Students

The Sarbanes-Oxley (SOX) Act is a United States federal law, passed in 2002, that enacted strict rules for financial reporting and accountability of corporations. It was created with the goal of promoting financial transparency, accuracy, and fairness. While it was initially created to restore consumer trust in accounting practices following a series of financial scandals, this act continues to have a significant impact on corporate governance and financial reporting practices, ensuring all publicly traded companies have controls in place to maintain SOX compliance.

This course is designed to outline ITs critical role in ensuring compliance with the SOX Act. After introducing the students to the basics of IT SOX, this course details how to identify and manage IT risk, as well as implement and test proper IT controls.

Students will be guided through an interactive virtual presentation, where they will be met with knowledge checks along the way. As they progress through a series of modules, the students will gain a deeper understanding of the SOX Act, ITS role in SOX compliance, and how to effectively assess IT controls. At the end of all modules, students will take a final exam to test their knowledge of the subject matter.

Schedule:
Online self-paced training, with progressive and interactive training modules:
• Module 1: Introduction to SOX and IT Audit – This module introduces the Sarbanes-Oxley (SOX) Act and how it relates to IT. Additionally, it provides students with an introduction to IT Audit, which is closely tied to IT SOX compliance.
• Module 2: IT Risk – Risks arising from IT can have a large impact on financial reporting. This module covers some of the potential risks arising from IT, focusing on three core areas: access systems, system change control, and data center and network operations.
• Module 3: Controls and IT Environment - This module outlines the ways that risks are mitigated using internal controls. After reviewing the most frequently utilized control frameworks and types of controls, it takes a deep dive into the components of an IT environment and their functions.
• Module 4: Testing IT Controls – This module covers the various areas to focus on when performing an IT control test. From evaluating a control’s design to its operating effectiveness, students will discover the determining factors of an IT control’s success.
• Module 5: Evaluating Results & Deficiencies - This module outlines the steps to take following a control test, with a focus on identifying, classifying, and addressing deficiencies.
• Module 6: Summary & Key Takeaways: To conclude and prepare students for the case study/exam, this module provides an overview of the key topics and takeaways from the previous 5 modules.

Students can test their knowledge gained through the course with the following:
• Module 7: Case Study: This module contains a practice business case, applying the content covered in the previous modules to a real-world scenario. Students will be required to use the knowledge gained throughout the course to answer a series of questions based on the information provided in the case.
• Final Exam: A 25 multiple-choice question final exam concludes this training

Registration Opens: 10th March '25

Technology Resilience refers to the ability of company to withstand and recover from unexpected technology disruptions, failures, or attacks while maintaining essential business functions. In today’s interconnected and technology-dependent world, Technology Resilience has become an increasingly important topic.

This course is designed to explore Technology Resilience and its related concepts in detail. After introducing the student to the basics of Technology Resilience, it details how organizations can determine their most critical technology requirements. Following this, it details how organizations create Technology Resilience strategies and plans to protect critical technologies in case of a disruption. Lastly, it discusses how organizations conduct exercises to familiarize recovery teams with their plans.

Students will be guided through a series of interactive virtual presentations, where they will be met with knowledge checks along the way. As they progress through each module, the students will gain a deeper understanding of technology resilience and its requirements, governance, strategies, plans, and exercising. At the end of the training, students will walk through a case study and take a final exam to test their knowledge of the subject matter.

Schedule:
A 3-part self-paced training, with progressive and interactive training modules:

Part 1:
• Module 1: Introduction to Resilience and Technology Concepts - This module introduces Technology Resilience and current Technology Resilience trends. Additionally, it provides students with an overview of the Technology Resilience Framework alongside common definitions and related topics.
• Module 2: Technology Resilience Governance: This module explores the role of governance within Technology Resilience. After outlining the activities required to develop Technology Resilience governance, it covers Technology Resilience policy and reporting.
• Module 3: Requirements Analysis (BIA & TIA): This module focuses on how organizations conduct a thorough analysis of their critical business processes, systems, and technologies. After introducing the students to Business Impact Analysis (BIA), this module provides a detailed explanation of the Technology Impact Analysis (TIA) process, which is used to inform the development of Technology Resilience strategies and plans.

Part 2:
• Module 4: Technology Resilience Strategies: This module delves into the strategies and methodologies for designing resilient technology systems and infrastructure. From on-premise and cloud strategies to hybrid strategies that mix the two, this module explains the ways organizations can implement resilience strategies to mitigate potential disruptions.
• Module 5: Technology Resilience Plans: This module covers Technology Resilience plans, which serve as a crucial reference when building a resilient technology infrastructure. After introducing the concept of resilience plans, students will learn about the three main types of Technology Resilience Plans: Infrastructure Recovery Plans, Application Recovery Plans, and Orchestration Plans.
• Module 6: Technology Resilience Testing/Exercising: This module emphasizes the importance of regularly exercising and validating Technology Resilience plans. From tabletop to full exercises, students will learn how each type of exercise plays a critical role in ensuring continued Technology Resilience.

Part 3: Summary and Practice Case Study
• Module 7: Summary & Key Takeaways: To conclude and prepare students for the case study/exam, this module provides an overview of the key topics and takeaways from the previous 6 modules.
• Module 8: Case Study: This module contains a practice business case, applying the content covered in the previous modules to a real-world scenario. Students will be required to use the knowledge gained throughout the course to answer a series of questions based on the information provided in the case.

After reviewing the course material and applying it to the case study, students will test their knowledge of Technology Resilience with the following:
• Final Exam: A 30 multiple-choice question final exam concludes this training.

Registration Opens: 10th April '25

The goal of this course is to build foundational knowledge about the vast amount of Internet of Things (IoT) devices deployed today and what it takes to secure this constellation of network-connected devices inside of an organization. We will start off by discussing the basics of the Internet and progress towards gaining visibility and insights into all of the connected devices inside of a modern enterprise.

This course will be highly interactive and contains 4 hands-on labs for students to gain familiarity with the tools and processes organizations use to tackle this emerging challenge.

Note: The cohort schedule is currently tentative and subject to change.
Registration Opens: 10th May 2025

In this course, you will discover the challenges with conventional, qualitative risk management methods. We will
introduce you to the FAIR Standard and methodology, associated processes, and terminology. You will also learn key
measurement concepts, calibrated estimation methods necessary to conduct quantitative risk analysis in your agency
or department, and best practices to communicate analyses to stakeholders. The learning experience is further solidified by hands-on work on applicable use cases.

Learning Objectives: By the end of the course, participants will be able to:

* Know the FAIR Standard (variables, definitions, relationships, forms of loss, etc.)
* Explain the FAIR risk analysis process
* Properly scope scenarios for analysis
* Use calibrated estimation in quantitative risk analysis
* Map controls to the FAIR Standard to analyze risk mitigation
* Interpret the results of a FAIR analysis and create reports for stakeholders
* Apply their knowledge to case studies based on real-life scenarios

Note: The cohort schedule is currently tentative and subject to change.

Registration Opens: 10th June 2025