Internal Audit Training, IT Audit Training Courses, Information Security Training - CPE Interactive

Continuing Professional Education for Audit, Assurance, & Info Security

Course Description

CyberSecurity controls for the protection of valuable and/or sensitive information assets are motivated by identified risks and increasingly demanding regulatory compliance requirements. This highly practical workshop will cover the essential background information, resources, tools, and techniques necessary to plan and launch cost-effective assessments of enterprise CyberSecurity programs that should be performed by internal and external auditors, CyberSecurity professionals, and IT management. You will explore how to benchmark the overall governance and management of an enterprise CyberSecurity program. Special emphasis will be placed on domestic and international legislative and industry CyberSecurity frameworks and compliance targets. You will receive a variety of invaluable checklists, matrices, and other worksheet tools.

In this seminar, we will discuss:

  • Defining the two major CyberSecurity and audit drivers: risk and compliance
  • Risk frameworks and models
  • Compliance targets: important laws, standards and frameworks affecting CyberSecurity and IT Audit – ISO, NIST, GAO, NSA, DISA, ISACA, PCI-DSS
  • Defining the scope of CyberSecurity audits: an architectural, top down approach
  • Who’s steering the ship?… CyberSecurity governance, management, and organizational controls
  • Spreading the word: CyberSecurity policies, standards, procedures, baselines, and awareness

Learning Objectives:

  • Gain familiarity with the major CyberSecurity drivers and benchmarks, including risk and regulatory compliance
  • Classify and assess the significance of common and emerging threats to CyberSecurity
  • Identify key CyberSecurity controls and how they affect the confidentiality, integrity, and availability of information assets
  • Learn how to identify and assess enterprise CyberSecurity controls from a top-down architectural perspective

Course Outline

Building a Risk-based Business Case for CyberSecurity

  • Business drivers and strategies for cybersecurity
  • Threats, vulnerabilities, and associated risks to cybersecurity
  • Incident response / resiliency

Defining the CyberSecurity Technology Landscape

  • Digital transformation and de-perimeterization
  • Prominent technologies and associated risks: cloud, mobility, Internet of Things (IoT), supply chain

CyberSecurity Regulatory Compliance

  • Compliance challenges and objectives
  • Privacy and personally identifiable information (PII)
  • Financial security compliance laws and standards
  • Data loss prevention (DLP)

Organizing for CyberSecurity

  • Defining cybersecurity strategy and senior leadership
  • CyberSecurity organizational structure
  • Administrative practices supporting cybersecurity
  • CyberSecurity staffing and training/skills issues

Communicating CyberSecurity to the Masses

  • CyberSecurity policies, standards, baselines, and procedures
  • Security knowledge transfer: awareness, training, education
  • Contracts and written agreements

Planning CyberSecurity Audits and Risk Assessments

  • Planning and scoping the audits
  • CyberSecurity/CyberAudit standards and frameworks
  • Tools and techniques for conducting effective CyberSecurity audits

Wrap-up Summary

  • CyberSecurity success factors
  • Sources of additional information

Additional Information

Who Should Attend
  • Audit Management
  • IT Auditors
  • Operational Auditors
  • Internal Control Professionals
  • Information Security Professionals
Learning Level

Intermediate

Delivery

Group-Live

Field

Auditing

Advanced Preparation

None

Recommended Prerequisites

Introduction to IT Auditing (AA01) or equivalent training. A basic understanding of IT audit controls and terminology is assumed.

Session Duration

On Site: 1 day

CPE Credits: 9

Questions? Contact us

Phone: +1 (781) 784-4390
Email: fill out form below

    [recaptcha size:compact class:captcha]