Almaraz & Associates offers Cyber Security Training, Information Security Training Education & Awareness Training, and other cybersecurity courses. Our Employee Education & Awareness program including best security methods, reveal your organization people strength and weakness, before the hacker do, we provide a tailored Security Education & Awareness Training program to improve your organization security program and educate your users on current cybersecurity threats.

Employees are part of an organization’s attack surface and ensuring they have the know-how to defend themselves and the organization against threats is a critical part of a healthy security program. If an organization needs to comply with different government and industry regulations, such as FISMA, PCI, or HIPAA, it must provide security awareness training to employees to meet regulatory requirements.

  •  Introduction to IT Risks & Controls

  •  Planning IT Audits

  • Audit & Control Frameworks and Standards

  •  Basics of Information Technology

  • Database Technology and Controls

  • Network Technology and Controls

  • IT Governance

  • IT General Controls

  • Business Application Controls

 
Training a Puppy with Snack_edited.jpg

Example IT Audit Training

1. Introduction to IT Risks & Controls                                         
• role of IT
• risk definitions
• risk assessment
• information security objectives
• IT controls cost / risk balance
• internal control overview
• accountability & auditability

 

 2. Planning IT Audits
• audit engagement planning
• IT control categories
• mapping risk and control categories

 

3. Audit & Control Frameworks and Standards 
• maintaining objectivity
• what is a Standard?
• COSO
• GAO Green Book
• IIA Global Technology Audit Guides
• COBIT®
• ISO 27002 Security Standard
• FISMA – NIST 800-53

 

4. Basics of Information Technology
• computer hardware
• central processing unit / memory
• Operating Systems (OS)
• mainframe
• client/server technology
• virtualization / virtual servers
• batch and interactive processing

 

5. Database Technology and Controls
• managing information
• database terminology
• Database Management Systems (DBMS)
• hierarchical databases
• relational databases
• database risks
• database audits

6. Network Technology and Controls
• networking risks
• what is a “network”?
• OSI Model
• Local Area Networks (LANs)
• Wide Area Networks (WANs)
• network devices
• firewalls 
• Intrusion Detection Systems (IDS / IPS)
• Virtual Private Networks (VPNs)
• wireless
• the Internet
• cloud computing

 

7. IT Governance
• audit’s role in it governance
• IIA professional practices framework-governance
• linking business and IT strategies
• IT governance objectives
• COBIT® 5 - IT governance/management
• separation of duties
• assessing outsourced IT functions

 

8. IT General Controls
• logical security
• change management
• business continuity / disaster recovery
• operation controls
• physical security
• environmental exposures
• system development 

9. Business Application Controls
• business application control categories
• business application transaction life cycle 
• completeness and accuracy of input
• completeness and accuracy of processing
• completeness and accuracy of output
• completeness and accuracy of master files
• completeness and accuracy of interfaces