MC-34, CLIENT/SERVER CONTROL & AUDIT

LOCATION/DATES: • Phoenix: November 13-14, 1998

COURSE FEE: $795

BACKGROUND

Client/server (C/S) architectures has seen the fastest growth IT technology in organizations worldwide. C/S technology is in a state of continuous flux in concept, capabilities and vendors. This will have a significant impact on the firm's operations and on the work of auditors and security professionals. C/S will change the way that businesses operate and will consequently bring up new features that must be harnessed early to protect the organization.

SEMINAR OBJECTIVES

1. Describe basic and advanced forms of client/server architectures

2. Analyze the main threats and exposures and the audit and control challenges of operating in a C/S environment and the impact on the organizations' effectiveness and efficiency as an empowering tool in business reengineering

3. Describe the audit and control characteristics of interest to auditors

4. Discuss controls for the C/S environment and the audit approaches that the auditor should consider when auditing in a C/S environment to assist management in sound C/S implementation.

COURSE OUTLINE

1. CLIENT/SERVER ARCHITECTURES - BACKGROUND

2. TECHNICAL, CONTROL AND AUDIT CHARACTERISTICS OF C/S

3. MAJOR THREATS AND POTENTIAL EXPOSURES

• Client and server splits,. Multi-level security environments threats

• Distribution and dispersion of mission critical data

• Dissemination of dispersed data

• Loss, destruction, alteration and theft of dispersed data

• Backup and recovery

• Miscellany of vendor products, concepts and product stability, etc.

4. CONTROLS FOR CLIENT/SERVER SYSTEMS

• Control zones and control points for C/S basic client/server architectures

• Control zones for complex, multi-platform C/S architectures

• Control objectives for C/S control zones/points (workstations, communications, connectivity, client-side, server side, server database, server software, vendors, etc.)

• Multi-platform and complex client/server environment and additional control points. Mainframe server controls

5. AUDIT APPROACHES FOR CLIENT/SERVER SYSTEMS

• Audit strategy and audit involvement postures

• Audit evidence, audit trails

• Audit and test approaches - Controls review vs. testing of C/S controls • Recommendations for management to harness C/S

This is the only course available on client/server specifically directed to internal controls and security. Participants should acquire the proprietary manual MAP-34 "Control, Audit & Security of Client/Server Systems", which will be used in class, at the special price of $115 instead of the list price of $175. See description of MAP-34 IN MASP PUBLICATIONS SECTION.
-------------------