My Account
Get Started

Network Security and Infrastructure Auditing

16 Lessons
CPEs 3.5
Information Technology

Learn how to evaluate and test network security and IT infrastructure from an auditor’s perspective. This course covers network architectures, Infrastructure as Code (IaC), vulnerability scanning, and penetration testing, equipping you with the skills to identify risks and ensure organizations maintain secure and compliant environments.

Course video preview

Current Status

Not Enrolled

Get Started

View Pricing & Plans
Access all courses starting at $25/m

Course Description

Course 5 of 9 in our IT Auditing Learning Path! Organizations today rely on complex networks, hybrid cloud setups, and automated infrastructure, all of which create both opportunities and risks. Network Security and Infrastructure Auditing equips auditors and IT professionals with the skills to evaluate these environments for security, compliance, and risk exposure.

The course provides practical guidance on reviewing network components such as firewalls, VLANs, and VPCs, as well as modern practices like Infrastructure as Code (IaC). It also explains how to assess vulnerability scans and penetration testing reports, ensuring that findings are properly understood and communicated to stakeholders.

By focusing on real-world practices and modern IT environments, this course prepares you to perform thorough and effective audits of network security and infrastructure.

This course covers topics that align with concepts addressed in Domain 5 of the Certified Information Systems Auditor (CISA®) exam framework. It is not affiliated with, endorsed by, or sponsored by ISACA®, nor does it guarantee exam preparation or certification outcomes.

In this course, you'll learn...

Course Objectives

To explain the role of infrastructure and network security controls within an IT audit.

To identify and assess common components of network architecture (e.g., firewalls, VLANs, VPCs, etc.) from an auditor’s perspective.

To understand how organizations configure and secure common network devices to prevent unauthorized access and mitigate common threats.

To evaluate the risks and control implications of Infrastructure as Code (IaC).

To interpret results from vulnerability scans and penetration tests, and understand how they tie into audit reporting.

To apply practical audit techniques to review network and infrastructure security configurations.

How you'll apply these skills...

Review Network Architectures: Walk through diagrams and configurations to understand firewalls, routers, switches, VLANs, and VPCs from an auditor’s perspective

Assess Infrastructure as Code: Inspect Terraform scripts and other IaC templates for misconfigurations, excessive permissions, and insecure defaults before they scale across environments

Evaluate Cloud Environments: Test security groups, ACLs, and peering connections to confirm isolation, compliance with shared responsibility models, and restricted access to sensitive resources

Interpret Vulnerability Results: Translate technical scan and penetration test outputs into business-relevant risks, filtering out false positives and prioritizing critical issues

Audit Change Management: Verify that firewall rule changes, IaC code commits, and deployment pipelines follow documented approval and review processes

Test Segmentation Controls: Confirm that production, development, and guest environments are properly isolated to reduce the blast radius of potential attacks

Validate Monitoring & Logging: Check firewall logs, VPC flow logs, and alerting processes to ensure suspicious activity is detected and addressed in a timely manner

Report Audit Findings: Deliver clear, evidence-based conclusions that highlight security gaps, business risks, and actionable remediation steps for management

Course Instructor

Michael Carroll, CPA, CISA, CISM

Michael is an accounting and information security professional. He is also an Adjunct Professor at several higher education institutions, where he is responsible for teaching various accounting and information technology courses.

Michael earned his MBA in Accounting and B.S. in Accounting / Accounting Information Systems from Canisius University. Additionally, Michael is a Certified Public Accountant (CPA) and a Certified Information Systems Security Professional (CISSP). Michael is a current member of the NYCPA’s Education Committee and has been an Advisory Board Member for the Academy of Finance (AOF) since 2020.

Michael enjoys traveling, hiking, and watching the Buffalo Bills. He has also participated in several marathon events.

Course Content

Conclusion 1 Topic
Lesson Content
0% Complete 0/1 Steps
Final Exam: Network Security and Infrastructure Auditing

Additional Info

Format

5-20 min. videos, 2 quizzes, and a final assessment

Field of study

Information Technology

CPE Credits

CPEs 3.0

Prerequisites

Completion of prior courses in Wisdify’s IT Audit Learning Path is recommended.

Corey

Corey is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Corey is a big believer in the power of online learning and community with 15 years of finance and accounting experience.

Joe

Joe is the owner of Wisdify.  He is passionate about learning and development, he loves helping people achieve their professional and personal goals. Joe is a big believer in the power of online learning and community with 20 years of finance and accounting experience.

 

Kelsey Murphy

Kelsey is Wisdify’s expert content developer. Taking feedback from our students, Kelsey creates extremely relevant blog posts and leads the development of Wisdify’s other free resources.

Prior to Wisdify, Kelsey worked as a business technology strategy consultant for Forrester, a global research and advisory firm. While there, she acted as project manager for numerous research-based consulting projects.

Kelsey earned a BA in Economics and Mathematics from Wellesley College.

Madison Bess

Madison oversees the social media strategy at Wisdify and makes sure we stay closely connected with our students, receive their feedback, and provide our students with valuable information.

Prior to Wisdify, Madison successfully ran the social media accounts for multiple companies. She also found time to start her own personal training company (which she still runs).

Madison earned a BA in English from Brigham Young University.

Maryn Coughran

Maryn is a co-founder and leads the marketing and outreach efforts at Wisdify. She ensures we are connecting with our customers, hearing their feedback, and then implementing their suggestions.

Prior to Wisdify, Maryn co-founded (along with Nate) BostonExcel, a Microsoft Excel training company that worked with dozens of companies in virtually every industry. Maryn’s clients included numerous Fortune 1000 companies, prestigious universities, startups and everything in between. She also happened to write and illustrate a children’s book. Let’s just say she’s a woman of many talents.

Maryn earned a BA in Economics from Wellesley College.

The Buckaroos

Gwyn, Jack, and Kate are the adorable tow-heads that lead up Wisdify’s campaigns on cuteness, energy, and sleep-deprivation.