Cybersecurity Audit School

Cybersecurity
Cybersecurity Audit School Overview
Clock icon0h 1m
[MUSIC] Welcome the Cybersecurity Audit school, I'm Dr. Hernan Murdoch, I'm a certified internal auditor and also certified and risk management assurance. And I'd like to welcome you to this very important and timely course with me is Mr. Ron Werner Ron, introduce yourself. Hello or not and hello, everyone who's watching I'm Ron Warner, I've been a certified cybersecurity professional for well over 20 years. I've worked with the military Fortune 500 companies as a cyber security consultant and now, as a cybersecurity educator. I go around the country helping organizations secure their infrastructure as well as training organizations to how to be more safe and secure on the Internet, in conducting business both personal and for organizations. It's really my pleasure to be able to join you in this journey, to understand how cybersecurity relates to audit. Cybersecurity has been important for a few years now is important today, and all indicators are that it will be continuing to be very important. As we look into the future, practitioners are going to find a lot of content relevant to what they need to know to do their jobs well, and auditors also need to know how to go about doing these assessments. How these audits can be conducted, what kind of best practices to employ as they're preparing, conducting and communicating their results. This course provides all of that information for you, very relevant, very timely, a lot of best practices, tips, tools and techniques that you can use immediately in your job. And as you grow in your career, I hope you join us because we have a lot of content to share with you is going to be a lot of fun, you will learn a lot, I hope you join us.

Overview

This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.

Why you should take this course.

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Here are the learning objectives we'll cover.

  • Understand security fundamentals, including core security principles, critical security controls, and best practices for securing information technologies, operations, and data.
  • Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs.
  • Evaluate an organization’s technical, operational, and management infrastructure against common security principles and compliance controls

Here are the topics we'll cover.

  1. Cybersecurity Overview

    • Cybersecurity key concepts
    • Cybersecurity history and breaches
    • Types of cyber-attacks - human
    • Types of cyber-attacks – technical
    • Cybersecurity frameworks, standards, and regulations
    • NIST framework and standards
    • Industry frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)
    • Cybersecurity oversight, governance, and compliance
    • Security policies
    • Security risk management overview
    • Threat analysis
    • Security risk management in practice
  2. Asset Management

    • Asset Identification and Inventory
    • Third-party/service provider management
    • Business impact assessment
    • Configuration management and change control
  3. Cybersecurity Protection Techniques

    • Defending business assets overview
    • Identity and access management
    • Authentication and authorization
    • Vulnerability and patch management
    • Security awareness
    • Physical security
    • Personnel security
    • Computer networking fundamentals
    • Network defenses
    • Network security access controls
    • Endpoint and system security configuration
    • Endpoint and system security protection
    • Application security
    • Cloud and virtualization security
  4. Encryption, Digital Signatures, and Data Protection

    • Encryption concepts
    • Cryptographic algorithms
    • Encryption – public key infrastructure
    • Data protection techniques
    • Data privacy controls
  5. Event Detection, Incident Response, and Recovery

    • Logging, monitoring, and alerting
    • Incident response (IR) planning
    • Incident response (IR) testing
    • Digital forensics
    • Recovering data and systems
    • Business continuity and contingency planning
  6. Auditing Cybersecurity

    • The auditor’s role
    • CISO’s role
    • Establishing audit scope
    • Building the audit plan
    • Cybersecurity evaluation methods
    • Vulnerability assessments, scanning and testing
    • Penetration testing
    • Security maturity models (CMMI)
    • Auditing using NIST frameworks
    • Auditing with other security frameworks and standards
    • Auditing cybersecurity using the payment card industry (PCI)
    • Cybersecurity auditing examples
  7. Audit Evidence and Reporting

    • Collecting and organizing cybersecurity evidence
    • NIST reporting requirements
    • Prioritizing risks and influencing decisions
  8. Course Wrap-up

    • Course summary and conclusion

Learning Style

On Demand

Level

Intermediate

Includes

Assessment

Who this course is for

Auditors and IT professionals seeking a foundational understanding of cybersecurity.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Prerequisites

Introduction to Information Security
or equivalent experience

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact Sales

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/