level and in-depth audit and security reviews across the infor-

mation processing spectrum, including ISO17799 “Information Security

Guidelines” Compliance auditing & consultancy, all aspects of LAN and

WAN security from strategies through access control to infrastructure,

physical security & risk analysis, general controls reviews, disaster Recov-

ery and Business Continuity, PICK systems security, AS400 security, IBM

Mainframe security.

As a member of the BS7799 working group in 1995/96, Derek was

partly responsible for the development of the BS7799 “Code of Practice for

the Management of Information Security”; He also worked on the revised

version, issued April, 1999, and was a member of the c:cure (BS7799

compliance certification scheme) steering group, which was directed by

the department of Trade and Industry. He has written several articles for

various national and international magazines, including auditing software

piracy, BS7799 and the c:cure scheme and physical security. He is also a

member of the BS7799 User Group.

This two day seminar will look at how to establish the audit program and conduct audits based on business risk. It will then

concentrate on the specific risks associated with Information Technology, especially considering the dependence of most

businesses on their IT. For each risk or threat, typical audit questions will be discussed and possible solutions outlined.

Who should attend

Heads of Internal Audit, internal and external auditors, security and risk managers and all management who need to consider

business risk and control

Learning outcomes

■

Understand the importance of business risk in planning audits

■

Assess the value-added of audits to the business

■

Determine the specific risks to the business arising from information technology

■

Consider the role of Internal Audit in assisting the business to meet its objectives

Agenda

ABOuT THE INSTRuCTOR

Risk Based IT Audit

A practical quide to Risk Based IT Audit

March 19-20, 2009

IT Audit Series 2009

Information: Hellenic American Union, tel: 210-3680907, 210-3680927, www.hau.gr/management

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

it-audit-training-series

YouScribe

Le catalogue

Le service

Les conditions