Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity risks abound and are constantly in the forefront of today’s Information Technology (IT) systems management and internal audit concerns. Known but unmitigated vulnerabilities are among the highest CyberSecurity risks faced by many organizations – known vulnerabilities include: using software and/or hardware beyond the vendor’s support lifecycle, declining to implement security patches, or failing to execute security-specific system configuration guidance.

Addressing cybersecurity is not only about solving a particular problem…it is also about putting in place the people, processes, and technologies that can protect against the latest risks and respond to them when needed. Recent industry surveys have indicated that although the number of Chief Information Security Officer (CISO) positions have increased, the corresponding quality of CyberSecurity expertise within many organizations has not. In this highly practical management oversight workshop, you will cover the essential background information, resources, and strategies necessary to prioritize, plan and launch a wide range of CyberSecurity risk assessments and audits.

We will explore not only CyberSecurity management and human resources controls, but also a high-level conceptual look at the fundamentals of important technical CyberSecurity controls for protecting valuable information assets and associated resources in today’s highly complex and rapidly changing Cyber world.

In this seminar, we will cover:

  • What is CyberSecurity????…Building your CyberSecurity vocabulary
  • Understanding the many faces of CyberSecurity risks, methods to detect them…and what’s necessary to effectively report them to The Board
  • Organization and human resource factors that can increase CyberSecurity within the enterprise
  • Important laws, standards and frameworks relating to CyberSecurity and CyberAudit

Learning Objectives

  • Understand CyberSecurity terminology and associated risks
  • Gain familiarity with CyberSecurity regulatory requirements and best practices
  • How to develop an overall CyberSecurity audit program to effectively assess Cyber risks, including the critical human factor
  • How to gauge and effectively report CyberSecurity risks to The Board

Course Outline

What is CyberSecurity????...Building your CyberSecurity vocabulary

  • Defining CyberSecurity
  • Business Drivers for CyberSecurity
  • Defining the CyberSecurity / Information Technology Landscape
  • Existing, Emerging…and Expanding CyberSecurity Regulatory Compliance

The Many Faces of CyberSecurity Risks… and How to Detect Them

  • Defining the Elements of Risk Management
  • Inherent CyberSecurity Risks to Your Enterprise
  • Organization and Human Resource Factors That Can Increase CyberSecurity Risk
  • Notable CyberSecurity Incidents and…Lessons Learned
  • Frameworks and Methodologies for CyberSecurity Risk Assessment
  • Leveraging Information Ownership and Classification to Detect and Reduce CyberSecurity Risk

Planning Audits of CyberSecurity

  • CyberSecurity Architectures and CyberSecurity/Audit Frameworks
  • Tools, Techniques, and Resources Necessary for Conducting Effective CyberSecurity Audits
  • Do’s and Don’ts for Effectively Reporting CyberSecurity Risks to The Board

Additional Information

Who Should Attend
  • General Auditors and other Audit Management
  • IT Auditors
  • Operational Auditors
  • Information Security Managers, Analysts, and Architects
  • IT Management
  • IT Architects
  • Compliance Officers
  • Consultants
Learning Level

Basic

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

A basic understanding of fundamental IT audit controls and terminology is assumed.

Session Duration

Online: N/A

On Site: 1 day

CPE Credits: 8