Auditing Systems, Applications, And The Cloud (AUD507)

Performing IT security audits at the enterprise level can be an overwhelming task. It is difficult to know where to start and which controls should be audited first. Audits often focus on things that are not as important, wasting precious time and resources.

Management is left in the dark about the real risk to the organizations mission. Operations staff cant use the audit report to reproduce or remediate findings. AUD507 gives the student the tools, techniques and thought processes required to perform meaningful risk assessments and audits.

Learn to use risk assessments to recommend which controls should be used and where they should be placed. Know which tools will help you focus your efforts and learn how to automate those tools for maximum effectiveness.

Skills Earned:

• Apply risk-based decision making to the task of auditing enterprise security

• Understand the different types of controls (e.g., technical vs. non-technical) essential to performing a successful audit

• Conduct a proper risk assessment of an enterprise to identify vulnerabilities and develop audit priorities

• Establish a well-secured baseline for computers and networks as a standard to conduct audit against

• Perform cloud environment audits using automated tools and a repeatable process

• Audit virtualization hosts and container environments to ensure properly deployment and configuration

• Utilize vulnerability assessment tools effectively to provide management with the continuous remediation information necessary to make informed decisions about risk and resources

• Audit a web application's configuration, authentication, and session management to identify vulnerabilities attackers can exploit

• Utilize automated tools to audit Windows and Linux systems

• Audit Active Directory Domains