Cybersecurity for Non-IT Auditors

Seminar Overview

Cyber Security is the highest risk and at the top of the minds of C-suite members at every company. This course will provide a practitioner’s viewpoint for both audit and cyber security professionals. Beginning with underlying fundamentals of cyber security, then going step by step through the primary focus areas, risk prioritization and key audit steps, this is a course for any auditor wanting to learn how to address cyber security as a key audit risk.

Workshop Objectives
  • Select and implement a cybersecurity framework
  • Audit against a cybersecurity framework
  • Develop a prioritized remediation plan
  • Audit cybersecurity maturity
Who should attend
Auditors who want a better understanding of cybersecurity, key risks and audit considerations (NASBA Field of Study: Information Technology).

I. Overview/Key Terms
II. Primary Focus Areas
     a. Protection
          i. Top 4 Control Frameworks
          ii. PCI DSS
          iii. ISO 27001 / 27002
          iv. CIS Critical Security Controls
          v. NIST CSF (Cybersecurity Framework)
     b. Detection
          i. Technical Controls designed to discover the occurrence of a cybersecurity event in a timely manner
          ii. Review Examples of Detection Capabilities
     c. Response
          i. Crisis Management
          ii. Incident Response
     d. Recover
          i. Resilience
               1. Business Continuity
               2. Disaster Recovery

III. Continuous Improvement
     a. Cyber Security Strategy Review

IV. IT Risk Management
     a. IT Risk Prioritization
     b. IT Risk Register
     c. Executive Reporting

V. Key Audit Steps