THE INSTITUTE OF FINANCE MANAGEMENT

(ESTABLISHED UNDER THE ACT No. 3 OF 1972)

Centre for ICT Research and Innovations (C iRI)

P.O Box 3918, Dar Es Salaam, Tel: +255 - 22- 2112931-3 Fax: 255 - 22- 2112935
www.ifm.ac.tz

WORKSHOP ON ICT SECURITY AUDITING AND RISK MANAGEMENT

ICT security and auditing skills are important for competitiveness in the modern business
environment. They are useful to assist organisations in mitigating vulnerabilities, monitoring and
protecting ICT assets from various threats and risks. More, the introduction of cybercrime and
electronic transaction laws in Tanzania bring an attention to companies and organizations to
safe-guide their ICT assets against cyber-attacks and crimes. Based on these factors and many
others the Institute of Finance Management designed and announce the workshop in ICT
security auditing and risk management to provide participants with knowledge and skills on
effective planning, implementing, monitoring, auditing, documenting and reportingon security
assertions about the organization ICT assets.
Learning Outcomes
At the end of the training, participants are expected to be able to:
Understand the general concept of ICT security.
Apply cryptographic techniques to safe-guide organization ICT assets against cyberattacks and crimes.
Perform penetration testing for the purpose of identifying threats and vulnerabilities in
organization ICT assets and fixing them.
Acquire necessary skills on writing secure codes for internal developed applications.
Perform risk assessment and apply countermeasures.
Prepare ICT security policy, guidelines, standards and procedures.
Prepare security audits reports in alignment with internal or external ICT security
auditing.
Course Contents
ICT security basicsi.e CIA, assets, threat model, security attacks etc.
Secure design principlesi.e economy of mediation, least privilege, complete mediation
etc.
Basics of cryptography i.esymmetric/asymmetric algorithms, digital cert& signatures,
PGP etc.
Ethical hacking guideline and penetration testing.
Web applications attack (SQL Injection, XSS, CSRF, sessions hijacking etc).
Common Internet threats (phishing, Trojan, worms, botnets drive-by-downloads etc).
Non-technical threats.
Password attacks.
Security auditing and assurance i.e security policies, standard, guideline,baseline and
other applicable standards.
Risk assessment and security controls.
Disaster recovery for business continuity.
Target group
This training is relevant to systems/network analysts, systems/network administrators,
systems/network security analysts, ICT auditors, ICT programmers. It is appropriate to
IT/Computer Science IT practitioners who wish to join ICT security course in high learning
institutions. The training is also most useful for those intending to sit for CISA, CISM, CISSP,
CEH and ICT security related certification exams.

1|Page

Training Approach
Delivery approach will be through a series of lectures, practical to gives participants hand-on
skill, group discussions and presentations.
Venue and Dates
Dar es Salaam at IFM main campus from 24/01/2016 to 29/01/2016 Time: 1000hrs to 1600hrs.
Morogoro at Edema hotel from 14/02/2016 to 19/02/2016 Time: 1000hrs to 1600hrs.
Fees
A fee of TZS 1,500,000/= will be charged to cover training materials, breakfast, refreshments,
lunch and certificate of participation. Participants will have to arrange for their own lodge.
We kindly request you to deposit the fees to The Rector IFM, through Acc. no 01J1042984102
CRDB Bank.
How to apply you can apply by email lyubamt@gmail.com,yonazijim@gmail.com,
lyuba@ifm.ac.tz, yonaz@ifm.ac.tzor by collecting a form from Office number G20 Ground floors
at IFM.
For more information contact +255713376533

2|Page