top of page
Cybersecurity Tools and Techniques for the Auditor

Cybersecurity Tools and Techniques for the Auditor

"How can we implement a holistic approach to cybersecurity?"


"What methodologies, policies, technologies, and specific tools can we deploy to prevent, detect and monitor cybersecurity threats"?


"How can we build a more effective program?"


As more data breaches are disclosed, cybersecurity is at the forefront of Boards, executives, employees and consumers. Breaches are a continuing threat to an organization's reputation through the disclosure of intellectual property and non-public, confidential information. Organizations must remain vigilant in their attempt to prevent a cyberattack and minimize the damage once it occurs. We must raise the awareness of threats and harden our defenses.


As attacks develop, so does the stakeholder awareness and defensive tools available. To help you be more proactive in maturing your cybersecurity program, we created this training academy based on the best practices or tools to improve cybersecurity at your business.This training program focuses on the policies and software tools needed in a the effective modern cybersecurity risk management program.


The program is divided into the following tool groups:

  • Hardware security.
  • Data encryption at rest.
  • Around-the-clock monitoring.
  • Cybersecurity education.
  • User Access.
  • Phishing threats.
  • Two-factor authentication.
  • Intrusion detection systems.
  • System and application items.
  • Insider threat protection.
  • Self-service


This comprehensive training course is for anyone who wants to have a strong base of knowledge and understanding of the essentials of cybersecurity risk management.


This timely virtual CPE event is designed for the project director, project leader and individuals who have to create effective set of cybersecurity program tools and the related documents.


This internal control training course will provide each attendee with 18 CPE Event Hours (YB). A certificate of completion will be provided.

  • Details on Event Presentation

    Offered on Tuesday-Thursday once every six weeks in three six hour sessions for 18 CPE credits.

    The sessions will run from 9:00 a.m. to 3:00 p.m. Central Time Zone. There will be a lunch break from 12:00 noon to 12:30 p.m. each day.

    We can schedule private events on your timetable for two or more attendees.

    NASBA Program Disclosure

    Program Level of Understanding: Basic

    Prerequisites: None

    Advance Preparation: None

    Delivery Format: Group Internet Based

    NASBA Field(s) of Study: Auditing, Business Management & Organization, Information Technology

    CPE Credits: 10, based on 50 minutes of instruction per hour

  • CPE Event Highlights

    We created this comprehensive seminar to help you become more proactive in the maturity of your cybersecurity program. The class is based on our experience implementing best practices from security experts in industry and agencies. We translate the technical security and networking jargon into plain English. We discuss case studies of breaches and remediation activities.

  • Learning Objectives

    • Attendees will understand the standard definitions and concepts associated with cybersecurity

    • Attendees will identify sources of security information

    • Attendees will know the major laws and regulations governing data security and privacy

    • Attendees will identify popular frameworks for security risk, control and assessment

    • Attendees will recognize how breaches occur and attackers gain access to our systems

    • Attendees will understand the best practice tools and countermeasures for minimizing the impact of a breach

  • Key Issues on the Agenda

    • Introduction and Learning Objectives

    • Overview, Definitions and Concepts

    • Security Organizations and Material

    • Security Certifications

    • Security and Privacy Laws and Regulations

    • Internal Control and Security Frameworks

    • Implementing a Cybersecurity Initiative

    • Security Risk Assessment

    • Strengthening the Control Environment

    • Security Policy Administration

    • Computer Communications, Networks and Firewalls

    • Controls and Countermeasures

    • The Insider Threat

    • The Outsider Threat

    • DevOps Security

    • Asset Security

    • Testing the Internal Controls

    • NIST Security Framework

    • Anatomy of an Attack

    • AICPA Cybersecurity Risk Assessment

    • Securing the Physical Environment

    • Vendor Management and SSAE 18 SOC Audits

    • Configuration Management

    • Personal Cyber Safety Measures

    • Discussion, Documentation and Summary

  • Summary of the Subject Matter

    This CPE event "Cybersecurity Tools and Techniques for the Auditor" is designed to equip auditors with essential knowledge and practical skills related to cybersecurity tools and techniques.

    Attendees can expect to delve into various aspects, including the use of specialized cybersecurity tools, best practices for evaluating and testing cybersecurity controls, and the application of technical expertise in auditing cybersecurity systems. The event aims to provide a comprehensive understanding of how auditors can effectively leverage cybersecurity tools and techniques to assess an organization's cybersecurity posture and identify potential vulnerabilities.

    By attending this event, participants can enhance their proficiency in auditing cybersecurity measures and contribute to strengthening organizational resilience against cyber threats.

  • Authoritative Sources

    Here are some authoritative sources along with web links to expand attendees' knowledge after the CPE event "Cybersecurity Tools and Techniques for the Auditor":

    • NIST Cybersecurity Framework: The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a comprehensive set of guidelines, standards, and best practices for managing cybersecurity risks. Attendees can explore this framework to gain insights into effective cybersecurity risk management.
    • ISO/IEC 27001: The International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) jointly developed the ISO/IEC 27001 standard, which outlines the requirements for establishing, implementing, maintaining, and continually improving an information security management system. This standard serves as a valuable resource for understanding information security risk management.
    • CIS Controls: The Center for Internet Security (CIS) Controls offers a set of best practices for cyber defense that provide specific and actionable ways to stop today's most pervasive and dangerous cyber attacks. Attendees can refer to the CIS Controls for practical guidance on improving cybersecurity posture.

    By delving into these authoritative sources, attendees can further enhance their knowledge and understanding of cybersecurity risk management and strengthen their organization's cybersecurity strategies.

bottom of page