Auditing Cybersecurity Risk Management Programs
Cybersecurity is one of the biggest internal control areas which needs to have executive attention backed up by an effective cybersecurity program and staff.
During March to December 2020 SolarWinds security monitoring software was breached when Russian hackers embedded a backdoor into its security monitoring product. Many US Government Agencies and 14,000 other organizations were breached. If this can happen to a security software company that US and large companies use, then it can happen to you.
In light of the increasing volume and sophistication of cyber threats, CCS has developed this event to guide an internal audit function providing a Cybersecurity Program Assessment. This event will help organizations to identify and determine their cybersecurity risk program's level of control maturity.
An effective cybersecurity risk program requires an organization to have everything from program policies to incident response plans to specific breach notification procedures. Banking and insurance organizations also have to certify compliance to their regulators. It is important to learn how to assess cybersecurity risk programs.
This CPE training focuses on describing the effective components of a modern cybersecurity risk management program. The attendees will be prepared to start with the evaluation of the existing inherent risk profile for the organization. They will then be able to discuss with senior management, the audit committee, and the board of directors how to proceed in looking at the maturity of the existing controls against the inherent risk profile. This event looks at how to determine the level of maturity of the following components of an organization's program:
. Cyber Risk Management and Oversight
. Threat Intelligence and Collaboration
. Cybersecurity Controls
. External Dependency Management
. Cyber Incident Management and Resilience
This comprehensive audit training course is for anyone who wants to have a strong base of knowledge and understanding of the essential items within the scope of a cybersecurity risk management program assessment.
We cover an overview of ten principles that need to be considered within a Cybersecurity Risk Management Program in a short video available on YouTube. Here is a link to it:
Cybersecurity Risk Management Principles
This timely, 12 hours of CPE audit training seminar is designed for the audit management, senior auditors and others who have to create effective internal audit of a comprehensive cybersecurity program and the related documents.
Links to details on this internal audit training course::
. Seminar Highlights
. Learning Objectives
. Key Issues on the Agenda
The cost of this internal audit training seminar is $940.00 for the first attendee from a single organization. Discounts are available for more than one attendee from each organization: (2) $1,785.00 (3) $2,530.00 (4) $3,190.00 (5) $3,760.00.
To reserve your space, click on the "SIGN-UP NOW!" link in the right margin, complete the registration form and use the corresponding "Submit Registration Form and Move to Payment Options Page" button for filing the registration and moving to the payment page.
Each attendee will receive 12 CPE Hours (YB). A certificate of completion will be provided.
Program Level of Understanding: Basic
Advance Preparation: None
Delivery Format: Group Internet Based
NASBA Field(s) of Study: Auditing, Information Technology, Business Law
CPE Credits: 12, based on 50 minutes of instruction per hour
Testimonials concerning this internal audit training course:
Our instructors are experts in risk management, auditing, corporate accounting, executive management, information technology and CPA firm operations. Our goal is to provide expert advice on COSO ERM, COSO, FDICIA, COBIT, NIST, ITIL, CMMI, FCPA, PCAOB standards, AICPA standards and cyber risk management.
Course Duration: 3 Half-Days; CPE Credits: 12; Knowledge Level: Basic; Field of Study: Information Technology, Risk Assessment, Audit; Delivery Format: Virtual Group-Live Presentation; Prerequisites: None; Advance Preparation: None.
Upcoming Virtual Auditing Cybersecurity Risk Programs Events:
top of page
. What are the goals of a cybersecurity risk program?
. What is the definition of "cybersecurity event"?
. What is contained in an "Information Security Program"?
. What is nonpublic information under an information security program?
. What is "publicly available information"?
. How do you review a cybersecurity risk assessment?
top of page
. Attendees will see how cybersecurity risk management is an evolving art.
. Attendees will understand inherent risk assessment from the cybersecurity viewpoint.
. Attendees will have examples of cybersecurity risk management internal controls.
