Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

Information Security controls for the protection of valuable and/or sensitive information assets are motived by identified risks and increasingly demanding regulatory compliance requirements. This highly practical workshop will cover the essential background information, resources, tools, and techniques necessary to plan and launch cost-effective assessments of enterprise Information Security programs that should be performed by internal and external auditors, Information Security professionals, and IT management. You will explore how to benchmark the overall governance and management of an enterprise Information Security program. Special emphasis will be placed on domestic and international legislative and industry Information Security frameworks and compliance targets. You will receive a variety of invaluable checklists, matrices, and other worksheet tools.

In this seminar, we will discuss:

  • Defining the two major Information Security and audit drivers: risk and compliance
  • Risk frameworks and models
  • Compliance targets: important laws, standards and frameworks affecting Information Security and IT Audit – ISO, NIST, GAO, NSA, DISA, ISACA, PCI-DSS
  • Defining the scope of Information Security audits: an architectural, top down approach
  • Who’s steering the ship?… Information Security governance, management, and organizational controls
  • Spreading the word: Information Security policies, standards, procedures, baselines, and awareness

Learning Objectives:

  • Gain familiarity with the major Information Security drivers and benchmarks, including risk and regulatory compliance
  • Classify and assess the significance of common and emerging threats to Information Security
  • Identify key Information Security controls and how they affect the confidentiality, integrity, and availability of information assets
  • Learn how to identify and assess enterprise Information Security controls from a top-down architectural perspective

Course Outline

Building a Business Case for Information Security

  • Identifying business drivers and strategies for Information Security
  • Defining the role of the audit in an enterprise Information Security program
  • Threats, vulnerabilities, and associated risks to Information Security

Planning and Scoping Information Security Audits and Follow-up Procedures

  • Using a security architecture model as a framework for Information Security audits
  • Defining the scope and objectives for different types of Information Security audits
  • Locating and evaluating useful public Information Security baselines and checklists
  • Tools and techniques for assessing Information Security governance and management controls
  • Practical approaches to audit corrective action plans

The Information Security Organization Structure

  • Positioning Information Security in the organization
  • Evaluating the effectiveness of the assignment of roles, responsibilities, and accountability, related to Information Security governance, management, and administration
  • Evaluating the competency, training, and certification of individuals with Information Security responsibilities

Information Security Policies and Awareness

  • Assessing governance through policies, standards, procedures, and baseline coverage
  • Assessing the level of qualified support and involvement in policy development
  • Outsourcing and contracts, including cloud computing
  • Testing the effectiveness of Information Security awareness programs

Additional Information

Who Should Attend
  • Audit Management
  • IT Auditors
  • Operational Auditors
  • Internal Control Professionals
  • Information Security Professionals
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8