top of page
SOX Compliance for Cybersecurity Assessments - In-Person

SOX Compliance for Cybersecurity Assessments - In-Person

SOX Compliance for Cybersecurity Assessments: Strengthening Internal Controls


While the Sarbanes-Oxley Act does not explicitly address cybersecurity, the SEC's release of the "Commission Statement and Guidance on Public Company Cybersecurity Disclosures" has made cybersecurity programs a crucial compliance consideration for issuers.


With advancing technology and increasing data usage, companies face a range of potential risk events that could significantly impact their financial statements.


SOX Cybersecurity compliance entails the implementation of robust internal control processes by public companies to mitigate identified and disclosed cybersecurity risks.


Join us for this event focused on:

  • Gaining a comprehensive understanding of the SEC's guidance on cybersecurity assessments.
  • Establishing and maintaining a comprehensive set of policies and procedures to address cybersecurity risks and internal controls.
  • Developing and operating effective cybersecurity internal controls.
  • Meeting the issuer's disclosure obligations under federal securities laws.
  • Emphasizing compliance with insider trading prohibitions and the obligation to avoid selective disclosure of material nonpublic information related to cybersecurity risks or incidents.


This timely four-hour CPE seminar is specifically designed for professionals in internal audit management, compliance management, controllership roles, CFOs, and others responsible for creating value within the cybersecurity internal control framework.


This internal control training course will provide each attendee with 4 CPE Event Hours (YB) and receive a certificate of completion, demonstrating their expertise in SOX compliance for cybersecurity assessments.


Don't miss this opportunity to enhance your knowledge and strengthen your organization's cybersecurity controls. Register now to gain valuable insights and practical strategies that will ensure compliance and protect your company's financial integrity.

  • Details on Event Presentation

    Being offered on Thursdays at 8:45 a.m. to 12:30 p.m.

  • CPE Event Highlights

    This CPE event reviews and answers the following questions:

    • SEC Cybersecurity Disclosure

    • Frameworks to guide cybersecurity risk mitigation

    • Cybersecurity risk assessment

    • Testing cybersecurity controls

  • Learning Objectives

    • Defining “SOX for Cybersecurity” compliance
    • Learning the reasons behind the need for stronger cybersecurity controls
    • Understanding the structure of IT departments and their support services
    • Conducting an IT Risk Assessment
    • Understanding the categories of IT general controls and IT application controls
    • Identifying the specific additional controls and tests to mitigate SOX Cybersecurity risks
  • Key Issues on the Agenda

    Section 1 - Introduction and Definitions

    • What is SOX for Cybersecuirty Compliance?

    • SEC Cybersecurity Disclosure

    Section 2 - Overview of Computer Systems and IT Audits

    • Information Technology Systems

    • Information Technology Audits

    • Benefits of Internal Contols

    Section 3 - Internal Control Frameworks Impacting SOX Cyber

    • What is a "System of Internal Contol"?

    • COSO 2013 Internal Control Framework

    • IT Control "Frameworks"

    Section 4 - IT Controls for SOX Compliance

    • SOX Compliance Audits

    • General Controls

    • Activity Controls

    Section 5 - SOX for Cybersecurity (SOXCS) Implementation Guidance

    • SOX for Cybersecurity Implementation

    • Understanding the IT Organizaiton

    • Segregation of Duties

    • IT Infrastruture Components

    Section 6 - Assessing Information Technology Risks

    • Cybersecurity Risk Assessment

    • "Heat-Map"  the Risks

    • People Create Cybersecurity Risk

    Section 7 - Physical Security Controls for SOXCS

    • Physical security

    • What's New in Physical Security?

    • Physical Security Tests

    Section 8 - Logical Security Controls

    • Testing Logical Security Controls

    • "ACDs" Adds, Changes and Deletes to Access

    • Role-Based Security

    • User Entitilement

    • Segregation of Duties Conflicts

    • Network Vulnerabilites

    • Firewall Configuration

    • Privileged Accounts

    • Service Accounts

    • Network Segmentation

    • Patch Management

    • Anti-Virus Protection

    • Encryption

    • Data Loss Prevention Controls

    Section 9 - Systems Development and Change Controls

    • SDLC Policy and Controls

    • Financial Application Change Controls

    • Interface Controls

    Section 10 - Backup and Restoration Controls

    • Backup Schedules and Logs
    • Restoration Testing

    Section 11 - Summary

  • NASBA Program Disclosure

    Program Level of Understanding: Intermediate
    Prerequisites: Basic understanding of auditing and IT security
    Advance Preparation: None
    Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
    NASBA Field(s) of Study: "Auditing" and "Information Technology"
    CPE Credits: 4, based on 50 minutes of instruction per hour

  • Summary of the Subject Matter

    The "Sarbanes-Oxley Act Compliance for Cybersecurity Assessments" CPE training event is a comprehensive program designed to help attendees understand the SOX compliance requirements for cybersecurity assessments.


    This training covers the key provisions of the Sarbanes-Oxley Act (SOX) and how they apply to an organization's information security practices, including assessments of internal control systems, risk management, and data protection. Participants will gain a deep understanding of the COSO 2013 framework for Internal Controls Over Financial Reporting (ICFR) and how it can be used to ensure SOX compliance. The event will provide a thorough overview of the ICFR framework and its components, as well as best practices for implementing and maintaining ICFR controls.


    The ICFR SOX Compliance training will be delivered by expert instructors and feature interactive sessions and real-world case studies, providing attendees with practical knowledge and skills that can be immediately applied to their own organizations.


    The program is designed for professionals looking to build their knowledge and skills in SOX compliance, ICFR training, and cybersecurity assessments. By attending this CPE training event, participants will gain a comprehensive understanding of the requirements and best practices for SOX compliance in the area of cybersecurity assessments.

bottom of page