Cybersecurity Audit School
Cybersecurity
Cybersecurity Audit School Overview
[MUSIC]
Welcome the Cybersecurity Audit school,
I'm Dr. Hernan Murdoch,
I'm a certified internal auditor and also
certified and risk management assurance.
And I'd like to welcome you to this very
important and timely course with me is Mr.
Ron Werner Ron, introduce yourself.
Hello or not and hello,
everyone who's watching I'm Ron Warner,
I've been a certified cybersecurity
professional for well over 20 years.
I've worked with the military
Fortune 500 companies
as a cyber security consultant and
now, as a cybersecurity educator.
I go around the country helping
organizations secure their infrastructure
as well as training organizations to
how to be more safe and secure on
the Internet, in conducting business
both personal and for organizations.
It's really my pleasure to be
able to join you in this journey,
to understand how cybersecurity
relates to audit.
Cybersecurity has been important for
a few years now is important today,
and all indicators are that it will
be continuing to be very important.
As we look into the future, practitioners
are going to find a lot of content
relevant to what they need to
know to do their jobs well, and
auditors also need to know how to
go about doing these assessments.
How these audits can be conducted,
what kind of best practices
to employ as they're preparing, conducting
and communicating their results.
This course provides all of that
information for you, very relevant,
very timely, a lot of best practices,
tips, tools and
techniques that you can use
immediately in your job.
And as you grow in your career, I hope
you join us because we have a lot of
content to share with you is going to
be a lot of fun, you will learn a lot,
I hope you join us.
Overview
This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.
Why you should take this course.
For users with an introductory knowledge of this topic, and are searching for additional information and its application.
Here are the learning objectives we'll cover.
- Understand security fundamentals, including core security principles, critical security controls, and best practices for securing information technologies, operations, and data.
- Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs.
- Evaluate an organization’s technical, operational, and management infrastructure against common security principles and compliance controls
Here are the topics we'll cover.
-
Cybersecurity Overview
- Cybersecurity key concepts
- Cybersecurity history and breaches
- Types of cyber-attacks - human
- Types of cyber-attacks – technical
- Cybersecurity frameworks, standards, and regulations
- NIST framework and standards
- Industry frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)
- Cybersecurity oversight, governance, and compliance
- Security policies
- Security risk management overview
- Threat analysis
- Security risk management in practice
-
Asset Management
- Asset Identification and Inventory
- Third-party/service provider management
- Business impact assessment
- Configuration management and change control
-
Cybersecurity Protection Techniques
- Defending business assets overview
- Identity and access management
- Authentication and authorization
- Vulnerability and patch management
- Security awareness
- Physical security
- Personnel security
- Computer networking fundamentals
- Network defenses
- Network security access controls
- Endpoint and system security configuration
- Endpoint and system security protection
- Application security
- Cloud and virtualization security
-
Encryption, Digital Signatures, and Data Protection
- Encryption concepts
- Cryptographic algorithms
- Encryption – public key infrastructure
- Data protection techniques
- Data privacy controls
-
Event Detection, Incident Response, and Recovery
- Logging, monitoring, and alerting
- Incident response (IR) planning
- Incident response (IR) testing
- Digital forensics
- Recovering data and systems
- Business continuity and contingency planning
-
Auditing Cybersecurity
- The auditor’s role
- CISO’s role
- Establishing audit scope
- Building the audit plan
- Cybersecurity evaluation methods
- Vulnerability assessments, scanning and testing
- Penetration testing
- Security maturity models (CMMI)
- Auditing using NIST frameworks
- Auditing with other security frameworks and standards
- Auditing cybersecurity using the payment card industry (PCI)
- Cybersecurity auditing examples
-
Audit Evidence and Reporting
- Collecting and organizing cybersecurity evidence
- NIST reporting requirements
- Prioritizing risks and influencing decisions
-
Course Wrap-up
- Course summary and conclusion
Learning Style
On Demand
Level
Intermediate
Includes
Assessment
Who this course is for
Auditors and IT professionals seeking a foundational understanding of cybersecurity.
NASBA Certified CPE
32 credits
Field of Study
Auditing
Length of course
32h
Advanced Preparation
None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact SalesACI Learning is registered with NASBA
ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/