Home About
Services
Consulting and Expertise Security Management Security Governance Business Continuity Security Awareness
Training
Cybersecurity
Information Security
ISO 27001: Foundation ISO 27001: Certified Lead Implementer ISO 27001: Certified Lead Auditor ISO 27005: Certified Risk Manager ISO 27005: Certified Risk Manager + Méthode EBIOS ISO/IEC 27035 Lead Incident Manager CISO
Cybersecurity Management
Lead Cybersecurity Manager Certified Lead Pen Test Professional Certified of Cloud Security Knowledge
Technical Cybersecurity
Lead Cybersecurity Manager Certified Ethical Hacker v10 Analyse inforensique avancée et réponse aux incidents
Continuity, Resilience, and Recovery
ISO/IEC 22301 Certified Lead Auditor ISO/IEC 22301 Certified Lead Implementer
AI and Digital Transformation
ISO 42001 Lead Implementer
Governance, Risk, and Compliance (GRC)
ISO 31000: Certified Risk Management
Quality, Health, Safety, and Sustainability
ISO 9001 Certified Lead Implementer ISO 9001 Certified Lead Auditor
FORENSICS
Computer Hacking Forensic Investigator v9 Advanced Forensic Analysis and Incident Response Mobile Device Forensics
SECURITE OFFENSIVE - ETHICAL HACKING
Sensibilisation à la cybersécurité Hacking & Sécurité: Les Fondamentaux Hacking & Sécurité : Avancé Hacking & Sécurité: Expert Test d'intrusion: Mise en situation d'audit Audit de site Web Social Engineering et contre-mesures Mener un audit de sécurité: méthode d'audit d'un SI Certified Web Application Security Pentester Python pour le Pentest Exploitation avancée avec Metasploit Certified of Cloud Security Knowledge Intelligent Android Application Testing
SECURITE DEFENSIVE
Sensibilisation à la sécurité des appareils Android Sécurisation Linux Sécurisation Windows Sécurisation des Réseaux Veille technologique Sécurité Mise en place d'un SIEM Développement sécurisé pour le Web: session Python Développement sécurisé pour le Web: session PHP
Others
Certified Information Systems Auditor Certified Information Systems Security Professional Certified Data Protection Officer Certified Information Security Manager ISO/IEC 27032 Certified Cybersecurity Manager ISO/IEC 27034 Certified Lead Auditor ISO/IEC 27034 Certified Lead Implementer ISO/IEC 27035 Lead Incident Manager ISA 62443 Lead Implementer TISAX
Team Contact

Langue

FR EN AR
Home / Training / Conducting a Security Audit: IT Audit Methodology

Conducting a Security Audit: IT Audit Methodology

Master the methodologies, tools, and best practices for auditing the security of an information system.

Offensive
Pentesting
IT Audit

Objective

Today, to ensure a sufficient level of protection across your entire infrastructure, it is essential to conduct audits. This course aims to illustrate all methods for testing systems with known attacks. Conducting an audit involves rules and limitations that need to be understood. This training describes the different audit methodologies and their specific characteristics. It also presents the essential tools and practical exercises to understand and know how to use them.

Specific Objectives:

  • Clearly define an audit and know the existing methods
  • Understand the rules and commitments of an audit and its limitations
  • Learn about recognized methodologies

Prerequisites

  • HSF/HSA course level
  • Knowledge of Linux and Windows systems

General Information

  • Code: AUDSI
  • Duration: 3 days
  • Schedule: 8:30 AM - 5:30 PM
  • Location: 4-star hotel, Tunis

Target Audience

  • Security consultants
  • Developers
  • Engineers / Technicians

Resources

  • Course materials
  • 40% demonstration
  • 40% theory
  • 20% practical exercises

Training Program

  • Day 1
    • Introduction to penetration testing
    • Definition of penetration testing
    • The importance of penetration testing
    • The phases of a penetration test
    • Reconnaissance
    • Vulnerability analysis
    • Exploitation
    • Gaining and maintaining access
    • Reporting and test completion
    • Rules and commitments
    • Technical scope of the audit
    • Auditor's responsibilities
    • Common constraints
    • Legislation: Legal articles
    • Usual precautions
    • Types of penetration tests
    • External
    • Internal
    • Methodology
    • Utility of methodology
    • Audit methods
    • Recognized methodologies
    • Particularities of the audit
    • of classic infrastructure
    • of SCADA infrastructure
    • web
    • code review
  • Day 2
    • Configuration audit tools (SCAP, checklists, etc.)
    • Code audit tools
    • Code analysis tools
    • Static analysis tools
    • Dynamic analysis tools
    • Information gathering tools
    • Information gathering
    • Open sources
    • Active
    • Scanning
    • Port scanning
    • Vulnerability scanning
    • Attack tools
    • Network tools
    • System analysis tools
    • Web analysis tools
    • Exploitation frameworks
    • Access maintenance tools
  • Day 3
    • Case study
    • Applying methodology and tools to a real-world case
    • Deliverables
    • Risk assessment
    • Impact, likelihood, and criticality of a vulnerability
    • Organizing the report
    • Additional services to propose

Contact our experts for additional information, free audit studies, and cost estimates.

Information security is essential for any organization that needs to protect and enhance its information assets.

Contact Us