Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity controls for the protection of valuable and/or sensitive information assets are motivated by identified risks and increasingly demanding regulatory compliance requirements. This highly practical workshop will cover the essential background information, resources, tools, and techniques necessary to plan and launch cost-effective assessments of enterprise CyberSecurity programs that should be performed by internal and external auditors, CyberSecurity professionals, and IT management. You will explore how to benchmark the overall governance and management of an enterprise CyberSecurity program. Special emphasis will be placed on domestic and international legislative and industry CyberSecurity frameworks and compliance targets. You will receive a variety of invaluable checklists, matrices, and other worksheet tools.

In this seminar, we will discuss:

  • Defining the two major CyberSecurity and audit drivers: risk and compliance
  • Risk frameworks and models
  • Compliance targets: important laws, standards and frameworks affecting CyberSecurity and IT Audit – ISO, NIST, GAO, NSA, DISA, ISACA, PCI-DSS
  • Defining the scope of CyberSecurity audits: an architectural, top down approach
  • Who’s steering the ship?… CyberSecurity governance, management, and organizational controls
  • Spreading the word: CyberSecurity policies, standards, procedures, baselines, and awareness

Learning Objectives:

  • Gain familiarity with the major CyberSecurity drivers and benchmarks, including risk and regulatory compliance
  • Classify and assess the significance of common and emerging threats to CyberSecurity
  • Identify key CyberSecurity controls and how they affect the confidentiality, integrity, and availability of information assets
  • Learn how to identify and assess enterprise CyberSecurity controls from a top-down architectural perspective

Course Outline

Building a Business Case for CyberSecurity

  • Identifying business drivers and strategies for CyberSecurity
  • Defining the role of the audit in an enterprise CyberSecurity program
  • Threats, vulnerabilities, and associated risks to CyberSecurity

Planning and Scoping CyberSecurity Audits and Follow-up Procedures

  • Using a security architecture model as a framework for CyberSecurity audits
  • Defining the scope and objectives for different types of CyberSecurity audits
  • Locating and evaluating useful public CyberSecurity baselines and checklists
  • Tools and techniques for assessing CyberSecurity governance and management controls
  • Practical approaches to audit corrective action plans

The CyberSecurity Organization Structure

  • Positioning CyberSecurity in the organization
  • Evaluating the effectiveness of the assignment of roles, responsibilities, and accountability, related to CyberSecurity governance, management, and administration
  • Evaluating the competency, training, and certification of individuals with CyberSecurity responsibilities

CyberSecurity Policies and Awareness

  • Assessing governance through policies, standards, procedures, and baseline coverage
  • Assessing the level of qualified support and involvement in policy development
  • Outsourcing and contracts, including cloud computing
  • Testing the effectiveness of CyberSecurity awareness programs

Additional Information

Who Should Attend
  • Audit Management
  • IT Auditors
  • Operational Auditors
  • Internal Control Professionals
  • Information Security Professionals
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8