IT Security Audit

The IT Security Audit course is designed to provide practical view  in conducting IT audit and assurance in one organization. The course is designed to support professional staffs   to expand their understanding of information technology (IT) audit.

The course presents a more in-depth view on the fundamentals of IT auditing by highlighting  on topics such as:  IT  audit and control analysis, examination of control evidence in conducting IT audit, application control, Operating System and IT Infrastructure audit, and management of IT audit.

The course will include discussion and exercises related to general control examinations and application system auditing. The course will also focus on control research and analysis for IT-related topic areas. In addition, through discussion and exercises, participants will gain a working understanding of the process of developing audit work programs encompassing all elements of IT infrastructures.
Participants  will be expected to gain a working understanding of how to identify, reference and implement IT management and control policies, standards and related auditing standards. Regarding the latter, the objective is to learn how to identify and interpret the requirements of the standards and. implement the standards in auditing process.

IT Security  Auditing covers the latest auditing tools alongside real-world examples, ready-to-use checklists, and valuable templates.
Each class session will include discussion on an IT audit  management, security, control or audit issues that participants   should be familiar with.

This course will delivered in Indonesian and/or English by Our Master Trainer:
DR, Ir. Fauzi Hasan, MM, MBA, PMP, CISA, CISSP, SSCP, CISM, CGEIT, CPRC, CSCP, CDCP, CITM APICS, Cert. Change Management (APMG)

Course Objectives & Benefits

At the completion of this course, the participants should be able to :

  • Participants shall obtain an expanded understanding on  the role of IT auditors in evaluating IT-related operational and control risk and in assessing the appropriateness and adequacy of management control practices and IT-related controls inside participants’ organization, with the focus on IT infrastructures
  • The participants shall obtain the capability on  how to analyze Windows, UNIX, and Linux systems; secure databases; examine wireless networks and devices; and audit applications. Plus, participants  get up-to-date information on legal standards and practices, privacy and ethical issues, and the CobIT standard.
  • Participants shall obtain the capability in conducting IT audit and implement  techniques in performing assurance, attestation, and audit engagements
  • Capability to build  and maintain an IT audit function within the organization with maximum effectiveness and value
  • Participants shall obtain an expanded familiarity with the principle references in IT governance, control and security as related to IT audit
  • Participants shall obtain the working ability to plan, conduct, and report on information technology audits with specific focus on infrastructure vulnarability assesment and assurance, and drill down upon application vulnarabilities
  • Participants shall obtain  an understanding of the role of IT auditors regarding IT-related compliance and regulatory audits, such as evaluating control standards
  • Capability to use  best prractices  and methodologies such as: COSO, CobiT, ITIL, ISO, and NSA INFOSEC

Who Should Attend

  • IT Managers
  • Security Managers
  • Auditing Staffs
  • IT Operation Staffs.

What You Will Learn

  1. Audit Overview
    The class session will focus on IT audit concepts and processes, which includes: review of some of the key fundamentals of IT auditing, including general auditing standards, risk-based auditing, pre-audit objectives, determining scope and audit objectives, and the process of performing an IT audit. The class session will include discussion on IT performance, controls, control self-assessment, risk analysis, and the objectives of the  IT audit or assurance report.
  2. Building an Effective Internal IT Audit Function
    The class session will focus on management issues regarding how to manage IT audit and assurance functions. The class material will include developing and assessing staff knowledge and skills, competency measurement, assignment of staff, documentation and continuing education requirements.
  3. The Audit Process
    Perform IT audit in accordance with IT audit standards, guidelines and best practices to assist the organizations in ensuring that its information technology and business system are protected and controlled.
  4. Auditing Techniques
    Describing all techniques which are available to implemented for IT infrastructure auditing
  5. Auditing Entity-Level Controls
    Describing all entities control level which encompassing embedded controls in the areas such as:

    • Operating system control in UNIX-, Linux-, and Windows-based operating systems
    • Controls in  network routers, switches, firewalls, WLANs, and mobile devices
    • Entity-level controls, data centers, and disaster recovery plans
    • Controls in  Web servers, platforms, and applications
    • Database  critical controls
  6. Auditing Data Centers and Disaster Recovery
    Describe how to conduct data center as disaster recovery site with all supporting infrastructures
  7. Auditing Switches, Routers, and Firewalls
    Describe how to perform auditing on network infrastructure and network appliances
  8. Auditing Windows Operating Systems
    Describe how to conduct auditing on operating system using effective and control-piercing methodology within the Windows operating system environment
  9. Auditing Unix and Linux Operating Systems
    Describe how to conduct auditing on operating system using reliant and control-focus  methodology within the Unix  operating system environment
  10. Auditing Web Servers
    Describe how to perform auditing on Web Servers  infrastructure and net     DMZ devices
  11. Auditing Databases
    Describe how to perform auditing on organization’s Database  and all operating support elements
  12. Auditing Applications
    Describe how to perform auditing on organization’s Enterprise Applications and the supporting modules
  13. Auditing WLAN and Mobile Devices
    Describe how to perform auditing on Wide Area Network infrastructure and interface able mobile devices.

