THE INSTITUTE OF FINANCE MANAGEMENT

(ESTABLISHED UNDER THE ACT No. 3 OF 1972)

Centre for ICT Research and Innovations (C iRI)

P.O Box 3918, Dar Es Salaam, Tel: +255 - 22- 2112931-3 Fax: 255 - 22- 2112935
www.ifm.ac.tz

WORKSHOP ON ICT SECURITY AUDITING AND RISK MANAGEMENT

ICT security and auditing skills are important for competitiveness in the modern business
environment. They are useful to assist organisations in mitigating vulnerabilities, monitoring and
protecting ICT assets from various threats and risks. More, the introduction of cybercrime and
electronic transaction laws in Tanzania bring an attention to companies and organizations to
safe-guide their ICT assets against cyber-attacks and crimes. Based on these factors and many
others the Institute of Finance Management designed and announce the workshop in ICT
security auditing and risk management to provide participants with knowledge and skills on
effective planning, implementing, monitoring, auditing, documenting and reporting on security
assertions about the organization ICT assets.
Learning Outcomes
At the end of the training, participants are expected to be able to:
Understand the general concept of ICT security.
Apply cryptographic techniques to safe-guide organization ICT assets against cyberattacks and crimes.
Perform penetration testing for the purpose of identifying threats and vulnerabilities in
organization ICT assets and fixing them.
Acquire necessary skills on writing secure codes for internal developed applications.
Perform risk assessment and apply countermeasures.
Prepare ICT security policy, guidelines, standards and procedures.
Prepare security audits reports in alignment with internal or external ICT security
auditing.
Understand the cyber laws and ethics.
Course Contents
ICT security basics i.e CIA, assets, threat model, security attacks etc.
Secure design principles i.e economy of mediation, least privilege, complete mediation
etc
Basics of cryptography i.e symmetric/asymmetric algorithms, digital cert& signatures,
PGP etc
Ethical hacking guideline and penetration testing
Web applications attacks(SQL Injection, XSS, CSRF, sessions hijacking, DDoS etc)
Deployment of honey pots and security firewalls for network security.
Drawbacks of DES protocol in wireless network and exploitation.
Common Internet threats (phishing, Trojan, worms, botnets drive-by-downloads etc)
Security weakest link (passwords, social engineering, dumpster diving, shoulder surfing
etc)
Password cracking & memory based attacks(johnny, metasploit etc)
Electronic mail security.
Source code auditing.
Security auditing and assurance i.e security policies, standard, guideline, baseline and
other applicable standards (ISO 27001,COBIT,PCI_DSS etc)
Risk assessment and security controls.
Cyber law, investigation and ethics
Disaster recovery for business continuity.

Target group
This training is relevant to systems/network analysts, systems/network administrators,
systems/network security analysts, ICT auditors, ICT programmers. It is appropriate to
IT/Computer Science IT practitioners who wishes to join ICT security course in high learning
institutions. The training is also most useful for those intending to sit for CISA, CISM, CISSP,
CEH and ICT security related certification exams.
Training Approach
Delivery approach will be through a series of lectures, practical to gives participants hand-on
skill, group discussions and presentations.
Venue and Dates
Dar es Salaam at IFM main campus from 05/10/2015 to 09/10/2015 Time: 1000hrs to 1600hrs.
Morogoro at Edema hotel from 19/10/2015 to 23/10/2015 Time: 1000hrs to 1600hrs
Zanzibar at Paradise beach hotel from 26/10/2015 to 30/10/2015 Time: 1000hrs to 1600hrs
Fees
A fee of TZS 1,200,000/= will be charged to cover training materials, breakfast, refreshments,
lunch and certificate of participation. Participants will have to arrange for their own lodge.
We kindly request you to deposit the fees to The Rector IFM, through Acc. no 01J1042984102
CRDB Bank.
How to apply you can apply by email lyubamt@gmail.com, yonazijim@gmail.com,
lyuba@ifm.ac.tz, yonaz@ifm.ac.tz or by collecting a form from Office number G20 Ground floors
at IFM. For more information contact +255713376533