Cybersecurity Audit School - ITG250

CyberSecurity Audit School

Cybersecurity Audit School - ITG250

Upcoming Dates & Locations

Onsite - Dallas
Sep 13th, 2021 - Sep 16th, 2021
Onsite - Dubai
Dec 12th, 2021 - Dec 15th, 2021

Cybersecurity Audit School - ITG250


Price: $2063.00


Students explore cybersecurity scenarios designed to reinforce the knowledge of effective control design, execution, risk warning signs and investigative techniques during audits. The course covers trends in cybercrime including spyware, ransomware, hacker attack types, risk assessment, how to develop a cyber awareness program, asset and configuration management, application protections, and best practices to reduce the impact of cyberattacks.

Who Should Attend

Auditors and IT professionals seeking a foundational understanding of Cybersecurity


  • Fundamentals of Internal Audit (OAG101)
  • IT Audit School (ITG121) or equivalent experience

What You’ll Learn

You will learn what controls are needed, where the controls should be positioned and how to perform substantive tests to assess the cybersecurity controls.


1. What is Cybersecurity?

  • cybersecurity basics including its connection with information security and data privacy
  • ITGC–where it fits
  • trends in cybercrime, analysis and technology (preventing, detecting, eradicating and disclosing): Malware, spyware/adware, ransomware, wiper, and account jacking
  • overview of frameworks, Standards and guidelines including NIST cybersecurity framework, CIS/SANS, OWASP, cloud alliance and several related NIST 800 Series Guidelines

2. How Hackers Attack:

  • physical and logical security
  • logs
  • email
  • IoT

3. Cyber Law and Ethics

4. Cyber Insurance Fundamentals

5. Contract Basics:

  • critical contract components
  • data considerations: at inception, at rest, in transit, at end of life “data destruction”, and at contract termination
  • SSAE18 SOC1 & SOC2+

6. The OSI Model

7. Asset and Configuration Management

8. Application Protections:

  • least privilege
  • federated security
  • single sign-on
  • identity management & role-based access
  • application
  • database
  • operating system
  • internal network
  • perimeter network
  • backup and restoral (in-house, cloud)

9. Cybersecurity Prevention 101: What can companies do to reduce the impact of cyber-attack?

  • tools to detect and stop hackers
  • dormant account monitoring
  • DLP, IDS, IPS, LDAP, Exchange
  • mobile management
  • port, protocol and services monitoring
  • vulnerability assessments and penetration testing
    1. scans (hardware, software, traffic)
    2. process
    3. social engineeringcorrective controls: incident management, BCP, DR

10. Investigation Techniques:

  • rules of evident collection
  • introduction to developing queries

11. Other Critical Processes:

  • patch management
  • threat analysis
  • cybersecurity risk assessment

12. Developing a Cyber Awareness Program

13. The Auditors Role in Cyber Defense

14. Scoping and Auditing Cybersecurity

Why You Should Attend

You should attend so you can better help your organization protect itself from hackers and other bad actors that have motives and skills to exploit and take advantage of cybersecurity weaknesses.

MIS Training Institute is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: