Logging In: Auditing Cybersecurity in an Unsecure World

The Institute of Internal Auditors, Inc.
Training overview
2 days

Course description

IIA- Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World- Reducing IT Risks 

In this Institute of Internal Auditors (IIA) Logging In: Auditing Cybersecurity in an Unsecure World course, professionals will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts. Considering that the average data breach costs a U.S.- based business $5.4 million, cybersecurity is a hot topic in business IT and a major challenge in internal auditing today.

Cybersecurity is as much a business risk as it is a security one, and this IIA course, facilitated by leading IT industry experts, will examine preventive, detective, and corrective controls, as well as how to apply the audit process to a cloud environment. 

Do you have questions about this training and how COVID-19 might affect it?

At findcourses.com we are committed to helping everyone who wants to learn, to learn. So are the training suppliers we partner with.

Get in touch on this page to find out whether there are any changes to this training in light of COVID-19.

Who should attend?

This course is designed for internal auditors involved in IT audits or those involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks.

There are no prerequisites or advance preparation required for this course. 

Training Content

The outline for this course is as follows:

Overview of Cybersecurity

What is Cybersecurity?

  • Definition of Cybersecurity
  • Misconceptions
  • Cybersecurity Evolution
  • Types of Risks and Controls

Preventive Controls

  • Purpose of Preventive Controls
  • Types of Attackers
  • Threat Models
  • Anatomy of a Breach 
    • “The Breach Quadrilateral

Preventing Cyber Incidents

  • Network Controls (Internal and External)
  • Domain and Password Controls
  • Access Methods and User Awareness
  • Application Security
  • Secure Software Development Lifecycle (SSLDC)
  • Data Controls
  • Host and Endpoint Security
  • Vulnerability Management
  • Security Testing

Detective & Corrective Controls

  • Purpose of Detective Controls
  • Detecting Cyber Incidents
  • Log Detail Concepts
  • Security Information and Event Management (SIEM)
    • Traditional Silo-Specific Model
    • Alert Rules
    • Correlation Rules
  • Data and Asset Classification 

  • Purpose of Corrective Controls
  • Incident Response and Investigation Process
    • Incident Scoping and Evidence Preservation
    • Forensic Analysis
    • Defining Period of Compromise
    • Evaluating Risk of Harm to Information
    • Production of Data for Review
  • Corrective Actions
    • Incident Response Tasks
    • Identifying Potential Evidence Sources
  • Detection Dependencies
    • Understanding the Scope of the Breach
    • Identifying Compromised Systems and Applications
    • Determining Scope of Information to Be Preserved
    • Preparing for Future Media and Legal Inquiries

Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws

  • Mitigating Costs and Risks
    • Organizational Programs
    • Specific Preparation Tasks
    • Response Documentation
    • Data Segregation
    • Network and Application Patch Management
    • Backup and Archiving Solutions
    • Enterprise Monitoring Solutions
  • Insurance Overview
    • Security and Privacy Liability
    • Regulatory Defense and Penalties
    • Payment Card Industry Fines and Penalties
    • Breach Response Costs
  • Notification Law Overview
    • Who the Laws Apply To
    • What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider

  • Cloud Providers
    • Assessing the Provider
    • Evaluating the Data
    • Selecting the Provider
    • Annual Assessment/Service Organization Control (SOC) Reports
  • Third-Party Service Providers
    • Contractual Risks
    • Vendor Management Program
    • Individual Contractor Management/Security

The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking

  • Mobile Computing Risks, Control Activities, and Incident Management
  • BYOD Risks, Control Activities, and Incident Management
  • Social Networking Risks, Control Activities, and Incident Management

Cyber Standards

  • Common Standards
    • ISO 2700 Series
    • NIST sp800 Series
  • Common Uses
    • Completeness vs. Correctness
    • Governance Mapping for Regulatory and Insurance Needs

Auditing Common Security Solutions

  • SEIM
  • Data Loss Prevention (DLP)
  • Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
  • Network Segmentation
  • Encryption

Costs

In order to ensure that you receive pricing best suited to your situation, please refer to IIA's website as well as to find out more about IIA's on-site training opportunities. 

Certification / Credits

Certified Internal Auditors (CIAs) completing this course are eligible to receive 16 ​Continuing Professional Education (CPE) hours. 

About The Institute of Internal Auditors, Inc.

IIA-Institute of Internal Auditors

The Institute of Internal Auditors- Training from the Auditing Industry's Leading Authority 

The Institute of Internal Auditors (IIA) is the global voice and leading educator for the internal auditing profession, providing innovative internal audit training as well as engaging, facilitated learning opportunities for its members and customers. IIA auditing courses help you add value...


Read more and show all training delivered by this supplier

Contact info

The Institute of Internal Auditors, Inc.


 Show phone number
na.theiia.org


View again
Supplier Directory
Join our Supplier Directory to:
- Gain Traffic
- Get Noticed
- Showcase Your Services
- Free Listing Available