SPE-40/ Corporate IT Security Auditing / Audit et Sécurité Informatique en Entreprise

3-Day Intensive Course for Security and IT Professionals

3 Intense Days
7 Hours per Day (Split into two 3.5-hour sessions)

Learning Path Visual

Your hands-on journey from audit preparation to executive-level remediation:

Day 1: Foundations of IT Security Auditing
Learn the audit lifecycle, risk frameworks, and compliance requirements. Set up your auditing environment and plan a full-scope strategy across cloud and on-prem systems.

Day 2: Technical Assessment & Evidence Gathering
Use real tools to analyze logs, scan for vulnerabilities, evaluate access controls, and gather forensic-quality evidence for internal systems and third-party audits.

Day 3: Reporting, Frameworks & Remediation Strategy
Turn technical findings into stakeholder-ready reports. Map audit results to compliance standards (ISO 27001, NIST, CIS) and build structured, risk-aligned remediation plans.

Course Overview

Security isn’t just about tools — it’s about accountability. This workshop equips IT professionals to conduct end-to-end security audits using proven frameworks, enterprise tools, and actionable methodologies.

You’ll learn to uncover vulnerabilities, document risks, and guide your organization from exposure to assurance — with clear reporting and roadmap-building skills that bridge technical and executive needs.

You’ll learn how to:

• Plan and scope full-cycle security audits across hybrid infrastructure

• Use auditing tools for scanning, log analysis, access auditing, and misconfiguration checks

• Map audit findings to industry standards (ISO 27001, NIST 800-53, CIS Controls)

• Collect defensible, traceable evidence for internal and third-party audits

• Write audit reports with technical and non-technical stakeholders in mind

• Build remediation plans that align with business risk and compliance timelines

• Maintain continuous audit readiness using automation and secure documentation practices

This course bridges technical assessment, governance frameworks, and executive reporting — empowering security teams to own the audit process.

What’s Inside Each Day

Day 1 — Foundations of IT Security Auditing

• Define audit scope, roles, and methodology

• Review audit types: internal, third-party, system-specific

• Explore risk frameworks: ISO, NIST, OWASP ASVS, MITRE ATT&CK

• Understand compliance contexts: GDPR, SOX, HIPAA, PCI-DSS

• Set up audit environments and data collection systems

• Align audit planning with business and regulatory priorities

Tools: MITRE ATT&CK, OWASP ASVS, CIS Benchmarks, AuditBoard templates
Focus: Audit Planning • Risk Mapping • Governance Setup

Day 2 — Technical Assessment & Evidence Gathering

• Vulnerability scanning: Nessus, OpenVAS, Qualys

• Log auditing and analysis (Windows, Linux, Syslog, ELK)

• Access reviews: IAM auditing, AD configuration checks

• Cloud auditing: AWS Config, Azure Defender, GCP Security Command Center

• Secure evidence collection and chain-of-custody workflows

• Create audit trails, snapshots, and time-stamped event logs

Tools: Nessus, OpenVAS, Splunk, ELK, Auditd, AWS Config, Azure Security Center
Focus: Scanning • Access & Log Analysis • Cloud Exposure Review

Day 3 — Reporting, Frameworks & Remediation Strategy

• Audit report writing: technical vs. executive formats

• Map findings to ISO 27001, NIST 800-53, and CIS Controls

• Prioritize risk with impact vs. exploitability frameworks

• Communicate results via dashboards, risk matrices, and summaries

• Design remediation paths: ownership, budget, scheduling

• Launch continuous audit readiness pipelines

Tools: Power BI, Jira, ISO/NIST templates, FastTrack audit worksheets
Focus: Reporting • Remediation Planning • Continuous Assurance

Course Goals

By the end of this course, you’ll be able to:

• Scope, execute, and document corporate security audits

• Assess infrastructure across systems, cloud, and access layers

• Use enterprise tools to gather and analyze audit evidence

• Align findings with compliance standards and risk frameworks

• Communicate clearly with both technical and business stakeholders

• Build structured remediation plans with lasting impact

• Prepare your organization for internal, regulatory, and vendor audits

Who Should Take This Course?

• IT auditors developing technical depth

• Security analysts performing risk and compliance reviews

• System administrators responsible for configuration and access control

• Cloud and DevSecOps teams building audit-ready environments

• Compliance officers needing visibility into technical exposure

• CISOs and tech leads standardizing security assurance across teams

Class Reference: SPE-40
Form Updated on: 06/16/2025 (Version 1)
Last Modified on: 06/16/2025

Program Note

This course is actively updated with the latest auditing tools, cloud service features, and compliance standards (including ISO 27001:2022, NIST CSF 2.0, and evolving EU/US data protection regulations).

