top of page
Auditing Cybersecurity Programs - In-Person

Auditing Cybersecurity Programs - In-Person

Cybersecurity is one of the biggest internal control areas that need executive attention.


You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data. "Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!" Sound familiar?


Hundreds of Security, Compliance and Audit professionals have faced this dilemma. As we know, cybersecurity breaches occur throughout the world on a daily basis, and many are unreported. ALL organizations are vulnerable...including our most "secure" government agencies, financial institutions and public utility companies. A comprehensive cybersecurity program is an absolutely essential component of a system of internal control. How can you assess its effectiveness? Have you conducted an audit? What are the common and not-so-common deficiencies? How can we improve our "security resiliency"?


Please join us for this valuable in-person, interactive training, and allow our expert instructors to carefully guide you as to how to assess the controls and processes of your organization's cybersecurity program. We will transfer our knowledge of this important topic to you in an educational, enjoyable manner. We will provide you with the information to enhance the effectiveness of your cybersecurity program.


This comprehensive in-person event is designed for Internal Auditors, Compliance Analysts, Security Officers and Administrators. Let's learn, grow, and enhance our Security effectiveness! Sign up now! This course is designed for professionals experienced in working with internal controls and ERM programs.


Each attendee will receive 24 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.

  • Details on Event Presentation


    The sessions will be as follows:

    Monday – 9:00 a.m. to 5:00 p.m.

    Tuesday - 9:00 a.m. to 5:00 p.m.

    Wednesday - 9:00 a.m. to 4:00 p.m.

    Offered in-person in various cites each month on Monday-Wednesdays in sessions.

  • CPE Event Highlights

    In attending this event you will obtain a comprehensive understanding of the best-practice components of a Cybersecurity Program and the methods to audit that information security program.

  • Learning Objectives

    • Learn the relationship between risk, control, and audits

    • Understand the core features of an effective Cybersecurity Program

    • Assess the risks posed by Insider and Outsider threats

    • Identify the processes of Account Management

    • Determine methods to limit Privileged accounts

    • Identify the stages of a Cybersecurity attack

    • Learn the tools and techniques for continuous monitoring of security events

    • Identify methods to remediate security vulnerabilities

  • Key Issues on the Agenda

    Introduction Section 1 Introduction and Learning Objectives
    Section 2 Overview, Definitions and Concepts: Internal Control and Auditing
    Section 3 Components of Cybersecurity Programs
    Section 4 Internal Control and Cybersecurity Frameworks
    Section 5 AICPA Cybersecurity Risk Assessments
    Section 6 Security Certifications
    Section 7 Security and Privacy Laws and Regulations
    Section 8 Breach Disclosure Requirements
    Section 9 Understanding the Mission of the Organization
    Section 10 Tone at the Top - The Auditor's Influence
    Section 11 The Role of the CSO/ CISO
    Section 12 Evaluating a Cybersecurity Risk Assessment
    Section 13 Security Policy Development, Administration and Auditing
    Section 14 Data Classification and Protection Methods
    Section 15 Protecting the Physical Equipment
    Section 16 Assessing Controls in Network Components
    Section 17 Account Authentication
    Section 18 Controlling Your Endpoints
    Section 19 DevOps Application Security
    Section 20 Configuration Management
    Section 21 Asset Audits
    Section 22 Vendor Management
    Section 23 Command, Communication and Control
    Section 24 Testing the Controls
    Section 25 Corrective Action Plans
    Section 26 Case Study: Anatomy of an Attack
    Section 27 Countermeasures
    Section 28 Summary and Wrap-Up

  • NASBA Program Disclosure

    Program Level of Understanding: Intermediate

    Prerequisites: Basic understanding of auditing and IT security

    Advance Preparation: None

    Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)

    NASBA Field(s) of Study: "Auditing" and "Information Technology"

    CPE Credits: 24, based on 50 minutes of instruction per hour

  • Summary of the Subject Matter

    The Auditing Cybersecurity Programs CPE training event is a comprehensive program designed to help professionals improve their knowledge and skills in the field of cybersecurity auditing. Hosted by Dave Marshall, CCS founder, this event provides participants with a deep dive into the latest techniques and best practices for auditing cybersecurity programs.


    Throughout the training, attendees will have the opportunity to interact with an industry expert and network with other professionals in the cybersecurity field. The CPE event is designed for individuals working in IT, internal audit, risk management, and compliance roles. It is also designed for anyone looking to improve their knowledge and skills in cybersecurity auditing.

    Attendees will learn about the fundamental concepts of cybersecurity and how to assess the effectiveness of cybersecurity programs and controls. The program covers topics such as risk management, security governance, incident management, and compliance with industry standards and regulations.


    The event is aimed at professionals who work in cybersecurity, IT, audit, risk management, and compliance roles. It is also ideal for individuals looking to improve their knowledge and skills in the field of cybersecurity auditing. The training is delivered by experienced instructors who have a deep understanding of the industry and the latest trends and developments.


    In this CPE training session, the instructor possesses a significant amount of experience in the industry and is well versed in the latest trends and developments in the field of cybersecurity. The training is approved for Continuing Professional Education (CPE) credits, making it a valuable investment for individuals looking to maintain their professional certifications, i.e. CIA, CISA, CPA and CFE.

bottom of page