The Computer Society of Kenya Presents:

I.T Security Management and

Cyber Audit Workshop

Date: 18th -22nd November 2024

Venue: Travellers Beach Hotel, Mombasa
Organized by:
The Computer Society of Kenya
Nairobi
(NITA REGISTRATION NUMBER FOR TRAINING REFUNDS: NITA/TRN/945)
Event phone contacts: 0727322854, 0722395900
Email: [email protected] cc [email protected]
Course Description:

Management and boards continue to recognize the importance of effectively managing

information technology (IT) assets ― to meet business objectives and to thoughtfully manage IT
related business risks. This course examines the key principles related to auditing information
technology processes and related controls and is designed to meet the increasing needs of audit,
compliance, security and risk management professionals.

Course Objectives:

Through the application of COBIT® and other similar governance frameworks, attendees will
develop a common vocabulary for understanding sources of IT risk and performing an IT audit.
Participants will further gain hands-on experience in analyzing and assessing IT risks and controls
through various case studies, and discussions. The primary objectives of the course are to:

 Establish an understanding of the IT environment and the role of the IT auditor,

 Recognize how corporate and IT governance practices impact the IT audit process,
 Develop an understanding of the IT audit process i.e., risk assessment, planning,
standards, guidelines and best practices, and
 Survey IT audit approaches to:  Systems development and maintenance,  IT security, 
IT service delivery and support,  Business continuity and disaster recovery, and  Data
analytics and fraud detection

CSK Certificate of Attendance, 60 CPD points for delegates who attend and complete the course.

Who Should Attend?

 IT Staff, CIOs, IT Managers/Directors

 Auditors and ICT professionals

 Information Security experts

 Professionals seeking to manage a ICT Audit program

 Individuals responsible to develop a ICT Policy

 IT specialists

 Information Technology expert advisors

 Security Staff

 IT professionals looking to enhance their technical skills and knowledge

 I.T SECURITY & CYBER AUDIT

Application Access Controls Network Access Controls

☐ User accounts provisioned ☐ Firewall for remote access

☐ Access levels modifiable, user privileges limitedto ☐ IDS for remote access
job function ☐ IPS for remote access
☐ Periodical access reviews scheduled ☐ VPN for remote access
☐ Password complexity requirement ☐ MFA for remote access
☐ Admin activity monitored

Physical Security Controls

Database Access Controls
☐ Physical perimeter protections
☐ Locks
☐ Database admin accounts controlled
☐ Badge access
☐ Admin activity monitored
☐ Battery backup up
☐ Application access to database restricted
☐ Generators

Operating System Access

Controls
Anti Malware Controls
☐ System installation checklists or images used
☐ Security and event logs enabled ☐ Anti-virus software
☐ Unnecessary services turned off ☐ Gateway filtering
☐ Browser protections

Virtual Access Controls

☐ Access to hypervisors restricted
☐ Periodical access reviews
☐ Password complexity requirement
☐ Secure configuration guide
Vulnerability Management Controls
☐ Scanning and remediation for vulnerabilities
☐ Patch management program
 I.T SECURITY & CYBER AUDIT
Software Development Controls
☐ Software development lifecycle established
☐ Secure coding and web app firewall/security
testing
Change Management Controls
☐ Process for change management instated
☐ Inventory of IT assets
Disaster Recovery Controls
☐ Backups for systems and data
☐ Disaster recovery plan established and
regularly tested
☐ Business impact analysis plan established and
regularly tested
Vendor Management Controls
☐ Security clauses included in contracts
☐ SLA’s are monitored
☐ Vendor incident notifications sent to
organizations
Incident Management Controls
☐ Incident response plan instated and
regularly tested
User Awareness Controls
☐ Users trained on security
☐ Background checks for new employees
☐ Duties separated and documented
☐ Security logs collected and reviewed
Data Protection Controls
☐ Encryption in transit and at rest
☐ Data classification
☐ Usb restrictions in place
☐ Removal of data from storage media
Asset Management Controls
☐ Hardware and software inventoried
☐ Installation of unauthorized software, utility
and audit tools prohibited
☐ System capacity and performance monitored
Security Program Controls
☐ Risk assessments regularly performed
regularly
☐ Risks mitigated to acceptable levels
☐ Information security policies approved and in place
☐ Periodical independent audits performed
 I.T Security Management and Cyber Audit Workshop
18th -22nd November 2024. Travellers Beach Hotel, Mombasa.
Registration Form
Workshop fee per person in Ksh.
CSK Members -70,000+16% VAT
Non CSK Members-80,000+16%VAT

Please contact the office for quotation on discounted group accommodation rates in case you
wish to stay at the venue hotel.

Attendee Names

We need the names of attendees prior to the workshop.

 ………………………………………………………………………………

 ………………………………………………………………………………

 ………………………………………………………………………………

 ………………………………………………………………………………

Organization: ……………………………………………………………………

Mobile NO: .…………………Office Tel: …………………………………..

Email: ….…………………………………………………………………………
Payment Information:
Cheque No: / EFT / ….…………………..…….
Event Contacts: 0727322854/0722395900

Email this form to: [email protected] cc [email protected] M