. Attendees will know the components in an effective information security program assessment.
top of page
Key Issues on the Agenda
top of page
Experts Providing Internal Audit Training Events
Introduction and Overview
. About Us and About Your Instructors
. Who are You?
. What are Your Needs?
. What is "Cybersecurity Risk"?
. This is War!
. Key Players in Cyber Risk Standards
Section 1 - Creating an Inherent Risk Profile
. Technologies and Connection Types
. Delivery Channels
. Online/Mobile Products and Technology Services
. Organizational Characteristics
. External Threats
Section 2 - Cyber Risk Management and Oversight Control Domain
. Risk Management
. Training and Culture
Section 3 - Threat Intelligence and Collaboration Control Domain
. Threat Intelligence
. Monitoring and Analyzing
. Information Sharing
Section 4 - Cybersecurity Control Domain
. Preventative Controls
. Detective Controls
. Corrective Controls
Section 5 - External Dependency Management Control Domain
. Relationship Management
Section 6 - Cyber Incident Management and Resilience Control Domain
. Incident Resilience Planning & Strategy
.Detection, Response, & Mitigation
.Escalation & Reporting
Section 7 - Summary and Wrap-Up
. "Information Security Program" Assessed
. "Reactive" or "Proactive"
. Your Keys to Success!
Corporate Compliance Seminars (CCS) was created by experts who enjoy providing CPE training events. All our experts have years of experience in providing training courses, workshops and consulting on internal controls, internal auditing, information technology, cybersecurity and accounting related subjects. We have focused on SOX, COSO, PCAOB, COBIT, CMMI, GRC, GAAP, IFRS, AICPA, GAO, NAIC, ISO, and IIA Standards. We are your best source for continuing professional education (CPE).
Our programs, live in-person, webinar and on-demand, provide CPE for professionals with CPA, CGA, CIA, CFE, CISA, CMA and CA designations. CCS is focused on providing the best learning programs in using three distinct distribution channels: live in-person events, virtual webinar events and on-demand self-study e-learning.
Corporate Compliance Seminars presents CPE to a range of professionals, auditors, accountants, finance staff, compliance personnel, information technology (IT) professionals, Boards of Directors and Audit Committees. We examine the details of risk management, Sarbanes-Oxley Act compliance, Model Audit Rule (MAR) compliance, auditing, internal controls, cybersecurity and compliance, and fraud prevention and detection.
Within the U.S.A. marketplace, Corporate Compliance Seminars allows the attendee to earn NASBA CPE credit.
Our events focus on the details of the Sarbanes-Oxley Act of 2002 (SOX), Internal Controls over Financial Reporting (ICFR), Committee of Sponsoring Organizations of the Treadway Commission (COSO) Internal Control Frameworks, ISACA's Control Objectives over Information Technology (COBIT), Information Technology Infrastructure Library (ITIL), Open Compliance & Ethics Group's (OCEG) Governance, Risk & Compliance (GRC) methodology, PCAOB's Auditing Standard 5 (AS5), AICPA auditing standards, and NAIC regulatory model regulations and acts .
Our live in-person events are generally presented in a small classroom setting with two to five attendees. Over the last few weeks, we have come to the understand we need to provide distant e-learning events. We are now in the process of moving all our content to an online available status. We have created distant e-learning opportunities using both a virtual webinar event approach and on-demand e-learning self-study modules. These two e-learning approaches: webinars and on-demand self-study with extended web access to our content into the global continuing professional development (CPD) marketplace. In the webinar e-learning events we will limit the number of students to maximize the interaction between the live instructor and attendees. The on-demand self-study e-learning modules will be created and offered to meet the NASBA CPE credit requirements .
Our seminars provide CPE for the CPA, CFE, CIA, CISA, auditors and others with effective and engaging internal audit training courses.
Our instructors have had direct experience in the following industries: financial activities, bank, insurance, healthcare, construction, leisure and hospitality, professional and business services, mining and oil & gas extraction, manufacturing, educational, government agencies, transportation, software, technical, hi-tech and agricultural.
top of page