Information & Registration:

  • Untuk keterangan selengkapnya (termasuk biaya dan jadwal pelaksanaan) silahkan dilihat/unduh brosurnya di <The Comprehensive IT Security Audit> atau disini.
  • Untuk pendaftaran silahkan download Registration Information dan kirim kembali via email atau fax setelah diisi dengan lengkap.
  • Bila membutuhkan pelatihan dalam bentuk Inhouse Training silakan download IHT Request Form dan dikirim kembali kepada kami melalui Fax/email setelah diisi dengan lengkap.
  • Anda juga dapat menghubungi langsung penyelenggaranya melalui Tel/SMS/Fax yang tercantum di brosur atau email: beproseminars<at>gmail.com

IT Risk Management

This course deals with how IT helps to achieve an appropriate balance between realizing opportunities for gains while minimizing losses. It is an integral part of good management practice and an essential element of good corporate governance. It is an iterative process consisting of steps that, when undertaken in sequence, enable continuous improvement in IT decision-making and facilitate continuous improvement in IT performance.

This course will deliver in Indonesian and/or English by Our Master Trainer: Fauzi Hasan, DR, Ir. MM, MBA, PMP, CISA, CISSP, SSCP, CISM,  CMPP, CGeIT, APICS

Objectives & Benefits

IT risk management course covers how to establish an appropriate infrastructure and culture and apply a logical and systematic method of establishing the context, identifying, analyzing, evaluating, treating, monitoring and communicating IT risks associated with any activity, function or process in a way that will enable organizations to minimize losses and maximize gains. At the completion of this course, the participants should be able to :

  • Conceptualize organizations risk management within IT processes
  • Identify and analyze risks within IT operations and understand the implications to the whole business operation
  • Improve IT operation risk level thru  the application and implementation of IT risk management methodology and best practices
  • Support the attainment of organizational business objectives by providing comprehensive perspective of IT risk management to the executive management of the organization
  • Plan to  implement tool  for identifying, analyzing, eradicating and communicating the risks within the cycle of risk management

Target Audience

  • Managers involved and related in the IT operations
  • IT staff and executives involved in risk management and  business process improvement
  • Information technology professionals involved in projects that are concerned, in part, with the automation of business processes
  • IT professionals especially from companies regulated to implement risk management and IT risk management such as banks and state-owned enterprises.

Course Content & Description

  1. Risk Management Introduction
    The segment defines Process of identifying vulnerabilities and threats to the information resources used by an organization in achieving business objectives and deciding what countermeasures
  2. Risk Management Processes
    The participants learn to recognize the following issues in the risk management processes such as:

    • Identification and classification of information resources or assets that need protection
    • Assess threats and vulnerabilities and the likelihood of their occurrence Identification and classification of information resources or assets that need protection
    • Assess threats and vulnerabilities and the likelihood of their occurrence
  3. Risk Indicators
    This  segment shall describe on the need of IT risk management  to operate at multiple levels with diversified risk indicators including:

    • Operation: risks that could compromise the effectiveness of IT systems and supporting infrastructure
    • Project:  risks management needs to focus on the ability to understand and manage project complexity
    • Strategic:  the risk focus shifts to considerations such as how well the IT capability is aligned with the business strategy
  4. Loss Event Database
    The segment shall describe to the participants on intentional and unintentional action that causes data loss, and highlight on organizational responsibility such as:

    • preventing data loss
    • recovery from data loss
    • Cost of data loss
  5. Effective Risk Management
    This segment shall describe to the participants how to establish effective risk management program that covers:

    • Establish purpose of the risk management program
    • Assign the responsibility for the risk management
  6. Risk Management Maturity
    This segment shall describe the road-mapping of risk management as related to IT processes; the framework will be based on the CMM maturity level concept.
  7. IT Risk Management
    This segment shall describe on the Information Technology risk management which is part of the organization IT governance encompassing such as: the identification, assessment, and prioritization of IT operation risks, and  followed by coordinated and economical application of IT resources to minimize, monitor, and control the probability and/or impact of unfortunate events.
  8. Cases Study: IT risk management cases

Information & Registration:

  • Untuk keterangan selengkapnya (termasuk biaya dan jadwal pelaksanaan) silahkan dilihat/unduh brosurnya di <IT Risk Management>.
  • Untuk pendaftaran silahkan download Registration Information dan kirim kembali via email atau fax setelah diisi dengan lengkap.
  • Bila membutuhkan pelatihan dalam bentuk Inhouse Training silakan download IHT Request Form dan dikirim kembali kepada kami melalui Fax/email setelah diisi dengan lengkap.
  • Anda juga dapat menghubungi langsung penyelenggaranya melalui Tel/SMS/Fax yang tercantum di brosur atau email: beproseminars<at>gmail.com

IT Cost Management

The  Information Technology Cost Management course is suited to IT people  placed in the role as IT cost manager who have been performing the role for some time but have never received any formal training.

The course is also suitable as an introduction for anyone thinking about IT cost  analysis role or for other cost management management professionals with focus on IT investment and operation, and wanting to gain a more in-depth understanding of the role and responsibilities in the area of cost management.

