If the handout download links from within past event articles are broken, please navigate to Chapter->Downloads to obtain the document.

2012 November - Windows 2008 Server Environment

When: November 7, 2012 1300-1630

Where: RTP HQ Conference Room

Registration: Website

Materials: Slide DeckAudit Policies / Risk Assessment / Finding Template / Reporting Template  (Members need to log in to be able to download)

CPEs: Upto 3

Fees: ISACA RTC Members - Free; Affiliated Org Members - $25; Non Members - $40

Topic: Windows 2008 Server Environment


Are you an Information Systems Auditor or have an interest in information systems auditing? If so, this class is tailor-made just for you. In this interactive class, you will become a part of Lisa Outlaw and Leo Howell's audit team.

Company XYZ asked their audit firm to perform an information systems audit of the Division of Motor Vehicles in Singapore. Lisa and Leo need your help to analyze the environment for security. Throughout the course, participants will be taken through a series of simulations and exercises designed to build their knowledge and allow for practical application of this knowledge. Participants will gain hands-on knowledge of the threats to a Windows 2008 Server environment and the vulnerabilities that may be exploited to cause a security incident, learn techniques to assist them with their server audits and security assessments, and will receive audit guidance and review notes J to assist them with their next server audit. This class will have participants break-out into audit teams to analyze configuration files for security weaknesses including Server Hardening, Network Shares, Windows Host-based Firewall Management, User Management, Password Management, Logging, Configuration Management and Patch Management of a Windows 2008 Server. If you enjoy fun experiences and hands on training, enroll for this event to today!!!


Leo Howell, CISA, CISSP is an enthusiastic and creative information assurance and security professional with over 14 years of information systems experience across a wide range of industries including government, healthcare, finance, and higher education. Leo started his career as a network engineer then transitioned over the years to an information security analyst/manager then to information systems auditing. He is a former Cisco Certified Security Professional (CCSP), Certified Business Resiliency Manager (CBRM) and a Certified Ethical Hacker (CEH). Leo Currently serves as the IT Audit Manager for NC State University by day and working on expanding is electronic health records management business - Secureka at nights.

Lisa Outlaw, CISA, CISSP, ITIL-F attended LaSalle University at the age of  16, majored in accounting, and graduated at the age of 20 with a Bachelors of Science in Business Administration.    She began audit work at the North Carolina Office of the State Auditor (OSA) in 1994, where she gained invaluable experience in audits through performing financial audits. In 1996, she desired to increase her audit skills by enhancing her knowledge of information technology and consequently was promoted to Information Systems Auditor in 1997. In the IS audit division of OSA, she began performing Information Technology (IT) audits of critical state agencies throughout North Carolina.  After much concentration in the area of IT Audit and Controls, she was promoted to Information Systems Audit Supervisor in 2002, and served in this position for three years.   She also furthered her IT knowledge in 2005 by transferring to the Office of Information Technology Services, where she served on the incident response and computer forensic team for two years. The Department of Homeland Security sponsored her training with Special Agents in Computer Forensics at the Federal Law Enforcement Training Center. After gaining this invaluable knowledge, and seeing the affects of technology incidents and computer forensic cases occurring within the State of North Carolina, she felt that this new knowledge could serve North Carolina best if she served in the capacity of the Director of Internal Audits for the Division of Employment Security of North Carolina.  She brings an unusual combination of skills: Accounting, Vast Knowledge of Technologies, Computer Forensics, Incident Response, Financial and IT Audit.