Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity is constantly making headlines. Widespread reports of ransomware, distributed denial of service (DDoS) botnets, data leakage, and identity theft are among the costly and embarrassing attacks rampant on government, business, and private individual targets in recent months. Many of these attacks are successful because the targeted networks and computers are not properly secured, due to the lack of CyberSecurity risk awareness, best practice safeguards along with ineffective vulnerability management and audit procedures. CyberSecurity represents the largest component of IT risks and related controls…and a major challenge to organizations of all sizes.

This course will cover the essential background information, resources, and techniques necessary to execute meaningful CyberSecurity risk assessments. Important common “red flag” CyberSecurity risks will be highlighted. Concepts and techniques will be reinforced through the use of group exercises associated with risk assessment.

Learning Objectives

  • Identify methods for effectively assessing CyberSecurity, reference prominent CyberSecurity risk assessment frameworks and methodologies
  • How to assess key indicators of significant CyberSecurity risk and measure their potential impact on your organization
  • Getting Senior Management’s attention on CyberSecurity risks

Course Outline

Identifying and Evaluating Useful CyberSecurity Risk Frameworks and Methodologies

Developing Your Organization’s Inherent Risk Profile

  • Organizational Characteristics and Culture
  • CyberSecurity and CyberAudit Expertise, Training, and Qualifications
  • Impact of Cyber Related Processes on the Organization’s Information Architecture
    • Information Technology and Connection Types
    • Cloud Computing
    • Service Oriented Architectures (SOA)
    • External Access to Internal Systems
    • Internet of Things (IoT)
    • Mobility and Shadow IT
  • CyberSecurity and the Organizational Strategy
    • Enterprise Data and Competitive Advantage
    • Delivery Channels – User Interface
    • Data and Fraud Targets
  • Personally Identification Information (PII) and Privacy
  • Third Party Connections
  • External and Internal Threats

Communicating Results to Different Levels of Management

  • Reporting to Senior Management in a Concise and Understandable Manner
  • Addressing Non-Technical Business Management Concerns
  • Balancing the “Business” Needs against IT Best Practices

Additional Information

Who Should Attend

Internal auditors, IT Auditors, Control Professional, Compliance Professionals

Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

An understanding of IT General Controls

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8