2018 Technical Vulnerability Assessment Seminar (2 days)

Seminar Objective: Provide an overview of how to conduct an enterprise security vulnerability assessment of networks, operating systems, databases, and network devices, from an audit approach.  Attendees will be expected to develop audit steps, perform audit testing, document their audit test results during seminar, draft work in workpapers format, and draft findings based on audit work.  Be advised, each day will have 1-2 hours set aside that requires attendees to prepare their audit workpapers with the intent to document draft findings by conclusion of second day. 

2-Day Breakdown

Day 1 Network Scanning: Overview of seminar objectives, walk through of audit planning and approach, workpapers documentation format.  Gain an understanding of what is, how to perform, how to interpret, and how to document network scanning activities.  Scanning objectives will include discussion on internal vulnerability scanning and external “Pentest” scanning.

Operating System Assessments: Overview of seminar objectives, walk through of audit planning and approach, workpapers documentation format.  Gain an understanding of what is, how to perform, how to interpret, and how to document operating system assessment activities.  Operating system assessments will include discussion on approaches, tools available, and manual assessment techniques.

Day 2 Database, Network Devices, and Drafting Findings:  Overview of seminar objectives, walk through of audit planning and approach, workpapers documentation format. Gain an understanding of what is, how to perform, how to interpret, and how to document database assessments and network routers and firewalls.  In addition, Day 2 will include pulling together all audit testing, workpapers, and how to draft technical findings for executive leadership and technical Directors with recommendations.

Attendee Expectations VERY IMPORTANT:  More than half or significant seminar time will be performing hands on documenting audit workpapers.  If not interested in performing audit documentation, should not attend since a majority of time will be drafting workpapers based on audit work.  In addition, attendees should plan to work on summarizing audit results, workpapers, and other support work every evening to stay caught up.

Who Should Attend: New IT auditors who have not performed hands on technical auditing; mid-range auditors who want a tune up on IT technical security auditing; and audit managers who want insight into technical audit planning, tools and approaches, and approaches to draft and review technical workpapers and findings.

Seminar Limitations:  There is a technical license limit for this seminar and limited to 25 attendees.  

Equipment: Seminar is intended to provide all equipment.

Note: A box lunch will be provided to each participant.