Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Many important CyberSpace controls are related to the protection of valuable information assets and increasingly demanding regulatory compliance requirements. In this highly practical and intensive workshop, you will cover the essential background information, resources, tools, and techniques necessary to plan and launch a wide range of hard-hitting, cost-effective CyberSecurity audits that should be performed by internal and external auditors, Information Security professionals, and IT staff. You will explore not only management and administrative controls, but also the fundamentals of important logical security controls for protecting valuable information assets and associated CyberSpace resources. You will receive a variety of invaluable checklists, matrices, and other worksheet tools.

Learning Objectives

  • Gain familiarity with the major CyberSecurity drivers, including risk and regulatory compliance
  • Classify and assess the significance of common and emerging threats to CyberSecurity
  • Identify key CyberSecurity controls and how they affect the confidentiality, integrity, and availability of information assets
  • Learn to view and assess CyberSecurity controls from an architectural perspective covering administrative, physical, and technical controls

Course Outline

Building a Business Case for CyberSecurity

  • Defining Cybersecurity
  • Business Drivers and Strategies for Cybersecurity
  • Defining the CyberSecurity/Information Technology Landscape

CyberSecurity Risks and Compliance

  • Defining the Elements of Risk Management
  • CyberSecurity Risks to Your Enterprise
  • CyberSecurity Risk Analysis
  • CyberSecurity Risk Frameworks
  • Information Classification
  • Notable CyberSecurity Incidents and…Lessons Learned
  • CyberSecurity Regulatory Compliance

Governance of CyberSecurity

  • Defining CyberSecurity Strategy
  • CyberSecurity Organizational Structure
  • CyberSecurity Governance
  • Administrative Controls Supporting CyberSecurity
  • CyberSecurity Policies
  • CyberSecurity in Contracts and Agreements
  • Security Knowledge Transfer: Awareness, Training, Education

Operational CyberSecurity Controls

  • Remote Access and Virtual Private Networks
  • Configuration, Change, and Problem Management
  • Intrusion Detection/Prevention Systems (IDS/IPS)
  • Incident Response
  • Business Continuity Planning (BCP)/Disaster Recovery Planning (DRP)

Enterprise CyberSecurity Controls

  • Enterprise Identity and Access Control Management
  • Directory Services
  • Cryptography and Public Key Infrastructure Controls (PKI)
  • Enterprise Mobility Management (EMM)
  • Web Application Security
  • Systems Development Life Cycle (SDLC) Management, including DevOps and DevSecOps

Planning and Scoping CyberSecurity Audits and Follow-up Procedures

  • Using a security architecture model as a framework for CyberSecurity audits
  • Defining the scope and objectives for different types of CyberSecurity audits
  • Locating and evaluating useful public CyberSecurity baselines and checklists
  • Tools and techniques for assessing CyberSecurity controls
  • Practical approaches to audit corrective action plans

Communicating to Senior Management

  • Effectively Communicating CyberSecurity Risks to Senior Management
  • CyberSecurity Metrics
  • Board of Directors – A Dozen CyberSecurity Guideposts

Additional Information

Who Should Attend

Audit Management
IT Auditors
Operational Auditors
Information Security Managers, Analysts, and Architects
IT Management
IT Architects
System Administrators
Application Developers and Analysts
Compliance Officers
Consultants

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Introduction to IT Auditing (AA01)
or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 3 days

CPE Credits: 24