Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity represents the largest component of IT risks and related controls…and a major challenge to organizations of all sizes. Following the lead of Homeland Security, NIST, FFIEC, SEC, and New York State Department of Financial Services, have been encouraging or requiring substantially enhanced cyber security risk assessments and audit procedures.

This practical how-to workshop, will cover the essential background information, resources, and techniques necessary to plan and execute thorough, hard-hitting CyberSecurity risk assessments and audits. Important common “red flag” CyberSecurity risks will be highlighted. We will explore a wide array of essential CyberSecurity administrative, technical, and physical controls for protecting valuable information assets and associated resources in today’s highly complex and rapidly changing Cyber world. Concepts and techniques will be reinforced through the use of group exercises associated with risk assessment and CyberSecurity control evaluations.

Learning Objectives

  • How to identify key indicators of significant CyberSecurity risk and measure their potential impact on your organization
  • Reference important regulations, standards and frameworks relating to CyberSecurity and CyberAudit
  • Identify methods for effectively assessing CyberSecurity controls using different levels of assessment procedures
  • Building audit programs leveraging prominent CyberSecurity regulatory requirements and industry best practices

Course Outline

Developing Your Organization’s Inherent Risk Profile

  • Organizational Characteristics and Culture
  • CyberSecurity and CyberAudit Expertise, Training, and Qualifications
  • Impact of Cyber Related Processes on the Organization’s Information Architecture
    • Information Technology and Connection Types
    • Virtualization
    • Cloud Computing
    • Service-Oriented Architectures
    • External Access to Internal Systems
    • Internet of Things (IoT)
    • Mobility and Shadow IT
  • CyberSecurity and the Organizational Strategy
    • Enterprise Data and Competitive Advantage
    • Delivery Channels – User Interface
    • Data and Fraud Targets
  • Personally Identification Information (PII) and Privacy
  • Third Party Connections
  • External and Internal Threats

Identifying Relevant CyberSecurity Controls and Their Impact

  • CyberSecurity and CyberAudit Frameworks, Standards, and Baselines
  • CyberSecurity Governance and Accountability
    • Cyber Risk Management and Oversight
    • CyberSecurity Human Resource Awareness and Training
    • Cyber Incident Management and Resilience
    • o External Dependency Management – Outsourcing, Collaboration
  • Cybersecurity Controls
    • Administrative Security – Separation of Duties, Least Privilege…
    • Vulnerability Management and Threat Intelligence
    • Identity and Access Management
    • Cryptography and Data Protection – (protecting “ Data at Rest” and “Data in Motion/Transit”)
    • Network Perimeter Security – Wired, Wireless
    • Operations Security
    • Data Loss Prevention
    • End-Point Security

Measuring Your CyberSecurity Posture

  • Metrics for Measuring and Reporting CyberSecurity
  • Risk Frameworks and Information Classification
  • Defining Your CyberSecurity Baseline – Risk and Compliance Benchmarks
  • Selecting a Maturity Model and Target Maturity Levels
  • Using a Gap Analysis to Measure Your Level of Non-Compliance and CyberSecurity Shortfalls
  • Conducting Technical and Non-Technical Risk and Compliance Testing
  • Prioritizing and Planning Corrective Action Plans
  • Implementing Changes
  • Reevaluating the CyberSecurity Posture

Communicating Results to Different Levels of Management

  • Reporting to Senior Management in a Concise and Understandable Manner
  • Addressing non-technical business management concerns
  • Balancing the “business” need

Additional Information

Who Should Attend
  • IT Auditors
  • Operational Auditors
  • Financial Auditors
  • Internal Control Professionals
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

an understanding of IT General Controls components and audit procedures is essential

Session Duration

Online: N/A

On Site: 3 days

CPE Credits: