Cybersecurity for Non-IT Auditors
Seminar Overview
Cyber Security is the highest risk and at the top of the minds of C-suite members at every company. This course will provide a practitioner’s viewpoint for both audit and cyber security professionals. Beginning with underlying fundamentals of cyber security, then going step by step through the primary focus areas, risk prioritization and key audit steps, this is a course for any auditor wanting to learn how to address cyber security as a key audit risk.
Workshop Objectives
Who should attend
Auditors who want a better understanding of cybersecurity, key risks and audit considerations (NASBA Field of Study: Information Technology).
Agenda
I. Overview/Key Terms
II. Primary Focus Areas
a. Protection
i. Top 4 Control Frameworks
ii. PCI DSS
iii. ISO 27001 / 27002
iv. CIS Critical Security Controls
v. NIST CSF (Cybersecurity Framework)
b. Detection
i. Technical Controls designed to discover the occurrence of a cybersecurity event in a timely manner
ii. Review Examples of Detection Capabilities
c. Response
i. Crisis Management
ii. Incident Response
d. Recover
i. Resilience
1. Business Continuity
2. Disaster Recovery
II. Primary Focus Areas
a. Protection
i. Top 4 Control Frameworks
ii. PCI DSS
iii. ISO 27001 / 27002
iv. CIS Critical Security Controls
v. NIST CSF (Cybersecurity Framework)
b. Detection
i. Technical Controls designed to discover the occurrence of a cybersecurity event in a timely manner
ii. Review Examples of Detection Capabilities
c. Response
i. Crisis Management
ii. Incident Response
d. Recover
i. Resilience
1. Business Continuity
2. Disaster Recovery
III. Continuous Improvement
a. Cyber Security Strategy Review
IV. IT Risk Management
a. IT Risk Prioritization
b. IT Risk Register
c. Executive Reporting
V. Key Audit Steps