The Insti­tu­te for Inter­nal Audit Aus­tria offers the semi­nar “IT-Secu­ri­ty / Infor­ma­ti­on Secu­ri­ty” from Sep­tem­ber 28 to 29, 2020 in Vien­na. The semi­nar will be led by SEC4YOU mana­ging direc­tor Man­fred Scholz.

IT secu­ri­ty is very often unders­tood as tech­ni­cal mea­su­res that are inten­ded to sel­ec­tively eli­mi­na­te cer­tain vul­nerabi­li­ties. From the point of view of audi­ting, the­se mea­su­res are part of a super­or­di­na­te inter­nal con­trol sys­tem and must be desi­gned accor­din­gly. Based on the legal frame­work, pos­si­ble solu­ti­ons are pre­sen­ted and dis­cus­sed in the group using con­cre­te case stu­dies from prac­ti­ce in order to redu­ce the exis­ting secu­ri­ty risks to an accep­ta­ble level. In this semi­nar, par­ti­ci­pan­ts will learn about the requi­re­ments of IT secu­ri­ty and infor­ma­ti­on secu­ri­ty from the per­spec­ti­ve of audi­ting, and pos­si­ble solu­ti­ons will be presented.

The semi­nar is inten­ded for employees of the audi­ting depart­ment, the IT depart­ment, but also for exe­cu­ti­ves and mana­ging direc­tors who want to be infor­med about the requi­re­ments. Howe­ver, it is also sui­ta­ble for can­di­da­tes of the CISA or CISM exam as a CIA sup­ple­ment to the exam preparation.

Prin­ci­ples taught:

  • Audi­tor requirements
  • Laws and regulations
  • Risks and threats
  • Infor­ma­ti­on Secu­ri­ty Manage­ment Sys­tems (ISMS)
  • Gene­ral stan­dards (e.g. the ISO/IEC 27000 series of standards)
  • Audit stan­dards (e.g. COBIT)
  • Risk manage­ment
  • Mea­su­res / Controls
  • Sys­tem administration
  • Sepa­ra­ti­on of functions
  • User admi­nis­tra­ti­on
  • Net­work secu­ri­ty / Ope­ra­ting sys­tem security
  • Cli­ent / Server
  • social engi­nee­ring
  • Email / Internet
  • Pro­tec­tion against mali­cious soft­ware (virus protection)
  • Log­ging / Traceability
  • Back­up / Restore
  • Phy­si­cal security
  • Emer­gen­cy planning
  • Secu­ri­ty of mobi­le devices (cell pho­ne, PDA, etc.)
  • Chan­ge management
  • Secu­ri­ty awareness
  • Sys­tem deve­lo­p­ment (deve­lo­p­ment, test, production)
  • Mobi­le devices (smart­phone, note­book, iPad, etc.)
  • Social net­works (Face­book, XING, etc.)
  • Cyber secu­ri­ty
  • Cloud com­pu­ting

To the registration:

https://www.internerevision.at/seminare/it-revision/seminar/it-security-information-security-338/