Cybersecurity Audit School

Cybersecurity

Overview

This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the topics we'll cover.

  1. Cybersecurity Overview

    • Cybersecurity key concepts
    • Cybersecurity history and breaches
    • Types of cyber-attacks - human
    • Types of cyber-attacks – technical
    • Cybersecurity frameworks, standards, and regulations
    • NIST framework and standards
    • Industry frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)
    • Cybersecurity oversight, governance, and compliance
    • Security policies
    • Security risk management overview
    • Threat analysis
    • Security risk management in practice

  2. Asset Management

    • Asset Identification and Inventory
    • Third-party/service provider management
    • Business impact assessment
    • Configuration management and change control

  3. Cybersecurity Protection Techniques

    • Defending business assets overview
    • Identity and access management
    • Authentication and authorization
    • Vulnerability and patch management
    • Security awareness
    • Physical security
    • Personnel security
    • Computer networking fundamentals
    • Network defenses
    • Network security access controls
    • Endpoint and system security configuration
    • Endpoint and system security protection
    • Application security
    • Cloud and virtualization security

  4. Encryption, Digital Signatures, and Data Protection

    • Encryption concepts
    • Cryptographic algorithms
    • Encryption – public key infrastructure
    • Data protection techniques
    • Data privacy controls

  5. Event Detection, Incident Response, and Recovery

    • Logging, monitoring, and alerting
    • Incident response (IR) planning
    • Incident response (IR) testing
    • Digital forensics
    • Recovering data and systems
    • Business continuity and contingency planning

  6. Auditing Cybersecurity

    • The auditor’s role
    • CISO’s role
    • Establishing audit scope
    • Building the audit plan
    • Cybersecurity evaluation methods
    • Vulnerability assessments, scanning and testing
    • Penetration testing
    • Security maturity models (CMMI)
    • Auditing using NIST frameworks
    • Auditing with other security frameworks and standards
    • Auditing cybersecurity using the payment card industry (PCI)
    • Cybersecurity auditing examples

  7. Audit Evidence and Reporting

    • Collecting and organizing cybersecurity evidence
    • NIST reporting requirements
    • Prioritizing risks and influencing decisions

  8. Course Wrap-up

    • Course summary and conclusion

Learning Style

Instructor Led

Level

Intermediate

Who this course is for

Auditors and IT professionals seeking a foundational understanding of cybersecurity.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Prerequisites

Introduction to Information Security
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Contact Sales

Here are the learning objectives we'll cover

  • Understand security fundamentals, including core security principles, critical security controls, and best practices for securing information technologies, operations, and data.
  • Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs.
  • Evaluate an organization’s technical, operational, and management infrastructure against common security principles and compliance controls

Attendance policy for on-site and online instructor-led training

Students are expected to arrive on time for classes with the proper materials and attitude. An overall attendance rate of 100% is expected to fully absorb the materials and to complete labs. If you have an expected absence, please email support@acilearning.com or your instructor ahead of time. The number of CPEs awarded will be equivalent to the number of hours attended.

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/