Course Description
CyberSecurity risks abound and are constantly in the forefront of today’s Information Technology (IT) systems management and internal audit concerns. Known but unmitigated vulnerabilities are among the highest CyberSecurity risks faced by many organizations – known vulnerabilities include: using software and/or hardware beyond the vendor’s support lifecycle, declining to implement security patches, or failing to execute security-specific system configuration guidance.
We will explore not only CyberSecurity management and human resources controls, but also a high-level conceptual look at the fundamentals of important technical CyberSecurity controls for protecting valuable information assets and associated resources in today’s highly complex and rapidly changing Cyber world.
In this seminar, we will cover:
- What is CyberSecurity????…Building your CyberSecurity vocabulary
- Understanding the many faces of CyberSecurity risks, methods to detect them…and what’s necessary to effectively report them to The Board
- Organization and human resource factors that can increase CyberSecurity within the enterprise
- Important laws, standards and frameworks relating to CyberSecurity and CyberAudit
Learning Objectives
- Understand CyberSecurity terminology and associated risks
- Gain familiarity with CyberSecurity regulatory requirements and best practices
- How to develop an overall CyberSecurity audit program to effectively assess Cyber risks, including the critical human factor
- How to gauge and effectively report CyberSecurity risks to The Board
Course Outline
Defining the CyberSecurity Landscape
- Defining CyberSecurity
- Digital Transformation and De-Perimeterization
- Cloud Computing
- Internet of Things (IoT), Operational Technology/SCADA
- Shadow IT/Shadow Data
- Remote access and mobile Device Security
- Supply Chain Security
- Blockchain/Bitcoin
Facing the Challenges of CyberSecurity Governance,
Risk, and Compliance
- Defining CyberSecurity Strategy and Senior Leadership
- Defining the Elements of Risk Management
- Measuring CyberSecurity Risk: CyberSecurity Risk Frameworks
- Notable CyberSecurity Risks, Incidents and…Lessons Learned
- Existing, Emerging…and Expanding CyberSecurity Regulatory Compliance Targets
Planning Audits of CyberSecurity
- CyberSecurity/Audit Frameworks
- Tools and Techniques for Conducting CyberSecurity Audits
- Corrective Actions…What to Fix First ???
- Sources of Information and Tools
rap-up Summary
- CyberSecurity Success Factors
- Communicating to Senior Leadership
- Sources of additional information
Additional Information
Who Should Attend
- General Auditors and other Audit Management
- IT Auditors, Operational Auditors, Internal Control Professionals
- Information Security (CyberSecurity) Managers, Analysts, and Architects
- Internal Control Specialists
- IT Management, IT Architects
- Compliance Officers
- Data Privacy Officers
- Consultants
Learning Level
Basic
Delivery
Group Live
Field
Auditing
Advanced Preparation
None
Recommended Prerequisites
A basic understanding of fundamental IT audit controls and terminology is assumed.
Session Duration
On Site: 1 day
CPE Credits: 8