Cybersecurity for Non-IT Auditors

Course Field: Information Technology
Delivery Method: Live/Internet-Based
Prerequisite:
Level:
Advance Prepration:
INQUIRE
  • Seminar Overview

    Cyber Security is the highest risk and at the top of the minds of C-suite members at every company. This course will provide a practitioner’s viewpoint for both audit and cyber security professionals. Beginning with underlying fundamentals of cyber security, then going step by step through the primary focus areas, risk prioritization and key audit steps, this is a course for any auditor wanting to learn how to address cyber security as a key audit risk.

  • Workshop Objectives
    • Select and implement a cybersecurity framework
    • Audit against a cybersecurity framework
    • Develop a prioritized remediation plan
    • Audit cybersecurity maturity
  • agenda
    I. Overview/Key Terms II. Primary Focus Areas a. Protection

    i. Top 4 Control Frameworks

    ii. PCI DSS

    iii. ISO 27001 / 27002

    iv. CIS Critical Security Controls

    v. NIST CSF (Cybersecurity Framework)

    b. Detection

    i. Technical Controls designed to discover the occurrence of a cybersecurity event in a timely manner

    ii. Review Examples of Detection Capabilities

    c. Response

    i. Crisis Management

    ii. Incident Response

    d. Recover

    i. Resilience

    1. Business Continuity

    2. Disaster Recovery

    III. Continuous Improvement

    a. Cyber Security Strategy Review

    IV. IT Risk Management

    a. IT Risk Prioritization

    b. IT Risk Register

    c. Executive Reporting

    V. Key Audit Steps
  • Who should attend
    Auditors who want a better understanding of cybersecurity, key risks and audit considerations (NASBA Field of Study: Information Technology).

Attendee Feedback

Course Offerings

latest book goldsrd