•    Module 1: IT Compliance
•    Module 2: IT Risk Mgmt.
With a detailed methodology of technically based, professional IT audit skills that lead to compliance, this course provides a comprehensive roadmap, enabling the staff charged with preparing for and/or conducting an IT audit to create a sound framework, allowing them to meet the challenges of compliance in a way that aligns with both business and technical needs. This roadmap provides a way of interpreting complex, often confusing, compliance requirements within the larger scope of an organization's overall needs.

• The ultimate roadmap for making an effective security policy and controls that enable monitoring and testing against them
• The most comprehensive IT compliance template available, giving detailed information on testing all your IT security, policy and governance requirements
• A guide to meeting the minimum standard, whether you are planning to meet ISO 27001, PCI-DSS, HIPAA, FISCAM, COBIT or any other IT compliance or standards requirements
• Both technical staff responsible for securing and auditing information systems, as well as auditors who wish to demonstrate their technical expertise will gain the knowledge, skills and abilities to apply basic risk analysis techniques and to conduct a technical audit of essential information systems
• This technically based, practical map to information systems audit and assessment will show how the process can be used to meet myriad compliance issues

Key Topics (based largely on the IT Compliance Handbook):

• Introduction to IT Compliance
• Information System Auditing
• IS/IT Audit Programs
• Planning the Audit
• Information Gathering
• Security Policy
• Security Awareness and Knowledge
• Information Systems Legislation
• Operations Security

Module 2: IT Risk Management (based largely on NIST best practices)

• Introduction to Risk Management
• Risk Assessment

• System Characterization
• Threat Identification
• Vulnerability Identification
• Control Analysis
• Likelihood Determination
• Impact Analysis
• Risk Determination
• Control Recommendations
• Results Documentation

• Risk Mitigation

• Risk Mitigation Options
• Risk Mitigation Strategy
• Approach for Control Implementation
• Control Categories
• Cost-Benefit Analysis
• Residual Risk

• Evaluation and Assessment

• Good Security Practice
• Keys for Success

• Risk Assessment Reporting

Part B: Managing Risk from IT

• Purpose
• Applicability

• Fundamentals

• Organization wide Perspective
• Risk-based Protection Strategies
• Trustworthiness of Information Systems
• Establishing Trust Relationships Among Organizations
• Managing Risk from Supply Chains
• Strategic Planning Considerations

• Process

• Risk Management Framework
• Categorizing Information and Information Systems
• Selecting Security Controls
• Implementing Security Controls
• Assessing Security Controls
• Authorizing Organizational Information Systems
• Monitoring Security State of the Organization

• Managing Risks within Life Cycle Processes

• Introduction to IT/business governance

• Defining enterprise governance, business and IT governance
• Purpose and scope of IT governance
• Linking the role of the CEO to creating an effective governance and compliance environment
• Overview of the integrated IT governance framework
• Steps in making IT governance achievable and real

• Overview of comprehensive IT governance framework and related industry best practice frameworks

• Limitations to existing models, standards and frameworks
• Integrated IT governance framework and roadmap
• Overview of models, frameworks and standards including: COSO, ITIL, PMBOK®, PRINCE2, Six Sigma® and Lean, COBIT®, ISO/IEC 20000, ISO 17799 and many more

• Business and IT alignment, strategic/operating planning and portfolio investment management excellence

• IT alignment governance process
• Principles of aligning IT to the business more effectively
• Setting a direction for improved alignment through planning related processes
• Strategic IT investment portfolio alternatives
• IT engagement and relationship model and roles

• Principles for managing successful organizational change and developing high performance teams

• Framework for managing accelerating change
• Organizing for the IT governance initiative
• World class leadership principles and practices
• Principles for creating and sustaining high performance teams

• Program and project management excellence

• Trends in program and project management
• Causes of program/project failures and challenges and how to overcome them
• Principles for achieving excellence in program/project management
• Making the choice – program and project management light or complex
• Program and project governance excellence

• IT Service Management (ITSM) excellence

• Principles for achieving IT Service Management excellence
• Introduction to ITIL
• ITIL frameworks, certifications and qualifications
• Major ITIL processes and functions
• Steps in making ITIL real and effective

• Strategic sourcing, outsourcing and vendor management excellence

• Defining strategic sourcing and outsourcing
• Principles and practices for outsourcing excellence
• Vendor selection, contract negotiations and governance process

• Performance management, management controls, risk management, business continuity and enabling technology

• Principles for achieving performance management and control excellence
• COBIT® and key management controls
• Risk assessment, management and mitigation
• Business and IT continuity and protection plan checklist
• Enabling technologies to improve IT governance