Course description
Securing and Auditing Your Application Software Infrastructure HANDS-ON - ASG232
The course focus is the software infrastructure controls used to design, operate, and secure distributed business applications. The course covers major threats, risks, best practice controls of distributed configuration systems, checklists, security concerns and tools to understand the intricacies of logical access controls.
Do you work at this company and want to update this page?
Is there out-of-date information about your company or courses published here? Fill out this form to get in touch with us.
Who should attend?
Internal and external IT auditors performing general controls and application audits. IT Security and compliance professionals needing to perform technical software security audits and risk assessments.
Prerequisites
- Intermediate IT Audit (ITG241)
- CISSP
- CISA or equivalent knowledge of or experience, especially in the area of logical access controls
Training content
You will learn about software infrastructure and security essentials, risks to distributed applications, security policies, log management, Unix/Linux essentials, how to collect audit data, and how to prepare audit programs.
Objectives
Software Infrastructure Essentials:
- logical access control objectives and audit targets for distributed applications
- defining and documenting distributed application software architectures: computing models, middleware concepts, software building blocks and infrastructures
- risks to distributed applications
- auditing TCP/IP application security
- auditing file sharing protocols
Securing and Auditing Operating Systems and Other System Software:
- defining types and roles of different types of system software
- software and user privileged authority risk, safeguards, and audit procedures
- fundamental security controls for operating systems and other system software components
- collecting audit data from server operating systems
- virtualization (hypervisor) security and audit
Securing and Auditing Windows Server/Active Directory:
- windows server architecture
- windows user accounts and groups
- windows security policies
- windows access authorization and privileged authority
- windows system software security
- windows security audit (event) log management
- windows server best practice security checklist
Securing and Auditing Unix/Linux Systems:
- surveying the Unix/Linux landscape
- Unix system policies and configuration
- Unix user identification and authentication
- Unix file system data protection
- Unix system software security
- Unix security audit (event) log management
- Unix/Linux server best practice security checklist
Securing and Auditing Database Management Systems:
- Database Management Systems (DBMS) terminology
- Structured Query Language (SQL) concepts and targets
- security risks associated with DBMS systems
- DBMS security safeguards
- DBMS audit data collection and analysis
- DBMS best practice security checklists
Testing the Security of Your Web Storefront:
- web application architectures–building blocks and control points
- web application technology security risks
- discovering, enumerating and vulnerability testing for web applications
Certification / Credits
Completion of this course is worth 40 CPE Credits
ACI Learning
At ACI Learning, we train leaders in Cybersecurity, Audit, and Information Technology. Whether you're starting your IT career, mastering your profession, or developing your team, we're with you every step of the way. We believe that training is not a...