Education 

 
Sabine Charles - Education Committee Chair
Committee Members

Doug Souza

Michael Johnson

Sam Malla

Vasanthi Ramkumar

Ravi Tanikella

Steven Valance

Overview

The Education Committee develops a comprehensive annual training program covering information systems audit/assurance, risk management, controls, and governance. Check here periodically for updates as we continue to plan and finalize upcoming training classes.

If you require training in specific skills or knowledge areas, email [email protected].

Call to Action

Several opportunities are available for assisting the Education Committee:

  • Developing education curriculum
  • Instructing classes
  • Hosting educational events

If you are interested, please contact [email protected]  or click here for volunteering information.

Upcoming Education Classes

Introduction to Cyber Security Technology 101

March 23, 2017
The Loft at Prince, 177 Prince Street, New York, NY

Introduction to the fundamentals of cyber security technology, protocols, and architecture including attack methods, threat models, authentication, encryption, firewalls, attack detection, and architecture.

Level: Beginner, 8 CPE

Click here for registration and information. 

Data Privacy for IT Auditors and Security Professionals

April 5 - 6, 2017
The Loft at Prince, 177 Prince Street, New York, NY
This is a two-day seminar, combining lecture with a hands-on, case study based workshop that introduces I.T. Auditors and Information Security Professionals to the principles, practices, legislation and governance of Personal Information Privacy.  It includes standards, methodology and audit and review techniques for both business and Information Technology resilience and recoverability.

Intended audience: I.T. Auditing managers and staff, Information Security managers and staff, Risk Managers, I.T. operations personnel, Internal Financial and Operational Auditors, Corporate Management, Chief Financial Officers, Chief Privacy Officers and their staff, compliance personnel.

Learning objectives: Participants will gain a deep understanding of personal information including:  

  • What’s privacy all about?
  •  What’s driving privacy? 
  • What are the business benefits of privacy compliance?
  • What are the risks of non-compliance? 
  • Dealing with multi-jurisdictional legislation and regulations 
  • Creating a privacy compliant organization 
  • Establishing privacy baselines 
  • Monitoring privacy initiatives 
  • Responding to a privacy breach 
  • Privacy reporting 
  • Sustainable compliance 
  • Addressing future privacy trends

 Level: Intermediate, 16 CPE 

Click here for registration and information.

 

Practical Steps to Managing Operational Risk to Business Performance Objectives

April 24 - 25, 2017 
The Lofts at Prince, 177 Prince Street, New York, NY
Typical approaches to operational and product risk have several weaknesses including:

  • Narrow focus on historical loss data with insufficient focus on what change and why it changed
    Excessive focus on insuring or reserving against loss, rather than addressing causes of risk
  • Excessive emphasis on compliance/audit/controls over broader risk to business objectives 
  • Using widely varying methods to manage each type of risk, in silos by professional discipline, rather than in a unified method that provides better visibility for evaluation of risk and easier management of risk. 
  • Using tools designed for managing risk to financial reporting for managing risk to achieving business objectives in a dynamic world of change, complexity and fatigue 
  •  Using controls to manage risk rather than more efficient and effective approaches 
  • Using controls without testing the control approach with the 4 Cs and testing specific controls with the Controls Chain of Fitness
  • Missing opportunities for personal and professional growth through the use of the “power of the invite and flashlight”

This outcomes acceleration workshop seeks to overcome these typical weaknesses by describing how to shift from compliance-driven to performance-driven management of risk. Drawing on decades of practical, proven experience, managing risk to business performance objectives is more efficient and effective in achieving results. To simplify the process of managing risk and empower risk managers to provide more business value, the approach features the 5+2 Step Cycle for Managing Risk.

Level: Intermediate, 16 CPE

Click here for registration and information.

 

Auditing Network Security

May 1 - 3, 2017 
The Lofts at Prince, 177 Prince Street, New York, NY
During the 3 day Auditing Network Security course, participants will learn how to audit the key systems identified on a network. Networks need to be fortified to defend against threats such as APTs.  Students will learn how to audit key network components including routers, switches, firewalls, IDS/IPS and wireless networks. Students will also look at the risks to a network when introducing cloud computing solutions. Host based protections including endpoint protection, advanced malware protection, application whitelisting, data loss prevention and vulnerability scanning will also be investigated. The tools and techniques to audit such systems are discussed and utilized during hands-on exercises.  Students are required to bring a laptop.   

Intended audience: Internal Auditors, IT Specialist Auditors, IT Auditors, IT Audit Managers, Information System Auditors, Information Technology Auditors, Information Security Officers 

Level: Intermediate, 21 CPE

Click here for registration and information.

 

Modern Techniques for Risk Assessment

May 18, 2017
The Lofts at Prince, 177 Prince Street, New York, NY
The antiquated formula Risk = Impact x Probability is unprovable and unworkable.  In this one-day seminar participants learn why that formula is incorrect and which other techniques that are being used by advanced risk practitioners are more applicable to contemporary enterprises.  These methods will make the determination of risk align with both reality and expectation.  They make the concept of risk a meaningful determinant for management decision making.

Intended audience: Internal and External Auditors, Risk Managers, Security Professionals, Business Managers, Financial Executives, Legal Counsel

Learning objectives: Participants in this seminar will learn:

  • Why the commonly used formula fails
  • Which techniques provide greater insight of operational and financial risk
  • The standards that apply risk assessment
  • The tools and techniques that can be rapidly put in place in large and small businesses
  • How to interpret risk assessment results
  • Methods for portraying risk to aid management decision making 

Level: Intermediate, 8 CPE

Click here for registration and information.

 

Auditing Unix/Linux

June 14 - 15, 2017
The Lofts at Prince, 177 Prince Street, New York, NY
During this two day course, students will learn about the security issues that should be considered when conducting a UNIX/Linux audit. Students will understand how to identify and mitigate risks that affect UNIX/Linux operating systems. Hands-on exercises will be conducted to ensure that students have the opportunity to apply the concepts presented, as well as obtain hands-on experience with a UNIX/Linux systems. Multiple tools and techniques for conducting UNIX/Linux audits will be presented. 

Intended audience: Internal Auditors, IT Specialist Auditors, IT Auditors, IT Audit Managers, Information System Auditors, Information Technology Auditors, Information Security Officers 

Level: Intermediate, 14 CPE

Click here for registration and information.