This ‘Fundamentals’ course is aimed at learning real-world IT cost  analysis and IT budget development and implementation skills that can be used in the workplace especially in an organization with high IT investment.

Course delegates or course participants ;should be able to return to their working environments and work as effective Cost Management  team members immediately adding value and building effective relationships with business and IT stakeholders.
The course uses case studies to analyze approaches to managerial cost investment and operation (capex and opex) The course also covers the application of decision and control models, planning and control in IT cost management, while also concern on  decision control models, and cost planning.

*This course will deliver in Indonesian and/or English by Our Master Trainer/Instructor: Dr. Ir. Fauzi Hasan, MBA, PMP, CISA, CISSP, SSCP, CISM, CGEIT, CPRC, CSCP, CDCP, CITM APICS, Cert. Change Management (APMG).

Objectives & Benefits

By the end of the   IT Cost Management the  participants will be able to:

  • To have thorough  understanding on the IT cost management including all the parameters and issues related
  • To have complete perspective on IT Investment Management Process
  • Work with business users  (stake holders) to define  different types of IT cost investment and operation
  • A framework to calculate Total Cost of Ownership (TCO) for  IT enterprise resource  systems
  • To have capability to break-down complex IT cost  scenarios or cost problems into process and data models (cost management related)
  • To Have capability in implementing modern cost management concept as related to IT infrastructure
  • To have capability to reduce and optimize IT cost as related to the investment, operation and maintenance of  IT installation and the infrastructure

Target Audience

This course was originally designed for IT  managers and those who involve in the activitie such as related to IT investment, operation and maintenance. However, the course is also suitable for experienced IT managers and Investment  Analysts as it:

  • Provides a reinforcement session for those IT staff  who have   been doing the job for many years but have never received formal training in IT cost management
  • Provides a ‘standard’ approach to be adopted by teams who might currently be using a mix of different techniques in IT cost management.

Course Contents and Descriptions

  1. Introduction to IT Cost Management
    Covers the role of Information Technology Cost Management and how the role has evolved within the cycle of IT investment, operation and maintenance. Examines the differing roles and responsibilities in cost management through all  phases of investment planning and IT infrastructures operation.
  2. Performance Evaluation
    Outcomes: Understand the relationship between IT Cost  Management control and IT performance evaluation such as:

    • Identify the objectives of  IT cost management control
    • Identify the types of IT Cost control systems
    • Explain the application of control to IT cost centers, IT revenue centers and IT profit centers
    • Understand how the balanced scorecard supports strategic cost management
  3. Strategic Investment For Information Technology
    Outcomes

    • Describe the function of a strategic investment unit
    • Discuss implementation of appropriate transfer prices
    • Calculate return on investment, residual income and economic value added, and use them to evaluate the performance of a business unit
  4. IT Cost Management Information
    Outcomes

    • Explain how IT cost information is used in different types of investment for infrastructure’
    • Identify the  functions of IT Cost management
    • Understand the use of IT cost information in support of different IT investment strategies
    • Describe the influence of modern management techniques on IT cost management
    • Allocate shared support costs to IT production
    • Allocate shared cost to products that result from a single process
  5. The Flexible Budget and Standard IT Costing
    Outcomes

    • Identify and explain control systems and uses of standard IT costing
    • Distinguish between effectiveness and efficiency in IT Cost Management
    • Construct a master IT investment  budget
    • Develop a flexible IT  investment budget
    • Calculate direct input variances in IT investment budget
  6. Flexible Budget: Analyzing Factory Overhead
    Outcomes

    • Distinguish between the control purposes and the costing purposes of standard costing for IT overhead
    • Calculate, explain and record the overhead variances in IT budget
  7. Operational IT Cost
    Outcomes

    • Explain, calculate and use the operational data on IT costs
  8. Total Cost of Ownership (TCO) for  IT enterprise resource  systems
    Outcomes

    • Distinguish among the components of Total Cost of Ownership (TCO)  as related to costing purposes of standard costing for IT overhead
    • Calculate, explain and record the overhead variances in IT budget
  9. Strategic Investment for IT Infrastructure
    Outcomes

    • Describe the function of a strategic investment in IT Infrastructure
    • Discuss implementation of appropriate investment
    • Calculate return on investment, residual income and economic value added, and use them to evaluate the performance of IT strategic investment
  10. Review: Revisit the key learning points from the course and looks at why IT investment and cost management  can go wrong and how good cost management can prevent it.

Information & Registration:

  1. Untuk keterangan selengkapnya (termasuk biaya dan jadwal pelaksanaan) silakan dilihat/unduh brosurnya di <IT Cost Management>.
  2. Untuk pendaftaran silahkan download Registration Information dan kirim kembali via email atau fax setelah diisi dengan lengkap.
  3. Bila membutuhkan pelatihan dalam bentuk Inhouse Training silakan download IHT Request Form dan dikirim kembali kepada kami melalui Fax/email setelah diisi dengan lengkap.
  4. Anda juga dapat menghubungi langsung penyelenggaranya melalui Tel/SMS/Fax yang tercantum di brosur atau email: beproseminars<at>gmail.com