Cybersecurity Audit School

"Enhancing Auditors' Roles in Cyber Risk Management and Control Assessment"

What you'll learn

Be able to identify and assess cybersecurity risks specific to their organization.

Understand how to implement and evaluate cybersecurity controls.

Recognize the auditor's role in the cybersecurity landscape and how to collaborate with cybersecurity teams.

Gain practical experience through scenarios that reinforce theoretical concepts.

Requirements

Participants are expected to have the following foundational knowledge and skills before enrolling in the course:

1. Basic Understanding of Auditing Principles: Familiarity with auditing concepts, processes, and methodologies is essential.

2. Introductory Knowledge of Cybersecurity: A general understanding of cybersecurity terms, concepts, and common threats is beneficial.

3. Experience with Risk Management: Prior experience or coursework related to risk assessment and management will enhance comprehension of course material.

4. Familiarity with Regulatory Standards: Awareness of industry standards and regulations related to cybersecurity, such as GDPR, HIPAA, or PCI-DSS, is advantageous.

While these prerequisites are recommended, a strong desire to learn and engage with cybersecurity topics will also support participants' success in the course.

Description

In an era of increasing cyber threats, auditors must go beyond traditional roles and understand the complexities of cybersecurity. This course equips participants with the knowledge and skills to effectively contribute to their organization's cybersecurity efforts. Attendees will explore the risks associated with cyberattacks, learn how to design and implement robust controls, and understand compliance with industry standards and regulations.Key topics include effective control frameworks, identifying warning signs of potential incidents, and employing investigative techniques to analyze cybersecurity breaches.By the end of the course, attendees will be empowered to assess the effectiveness of cybersecurity controls and understand their crucial role as members of their organization’s “Cyber Defense Team.” This comprehensive program is essential for auditors aiming to enhance their contributions to safeguarding organizational data and infrastructure. Join us to build your expertise in cybersecurity and ensure your organization is well-prepared to face evolving threats.Key Topics:Cybersecurity Fundamentals: Overview of key concepts, terminology, and frameworks in cybersecurity.Control Frameworks: Examination of popular cybersecurity frameworks (e.g., NIST, ISO 27001) and their application in organizational contexts.Positioning Controls: Strategies for determining the most effective placement of cybersecurity controls within organizational processes.Substantive Testing: Techniques for assessing the effectiveness of cybersecurity controls through substantive testing.

Overview

Section 1: Cybersecurity Audit School

Lecture 1 Overview

Lecture 2 Cybersecurity Key Concepts

Lecture 3 Cybersecurity History and Breaches

Lecture 4 Types of Cyber Attacks - Human

Lecture 5 Types of Cyber Attacks - Technical

Lecture 6 Cybersecurity Frameworks, Standards

Lecture 7 NIST Frameworks and Standards

Lecture 8 Industry Frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)

Lecture 9 Cybersecurity Oversight, Governance & Compliance

Lecture 10 Security Policies

Lecture 11 Security Risk Management Overview

Lecture 12 Threat Analysis

Lecture 13 Security Risk Management in Practice

Lecture 14 Asset Identification and Inventory

Lecture 15 Third-party / Service Provider Management

Lecture 16 Business Impact Assessment

Lecture 17 Configuration Management and Change Control

Lecture 18 Defending Business Assets Overview

Lecture 19 Identity and access management

Lecture 20 Authentication and Authorization

Lecture 21 Vulnerability and Patch Management

Lecture 22 Security awareness

Lecture 23 Physical Security

Lecture 24 Personnel Security

Lecture 25 Computer Networking Fundamentals

Lecture 26 Network Defenses

Lecture 27 Network Security Access Controls

Lecture 28 EndPoint and System Security Configuration

Lecture 29 EndPoint and System Security Protection

Lecture 30 Application Security

Lecture 31 Cloud & Virtualization Security

Lecture 32 Encryption Concepts

Lecture 33 Cryptographic Algorithms

Lecture 34 Encryption - Public Key Infrastructure

Lecture 35 Data Privacy Controls

Lecture 36 Securing Data

Lecture 37 Logging, monitoring and alerting

Lecture 38 Incident Response (IR) Planning

Lecture 39 Incident Response (IR) Testing

Lecture 40 Digital Forensics

Lecture 41 Recovering Systems

Lecture 42 Business Continuity and Recovery

Lecture 43 The Auditor's Role

Lecture 44 CISO's Role

Lecture 45 Establishing Audit Scope

Lecture 46 Building the Audit Plan

Lecture 47 Cybersecurity evaluation methods

Lecture 48 Vulnerability Assessments, Scanning and Testing

Lecture 49 Penetration Testing

Lecture 50 Security Maturity Models

Lecture 51 Auditing using NIST frameworks

Lecture 52 Auditing other security frameworks, standards ISO

Lecture 53 Auditing PCI DSS

Lecture 54 Cybersecurity Auditing Examples

Lecture 55 Collecting and Organizing Cybersecurity Evidence

Lecture 56 NIST Reporting Requirements

Lecture 57 Prioritizing Risks and Influencing decisions

Lecture 58 Course Summary and Conclusion

This course is ideal for anyone looking to strengthen their skills in cybersecurity assessment and contribute effectively to their organization’s cyber defense strategy.