Auditing the IT Environment
Auditing the IT Environment will introduce attendees to the IT environment as a whole, its systems and its processes, and explore some of the more common risks and audit procedures for network devices, the Windows environment, databases and web applications. The session will begin with a macro view of the IT environment, discussing basic networking and the individual assets and networks that compose it. The session will then address critical IT environment processes such as intrusion detection and response as well as log collection and analysis.
Having laid a rudimentary foundation, the session will progress into four critical IT sub-environments: network devices, the Windows environment, databases and web applications. For each of these environments, the instructor will demonstrate common risks found in the environment and how auditors can quickly identify these risks. The session will then conclude with a brief segment on documenting, rating and presenting identified risks.