Links to resources for presentations or summaries:

PRIVACY

Cyber Security Minute | NEWS10 ABCHow to Anonymize Everything You Do Online | WIRED
Hacker Lexicon: What Is Perfect Forward Secrecy? | WIRED Wanna Protect Your Online Privacy? Open a Tab and Make Some Noise | WIRED
Fundamentals of Information Systems Security – Wikibooks, open books for an open world

HIGH PROFILE CASES

Election cyberattack proves people are still the biggest flaw
Inside the Hunt for Russia’s Most Notorious Hacker | WIRED
Did the Russians “hack” the election? A look at the established facts | Ars Technica
The Perfect Weapon: How Russian Cyberpower Invaded the U.S. – The New York Times
Inside the OPM Hack, The Cyberattack that Shocked the US Government | WIRED
What’s Up With The Internet Today? Websites Lag, Don’t Load For Many In U.S. : The Two-Way : NPR
24 cyber criminals arrested in Europol operation

GENERAL ENTREPRISE CYBER SECURITY

What is shadow IT (shadow information technology)? – Definition from WhatIs.com
Election cyberattack proves people are still the biggest flaw
What is ITSM (IT Service Management)? – Definition from WhatIs.com
What is security information and event management (SIEM)? – Definition from WhatIs.com
What is security information management (SIM)? – Definition from WhatIs.com
VPNs And Privacy: Using Virtual Private Networks May Put Your Data At Risk : All Tech Considered : NPR
SANS Institute: Reading Room
Nearly a third of malware attacks are zero-day exploits
Wireshark · Go Deep.
How it Works: Cybersecurity – YouTube
Cybersecurity: Crash Course Computer Science #31 – YouTube
The steps to effective cybersecurity incident response
Tabletop cybersecurity exercises essential to infosec training
Content / Special Publications – SP 800 series / NIST SP 800-37 Guide for the Security Certification and Accreditation of Federal Information Systems – NIST IT Security

CLOUD SECURITY (see more in cloud computing class section)

A framework for evaluating cloud computing risk
Technical Communities Overview – Open Networking Foundation
Web application and API security trends and threats – O’Reilly Media

INTRUSION DETECTION

What is advanced persistent threat (APT)? – Definition from WhatIs.com
What is software-defined perimeter (SDP)? – Definition from WhatIs.com
Why signature-based detection isn’t enough for enterprises
Identifying the warning signs of network intrusions
Four handy botnet detection techniques and tools: A tutorial
Insider threat detection tools that sniff out dangers from within
What is network behavior anomaly detection (NBAD)? – Definition from WhatIs.com
How to hone an effective vulnerability management program
Cybersecurity checklist a strategy tool for increasing attack costs
What is zero-day exploit? – Definition from WhatIs.com
Thank you for Downloading all 20 CIS Controls
Five traits employers should look for when hiring cyber security professionals – TechRepublic

TOOLS

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution
Metasploit | Kali Linux
LAN Turtle by Hak5
BackTrack Linux – Penetration Testing Distribution
Cyberinsurance: Assessing risks and defining policies
VirusTotal – Free Online Virus, Malware and URL ScannerMachine Learning and Cyber Security Resources
Insider threat detection tools that sniff out dangers from within
Downloading Junkware Removal Tool
SANS Information Security Training | Cyber Certifications | Research
How does AWS Directory Service offer security benefits?
IDS on a budget of…well…0$ – IT Security – Spiceworks
Intrusion detection systems – SecTools Top Network Security Tools
IDS, IPS and UTM – What’s the Difference? | AlienVault
Passive Recon – Nine must-have OSINT tools<
Download | SimpleRisk
Open Networking Technical Communities, Corporate Memberships

Brief pédagogique en français

SPE-40/ Corporate IT Security Auditing / Audit et Sécurité Informatique en Entreprise est présenté ici en version synthétique française afin que les équipes pédagogiques puissent évaluer rapidement l'intérêt du module.

Le module s'inscrit dans la famille Technologie numérique. Il peut être adapté au calendrier de l'école, au niveau Tous niveaux, au volume horaire 3 jours et aux modalités d'évaluation prévues.

Objectif d'intervention

Ce module vise à donner aux étudiants le langage et les repères nécessaires pour expliquer des systèmes IT.

Livrables et activités possibles

• description de systèmes, incidents, risques ou architectures
• dialogues de support, reporting technique et documentation courte
• présentations ou dossiers alignés avec le niveau de la promotion

Adaptation école

LC peut ajuster le déroulé, la langue d'enseignement, les supports, les exercices et les critères d'évaluation selon la promotion, le diplôme, le niveau d'autonomie attendu et les contraintes de planning.

Pour une version détaillée du syllabus en français, LC confirme le programme final après cadrage du niveau, des heures, du calendrier et des livrables attendus.