Audit and Assurance

Expand all | Collapse all

Help needed to find a good training course in IT Controls

  • 1.  Help needed to find a good training course in IT Controls

    Posted 28 Jan, 2020 01:56

    Hi

    First of all I want to apologies if I'm in the wrong forum.

    But I need help to find some good training course in IT Controls.

    I'm a cyber security specialist in the financial sector. And we want to improve our it-controls.

    The course/training must contain:

    • 1st and 2nd line controls
    • Controls related to risk. Our risk model is the Bowtie
    • Control type: Preventive, Corrective and response/recover controls
    • Control area: Technical, Governance, Process, People
    • Verification and effect of the controls

    Can some of you guide me in some direction. I find that my friend google can't help me this time

    Thanks



    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------


  • 2.  RE: Help needed to find a good training course in IT Controls

    Posted 28 Jan, 2020 02:19
    Consider a cobit 2019 foundation course, should be a very good start In it controls universe

    Sent from my iPhone




  • 3.  RE: Help needed to find a good training course in IT Controls

    Posted 28 Jan, 2020 03:20

    Hi Alessandro, thanks for your quick reply. :-) I do already have COBIT Foundation knowledge. ​

    I have been working with basic it-controls in about 20 years. What I'm searching for is bringing internal controls to the "next level", some "next level control frame work" with the elements mentioned before.

    We are using a GRC tool to manage those internal it-controls, with integrated 1st and 2nd line audits/tests to validate their effectiveness and so on. But I can't find one single training that is giving ideas to the overall framework, and also practical implementation.

     

    Regards

    Soren



    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------



  • 4.  RE: Help needed to find a good training course in IT Controls

    Posted 28 Jan, 2020 03:53
    Other good reference is gtag from iia international, maybe fulfill some of your needs related to the it control structures... hope it helps 






  • 5.  RE: Help needed to find a good training course in IT Controls

    Posted 29 Jan, 2020 00:18

    This is very interesting reading. :-)

    I will have a look at it.

    Seems that they have the most of the metadata I use around it controls. J When reading it I also hope to find something about 1st line operational tests and 2nd line (our IT-security department) verification tests to measure the effectiveness of the control. Besides reading I hope somebody can help me finding some "very Deep dive training" about controls in 1st and 2nd line. I also have to get some CPE this year ;-) Thanks



    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------



  • 6.  RE: Help needed to find a good training course in IT Controls

    Posted 28 Jan, 2020 18:50
    Hi Soren,

    I recommend you attend monthly ISACA chapter meetings in your area.  The chapter meetings will have various topics.  I also suggest the annual ISACA training or upcoming training in Los Angeles, CA or Miami, FL.

    https://next.isaca.org/training-and-events/in-person-training/training-weeks/advancing-your-it-auditing-skills?icid=bani_2002969&Appeal=bani

    ------------------------------
    Sal Rodriguez
    Director of Internal Audit
    CISA, CIA, CRMA, CCSA, CGAP, CICA, MBA, MS
    ------------------------------



  • 7.  RE: Help needed to find a good training course in IT Controls

    Posted 29 Jan, 2020 00:33

    Hi Salvador, Thanks for your tip. The annual ISACA training looks interesting. :-)

    But I'm not sure that we have the budget to get there from Denmark. It's pretty expensive in total.

    Do you think the conference is more related to 3nd-line (Internal auditors) than I in the 2nd-line? Or could I get benefits participating?

    Unfortunately I haven't heard about anybody in the local area that have that deep dive control knowledge I'm looking after.

    Thanks Again



    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------



  • 8.  RE: Help needed to find a good training course in IT Controls

    Posted 30 Jan, 2020 11:38
    Greetings Soren,

    I advocated to get you to Los Angeles, California or Miami, FL.  :)
    ISACA has upcoming conference in Finland with 32 CPEs.   Please share your training needs.

    28 – 30 October 2020 | Helsinki, Finland


    https://next.isaca.org/conferences/euro-cacs-csx-2020

    Please go to the Knowledge Center as part of your membership.  There is a section titled "IS Audit Basics".

    http://www.isaca.org/Knowledge-Center/ITAF-IS-Assurance-Audit-/Pages/is-audit-basics.aspx



    Thank you,
    Salvador

    ------------------------------
    Sal Rodriguez
    Director of Internal Audit
    CISA, CIA, CRMA, CCSA, CGAP, CICA, MBA, MS
    ------------------------------



  • 9.  RE: Help needed to find a good training course in IT Controls

    Posted 31 Jan, 2020 02:41
    Hello Soren,

    I understand that travel costs are too high an top of it you will have to spend on accommodation. I think you may be benefited from the ISACA online training courses. https://next.isaca.org/education/ontraining/lms_cca2019

    I hope it would be of use to you.

    Best regards

    Nalin


    ------------------------------
    Nalin Wijetilleke MBA, CISA, CGEIT, FBCI, PMP, CMC
    2019 Online Forum Topic Leader
    Managing Director, ContinuityNZ Ltd.
    ------------------------------



  • 10.  RE: Help needed to find a good training course in IT Controls

    Posted 03 Feb, 2020 03:52
    ​Thanks Nalin, I think I will try that CISA online course, although I don't think they go in my direction on all my requirements, but when I combine this with some other course or seminar I think it will help me in the right direction

    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------



  • 11.  RE: Help needed to find a good training course in IT Controls

    Posted 03 Feb, 2020 04:21

    You are most welcome, Soren!

     

    Best regards!

     

    Nalin

     






  • 12.  RE: Help needed to find a good training course in IT Controls

    Posted 06 Feb, 2020 09:10

    I Have just committed me to the CISA Online Review Course. I'm looking forward to go through that. Still searching for the right Course/seminar conference where I can get deep dive learning about:

      • Building a good control framework.
      • Setting controls for 1st and 2nd line
      • Related controls to risk. Our risk model is the Bowtie
      • Using control classifications like: Preventive, Corrective and response/recover controls
      • Control area: Technical, Governance, Process, People
      • Learning the best way to verify the effectiveness og the controls via control tests…


    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------



  • 13.  RE: Help needed to find a good training course in IT Controls

    Posted 02 Feb, 2020 22:17
    Soren,

    Another option might be the virtual training that MISti offers - they're based out of Chicago, Illinois, USA - however some of their training is offered virtually with the on-site class.  The time different may mean that you will have to attend in the afternoon and into the evenings, but they have some very technical courses available.  I took a 4 day virtual course in network and it was very detailed.


    ------------------------------
    Maureen Niemiec
    Vice President, Internal Audit - IT / BSA/AML, Retail Banking
    ------------------------------



  • 14.  RE: Help needed to find a good training course in IT Controls

    Posted 03 Feb, 2020 03:49
    Thanks Maureen, I have just sent them an email to see if they can recommend a course with my Deep dive requirements :-)​

    ------------------------------
    Soren Germansen
    Information Security GRC Specialist
    ------------------------------