Spring Training Opportunity
Seminar Title:
Advanced IT Audit School – Comprehensive Deep-Dive of IT Audit and Information Security Assessments
Note: This is a three day MIS Training Institute (MISTI) course, which will be led by a MISTI certified training
instructor. This course would normally cost $2,195 plus T&E per student. However, we have worked with MISTI
to be able to offer this course to you here in Kansas City at substantial saving. Refer below for pricing.
Date & Time:
April 20th | 8:30 am – 4:30 pm
April 21st | 8:30 am – 4:30 pm
April 22nd | 8:30 am – 4:30 pm
Location:
Sprint Nextel World Headquarters – Overland Park, KS
(Additional parking and building information will be provided to registered attendees)
CPE’s:
Price:
24 Credits
ISACA Members Early-Bird: $700 – Available for members today through March 26th
ISACA Regular Members: $750 – Available for members from March 27th through April 15th
Non-Members: $750 – Available for non-members today through April 15th
Note: Seating is limited. Register early to secure your spot. Refer below for how to register.
Course Description
In this information-packed, three-day seminar we will cover, in depth, key building blocks of IT audit and security, including
identity and access management, web-based e-commerce application threats and vulnerabilities. We will place special emphasis on
discovering best practices and standards for auditing web (HTTP) servers and application servers and walk away with tools,
techniques and checklists for discovering and testing web and application server security. We will also cover auditing database
management systems within the context of robust but practical enterprise architecture and governance models and go over web
services and service-oriented architectures including SOAP, ReST, SOA and ESB. We will also go over safeguard concepts and
best practices for secure mobile and wireless applications.
Who Should Attend:
 IT Auditors and IT Audit Managers (Internal or External)
 Information Security Managers and Analysts
 IT Managers
What You Will Learn:
1. Laws and Standards Affecting IT Audit
 Computer crimes, investigations, evidence, forensics
 Laws, directives, and regulations
 Types of laws

Privacy issues and legislation
2.
Web Application Architectures
 Inventorying your application software environments
 Web application building blocks and control points
 HTTP protocol and state management
 Web application markup languages
 Single/reduced sign-on (SSO) pros and cons
 Common Web application threats and vulnerabilities
 Web application security strategies
3.
Auditing Web (HTTP) Servers
 Summary of baselines for secure server operating system security
 Physical threats, vulnerabilities, risks, and countermeasures
 Perimeter security, boundary protection, and facilities access controls
 Electrical, temperature, water, and other environmental controls
 Fire detection, prevention, and suppression
 Information storage media protection, sanitization, and disposal
 Emergency procedures
 Human resources controls: hiring practices, badges, terminations and transfers
 Goals for information security safeguards in applications
 Web server configuration: operational and security requirements
 Web server access control security features: Apache, Microsoft IIS
 Perils and protections for remote Web application development
 Application firewalls and intrusion prevention systems
 Tools, techniques, and checklists for discovering and testing Web servers security
4.
Business Application Software Development and Audit
 Server-side Web page programming security
 Mobile code security
 Common security vulnerabilities and attacks on Web application software
 Attacks on Web servers: cross-site scripting, SQL injection, buffer overflow
 Input validation and editing
 Software change controls and configuration management
 Web application vulnerability and testing tools
 Tools, techniques, and checklists for auditing security in application design
5.
Auditing Application (Middleware) Servers
 Roles, architecture, and security control points for XML/object-oriented development environments and associated
application servers
 Defining key sources of application server security: declarative vs. programmatic controls, database and Enterprise
Information System (EIS) connectors
 Audit and security features in components and servers
 Tools and techniques for auditing and securing application server
6.
Auditing Database Management Systems
 Methods for providing data access to users and other applications
 Data access control, authorization, and audit
 Relational database management systems (DBMS)
 Structured Query Language (SQL): more than just query
 Security risks associated DBMS systems
 Audit and security features for major DBMS products
 Tools, techniques, and checklists for securing and auditing DBMS components
7.
Web Services and Service-Oriented Architectures
 Simple Object Access Protocol (SOAP) Web services definition and architecture
 SOAP Web services standards
 Service Oriented Architectures (SOA)
 SOA Enterprise Service Bus (ESB)
 Representational State Transfer (REST) Web services
 Web services audit and security tools, and techniques
8.
Auditing Remote Access and Mobile Applications
 Key control points in remote access and mobile applications
 How mobile application differ from internal server based applications
 Tools and techniques for protecting the contents of mobile devices
 Gateways for mobile applications: vulnerabilities and safeguards
 Checklist for secure mobile and wireless application best practices
Registration
Registration is available online: http://www.isaca-kc.org/meetingReg.php
Registration fees must be paid promptly following registration to secure your seat and course materials, if you are paying by check.
Credit Card payment must be made at the time of registration.
Note: In order for us to be able to host this training, we must achieve a minimum level of registration, which will allow us to
breakeven on the cost. Should we not be able to achieve this level, the training session will be cancelled. Should we have to cancel
the course for this reason, the registration fee will be refunded to you. This decision will made on March 27th.
Registration Includes
Course materials and a $20 daily food voucher to be used the day of issuance at the on-site cafeteria for breakfast, lunch, and / or
snacks will be provided each day.
Cancellation Policy
The Greater Kansas City Chapter of ISACA reserves the right to cancel the training seminar if the instructor is unable to attend, the
facilities are not available, or other unforeseen circumstances arise. If this occurs, a reasonable effort will be made to reschedule the
seminar or refunds will be issued. If a registrant cannot attend the seminar, the chapter requests an email notification two (2) weeks
prior to the date of the event. Refunds will not be granted for cancellation requests received after this date. Generally, the chapter
does not charge registrants a cancellation fee or penalty. Substitution of another individual for a confirmed registrant will be
accepted at any time prior to the date of the event.
The information presented and included in accompanying materials (if any) is of a general nature and is not intended to address the circumstances of any particular
individual or entity. Although the speaker and content authors endeavor to provide accurate and timely information, there can be no guarantee that such information
is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional
advice after a thorough examination of the particular situation.