ISACA of North Texas – 2019 Spring Seminar
Course: Intermediate IT Audit School
Instructor: Fred C. Roth
Instructor Bio
Fred C. Roth is a frequent speaker at international conferences and delivers IT control and security training on a worldwide basis. As a former Vice President of a training vendor's IT Audit Division for 15 years, he facilitated and coordinated the IT audit curriculum.
Previously, as IT Audit Manager at Eastman Kodak Company, he had worldwide responsibility for planning and coordinating Kodak’s IT audits in the United States, Asia, Europe and South America. Mr. Roth was a key player in Eastman Kodak’s successful worldwide SAP implementation, where he was responsible for the Corporate Audit partnership on the project and for assessing controls during system design and implementation.

Course Outline
1. IT Risk Assessment
2. IT Audit & Information Security Standards and Frameworks
3. User Access Controls (start)
3. User Access Controls (continued)
4. Operating System Controls
5. Database Management Systems
6. Network Perimeter Security
7. Assessing Outsourced IT Operations
8. Audit’s Role in System Development

Additional Materials
• Disaster Recovery Planning
• IT Governance
• Encryption

Intermediate IT Audit School
North Texas ISACA Chapter
 April 1-3, 2019 

1. IT Risk Assessment
• IT Threats, Risks and Exposures
• IT Risk Assessment
• How Hackers are Hacking
• Information Security Governance
• IT Risk Assessment Resources

2.  IT Audit & Information Security Standards and Frameworks
• ISO 27002 Security Standard
• IIA Global Technology Audit Guide - GTAGs
• Center for Internet Security – Top 20 Controls
• NIST Cybersecurity Framework
• FISMA - Federal Information Security Modernization Act
• DOD Checklists / STIGs
• OWASP - Open Web Application Security Project
3. User Access Controls
• Logical Security Risks
• Social Media and Social Engineering
• User Identification and Authentication
• Authorization and User Access Controls
• Managing Audit Trails
• Privileged Access Monitoring
• Mobile Computing

4. Operating System Controls
• Operating System Risks
• OS Key Controls
• Virtualization and Hypervisors
• Patch Management
• Privileged Administrative Access
• Log Management
• Vulnerability Assessments (Health Checks)

5. Database Management Systems
• Database Management System Risks
• Database Terminology
• Relational Databases
• Structured Query Language (SQL)
• Using the OWASP Report
• Key DBMS Controls

6. Network Perimeter Security
• Network Risk Analysis
• OSI Network Protocol Model
• Threat and Vulnerability Management
• Firewalls / DMZ
• Intrusion Detection Systems (IDS / IPS)
• Virtual Private Networks (VPNs)
• Wireless
• Cloud Computing

7. Assessing Outsourced IT Operations
• Outsourcing Risks
• Contractual Agreements
• Right to Audit
• SSAE-18, SOC1, SOC2, SOC3 Reports

8. Audit’s Role in System Development
• System Development Business Risks
• Audit’s Primary Objectives
• Systems Development Methodologies
o Waterfall Model
o RAD / Agile Models
• Assessing Project Controls
• Communicating Audit’s Role

ADDITIONAL TOPICS - Not on agenda but available in materials:

Business Continuity and Disaster Recovery Planning
• Disaster Recovery Planning (DRP)
• Business Continuity Planning (BCP)
• Business Impact Analysis (BIA)
• Recovery Point Objectives (RPO)
• Recovery Time Objectives (RTO)
• Business Resilience Components

Auditing IT Governance
• Defining IT Governance
• IT Governance Risks
• IT Governance Responsibilities
• IT Governance Components
• Using COBIT® for Auditing IT Governance

• Encryption Concepts
• Key Management
• Symmetric Key Encryption
• Asymmetric Key Encryption
• Digital Signatures
• Public Key Infrastructure (PKI)
• Encryption Key Management Audit Steps
• Internal Auditors
• IT Specialist Auditors
• IT Auditors
• IT Audit Managers
• Information System Auditors
• Information Technology Auditors
• Information Security Officers  
Presentation Method: Group-Live      
Program Level:  Intermediate
Advance Preparation: None  
Recommended CPE Credits: 24
Date: April 1 – Apr 3, 2019                                
Time: Monday through Wednesday 8:30 AM – 5:00 PM
Location: Weaver Dallas Offices - 2300 N. Field Street, Suite 1000 (Big Tex Training Room), Dallas, TX 75201
Cost for this 3 day course:
• ISACA North Texas Members: $875
• Non-Members: $925


  • When

  • Monday, April 1, 2019 - Wednesday, April 3, 2019
    8:30 AM - 5:00 PM
    Central Time

  • Where

  • Weaver Dallas Office
    2300 N Field Street
    Suite 1000 - Big Tex Training Room
    Dallas, Texas 75201

Additional Information

NASBA Logo ISACA – North Texas Chapter is registered with the National Association of State Boards of  Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website:

We have registered with the Texas State Board of Public Accountancy as a CPE sponsor. This registration does not constitute an endorsement by the Board as to the quality of our CPE programs.

For information regarding refund, complaint, and program cancellation policies, please visit our website at:   © 2016 North Texas Chapter ISACA, All rights reserved

Outlook Outlook
iCal iCal
Google Google
Yahoo! Yahoo!