Auditing IT: Identifying Exposures
Recent newspaper stories concerning identify theft and vital records exposure are causing concerns in boardrooms across the country. How could these things happen at SOX-compliant companies?
The answer is that the SOX effort focused primarily on applications and transactions. Testing at the operating system and database level focused primarily on general controls. The Auditing IT course is intended for auditors who now want to make the extra effort to ensure the systems and databases hosting SOX-compliant applications are secure. Using the Canaudit methodology, security is analyzed using a combination of scripts, tools and exploits to identify weaknesses before they can be exploited by an attacker.
