Course Description
CyberSecurity risks abound and are constantly in the forefront of today’s Information Technology (IT) systems management and internal audit concerns. Known but unmitigated vulnerabilities are among the highest CyberSecurity risks faced by many organizations – known vulnerabilities include: using software and/or hardware beyond the vendor’s support lifecycle, declining to implement security patches, or failing to execute security-specific system configuration guidance.
Addressing cybersecurity is not only about solving a particular problem…it is also about putting in place the people, processes, and technologies that can protect against the latest risks and respond to them when needed. Recent industry surveys have indicated that although the number of Chief Information Security Officer (CISO) positions have increased, the corresponding quality of CyberSecurity expertise within many organizations has not. In this highly practical management oversight workshop, you will cover the essential background information, resources, and strategies necessary to prioritize, plan and launch a wide range of CyberSecurity risk assessments and audits.
We will explore not only CyberSecurity management and human resources controls, but also a high-level conceptual look at the fundamentals of important technical CyberSecurity controls for protecting valuable information assets and associated resources in today’s highly complex and rapidly changing Cyber world.
In this seminar, we will cover:
- What is CyberSecurity????…Building your CyberSecurity vocabulary
- Understanding the many faces of CyberSecurity risks, methods to detect them…and what’s necessary to effectively report them to The Board
- Organization and human resource factors that can increase CyberSecurity within the enterprise
- Important laws, standards and frameworks relating to CyberSecurity and CyberAudit
Learning Objectives
- Understand CyberSecurity terminology and associated risks
- Gain familiarity with CyberSecurity regulatory requirements and best practices
- How to develop an overall CyberSecurity audit program to effectively assess Cyber risks, including the critical human factor
- How to gauge and effectively report CyberSecurity risks to The Board
Course Outline
Defining the CyberSecurity Landscape
- Defining CyberSecurity
- Digital Transformation and De-Perimeterization
- Cloud Computing
- Internet of Things, Industrial Computing, and Edge Computing
- Shadow IT/Shadow Data
- Mobile Device Security
- Supply Chain Security
- Blockchain/Bitcoin
Facing the Challenges of CyberSecurity Governance, Risk, and Compliance
- Defining CyberSecurity Strategy and Senior Leadership
- Defining the Elements of Risk Management
- Measuring CyberSecurity Risk: CyberSecurity Risk Frameworks
- Notable CyberSecurity Risks, Incidents and…Lessons Learned
- Existing, Emerging…and Expanding CyberSecurity Regulatory Compliance Targets
Planning Audits of CyberSecurity
- Planning Audits of CyberSecurity
- CyberSecurity/Audit Frameworks
- Tools and Techniques for Conducting CyberSecurity Audits
- Corrective Actions…What to Fix First ???
- Sources of Information and Tools
CyberSecurity Success Factors
- Governance/Management
- Information Technology
- Communicating to Senior Leadership
Additional Information
Who Should Attend
- General Auditors and other Audit Management
- IT Auditors, Operational Auditors, Internal Control Professionals
- Information Security (CyberSecurity) Managers, Analysts, and Architects
- Internal Control Specialists
- IT Management, IT Architects
- Compliance Officers
- Data Privacy Officers
- Consultants
Learning Level
Basic
Delivery
Group Live or Group Internet-Based
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
A basic understanding of fundamental IT audit controls and terminology is assumed.
Session Duration
On Site: 1 day
CPE Credits: 8