Video Game

Auditing Cyber Security Programs

Offered in-person in various cites each month on Monday-Wednesdays in three eight hour CPE events

Cybersecurity is one of the biggest internal control areas that need executive attention.

You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data.

"Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!"

Sound familiar? Hundreds of Security, Compliance and Audit professionals have faced this dilemma.

As we know, cybersecurity breaches occur throughout the world on a daily basis, and many are unreported. ALL organizations are vulnerable...including our most "secure" government agencies, financial institutions and public utility companies. A comprehensive cybersecurity program is an absolutely essential component of a system of internal control.

How can you assess its effectiveness? Have you conducted an audit? What are the common and not-so-common deficiencies? How can we improve our "security resiliency"?

Please join us for this valuable in-person, interactive training, and allow our expert instructors to carefully guide you as to how to assess the controls and processes of your organization's cybersecurity program. We will transfer our knowledge of this important topic to you in an educational, enjoyable manner. We will provide you with the information to enhance the effectiveness of your cybersecurity program.

This comprehensive in-person event is designed for Internal Auditors, Compliance Analysts, Security Officers and Administrators. Let's learn, grow, and enhance our Security effectiveness! Sign up now!

Each attendee will receive 24 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.

Program Level of Understanding: Intermediate
Prerequisites: Basic understanding of auditing and IT security
Advance Preparation: None
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: "Auditing" and "Information Technology"
CPE Credits: 24, based on 50 minutes of instruction per hour

Seminar Highlights

Obtain a comprehensive understanding of the best-practice components of a Cybersecurity Program and the methods to audit the program.

Learning Objectives

  • Learn the relationship between risk, control, and audits

  • Understand the core features of an effective Cybersecurity Program

  • Assess the risks posed by Insider and Outsider threats

  • Identify the processes of Account Management

  • Determine methods to limit Privileged accounts

  • Identify the stages of a Cybersecurity attack

  • Learn the tools and techniques for continuous monitoring of security events

  • Identify methods to remediate security vulnerabilities

Key Concepts on the Agenda


Introduction Section 1 Introduction and Learning Objectives
Section 2 Overview, Definitions and Concepts: Internal Control and Auditing
Section 3 Components of Cybersecurity Programs
Section 4 Internal Control and Cybersecurity Frameworks
Section 5 AICPA Cybersecurity Risk Assessments
Section 6 Security Certifications
Section 7 Security and Privacy Laws and Regulations
Section 8 Breach Disclosure Requirements
Section 9 Understanding the Mission of the Organization
Section 10 Tone at the Top - The Auditor's Influence
Section 11 The Role of the CSO/ CISO
Section 12 Evaluating a Cybersecurity Risk Assessment
Section 13 Security Policy Development, Administration and Auditing
Section 14 Data Classification and Protection Methods
Section 15 Protecting the Physical Equipment
Section 16 Assessing Controls in Network Components
Section 17 Account Authentication
Section 18 Controlling Your Endpoints
Section 19 DevOps Application Security
Section 20 Configuration Management
Section 21 Asset Audits
Section 22 Vendor Management
Section 23 Command, Communication and Control
Section 24 Testing the Controls
Section 25 Corrective Action Plans
Section 26 Case Study: Anatomy of an Attack
Section 27 Countermeasures
Section 28 Summary and Wrap-Up