Auditing Cybersecurity Programs - In-Person
Cybersecurity is one of the biggest internal control areas that need executive attention.
You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data. "Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!" Sound familiar?
Hundreds of Security, Compliance and Audit professionals have faced this dilemma. As we know, cybersecurity breaches occur throughout the world on a daily basis, and many are unreported. ALL organizations are vulnerable...including our most "secure" government agencies, financial institutions and public utility companies. A comprehensive cybersecurity program is an absolutely essential component of a system of internal control. How can you assess its effectiveness? Have you conducted an audit? What are the common and not-so-common deficiencies? How can we improve our "security resiliency"?
Please join us for this valuable in-person, interactive training, and allow our expert instructors to carefully guide you as to how to assess the controls and processes of your organization's cybersecurity program. We will transfer our knowledge of this important topic to you in an educational, enjoyable manner. We will provide you with the information to enhance the effectiveness of your cybersecurity program.
This comprehensive in-person event is designed for Internal Auditors, Compliance Analysts, Security Officers and Administrators. Let's learn, grow, and enhance our Security effectiveness! Sign up now! This course is designed for professionals experienced in working with internal controls and ERM programs.
Each attendee will receive 24 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.
Details on Event Presentation
The sessions will be as follows:
Monday – 9:00 a.m. to 5:00 p.m.
Tuesday - 9:00 a.m. to 5:00 p.m.
Wednesday - 9:00 a.m. to 4:00 p.m.
Offered in-person in various cites each month on Monday-Wednesdays in sessions.
CPE Event Highlights
In attending this event you will obtain a comprehensive understanding of the best-practice components of a Cybersecurity Program and the methods to audit that information security program.
Learn the relationship between risk, control, and audits
Understand the core features of an effective Cybersecurity Program
Assess the risks posed by Insider and Outsider threats
Identify the processes of Account Management
Determine methods to limit Privileged accounts
Identify the stages of a Cybersecurity attack
Learn the tools and techniques for continuous monitoring of security events
Identify methods to remediate security vulnerabilities
Key Issues on the Agenda
Introduction Section 1 Introduction and Learning Objectives
Section 2 Overview, Definitions and Concepts: Internal Control and Auditing
Section 3 Components of Cybersecurity Programs
Section 4 Internal Control and Cybersecurity Frameworks
Section 5 AICPA Cybersecurity Risk Assessments
Section 6 Security Certifications
Section 7 Security and Privacy Laws and Regulations
Section 8 Breach Disclosure Requirements
Section 9 Understanding the Mission of the Organization
Section 10 Tone at the Top - The Auditor's Influence
Section 11 The Role of the CSO/ CISO
Section 12 Evaluating a Cybersecurity Risk Assessment
Section 13 Security Policy Development, Administration and Auditing
Section 14 Data Classification and Protection Methods
Section 15 Protecting the Physical Equipment
Section 16 Assessing Controls in Network Components
Section 17 Account Authentication
Section 18 Controlling Your Endpoints
Section 19 DevOps Application Security
Section 20 Configuration Management
Section 21 Asset Audits
Section 22 Vendor Management
Section 23 Command, Communication and Control
Section 24 Testing the Controls
Section 25 Corrective Action Plans
Section 26 Case Study: Anatomy of an Attack
Section 27 Countermeasures
Section 28 Summary and Wrap-Up
NASBA Program Disclosure
Program Level of Understanding: Intermediate
Prerequisites: Basic understanding of auditing and IT security
Advance Preparation: None
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: "Auditing" and "Information Technology"
CPE Credits: 24, based on 50 minutes of instruction per hour
Summary of the Subject Matter
The Auditing Cybersecurity Programs CPE training event is a comprehensive program designed to help professionals improve their knowledge and skills in the field of cybersecurity auditing. Hosted by Dave Marshall, CCS founder, this event provides participants with a deep dive into the latest techniques and best practices for auditing cybersecurity programs.
Throughout the training, attendees will have the opportunity to interact with an industry expert and network with other professionals in the cybersecurity field. The CPE event is designed for individuals working in IT, internal audit, risk management, and compliance roles. It is also designed for anyone looking to improve their knowledge and skills in cybersecurity auditing.
Attendees will learn about the fundamental concepts of cybersecurity and how to assess the effectiveness of cybersecurity programs and controls. The program covers topics such as risk management, security governance, incident management, and compliance with industry standards and regulations.
The event is aimed at professionals who work in cybersecurity, IT, audit, risk management, and compliance roles. It is also ideal for individuals looking to improve their knowledge and skills in the field of cybersecurity auditing. The training is delivered by experienced instructors who have a deep understanding of the industry and the latest trends and developments.
In this CPE training session, the instructor possesses a significant amount of experience in the industry and is well versed in the latest trends and developments in the field of cybersecurity. The training is approved for Continuing Professional Education (CPE) credits, making it a valuable investment for individuals looking to maintain their professional certifications, i.e. CIA, CISA, CPA and CFE.