Cybersecurity Auditing in an Unsecure World

Similar documents
"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

ADIENT VENDOR SECURITY STANDARD

Delivering Integrated Cyber Defense for the Cloud Generation Darren Thomson

Certified Information Security Manager (CISM) Course Overview

Cyber Risks in the Boardroom Conference

Cybersecurity The Evolving Landscape

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Performing a Vendor Security Review TCTC 2017 FALL EVENT PRESENTER: KATIE MCINTOSH

DHG presenter. August 17, Addressing the Evolving Cybersecurity Landscape. DHG Birmingham CPE Seminar 1

SECURITY & PRIVACY DOCUMENTATION

ISO & ISO & ISO Cloud Documentation Toolkit

Cybersecurity What Companies are Doing & How to Evaluate. Miguel Romero - NAIC David Gunkel & Dan Ford Rook Security

Defense in Depth Security in the Enterprise

Cybersecurity Risk Mitigation: Protect Your Member Data. Introduction

EU General Data Protection Regulation (GDPR) Achieving compliance

Data Breach Preparation and Response. April 21, 2017

CYBERSECURITY RISK LOWERING CHECKLIST

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Bringing cyber to the Board of Directors & C-level and keeping it there. Dirk Lybaert, Proximus September 9 th 2016

2017 Annual Meeting of Members and Board of Directors Meeting

How to Optimize Cyber Defenses through Risk-Based Governance. Steven Minsky CEO of LogicManager & Author of the RIMS Risk Maturity Model

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

External Supplier Control Obligations. Cyber Security

The Common Controls Framework BY ADOBE

The Impact of Cybersecurity, Data Privacy and Social Media

Digital Forensics Readiness PREPARE BEFORE AN INCIDENT HAPPENS

locuz.com SOC Services

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

ISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045

How to Prepare a Response to Cyber Attack for a Multinational Company.

Business Context: Key for Successful Risk Management

Juniper Vendor Security Requirements

NEXT GENERATION SECURITY OPERATIONS CENTER

Challenges 3. HAWK Introduction 4. Key Benefits 6. About Gavin Technologies 7. Our Security Practice 8. Security Services Approach 9

Understanding Cyber Insurance & Regulatory Drivers for Business Continuity

NW NATURAL CYBER SECURITY 2016.JUNE.16

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

ACM Retreat - Today s Topics:

Certified Information Systems Auditor (CISA)

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

Security Operations & Analytics Services

How will cyber risk management affect tomorrow's business?

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

TAN Jenny Partner PwC Singapore

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

CCISO Blueprint v1. EC-Council

2018 WTA Spring Meeting Are You Ready for a Breach? Troy Hawes, Senior Manager

Gujarat Forensic Sciences University

QuickBooks Online Security White Paper July 2017

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

The Evolving Threat to Corporate Cyber & Data Security

Hacking and Cyber Espionage

Cyber Security. The Question of the Day. Sylint Group, Inc. How did we come up with the company name Sylint and what does it mean?

Forensics and Active Protection

New York Cybersecurity. New York Cybersecurity. Requirements for Financial Services Companies (23NYCRR 500) Solution Brief

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Information Governance, the Next Evolution of Privacy and Security

Security Diagnostics for IAM

WHITE PAPER. Title. Managed Services for SAS Technology

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

ISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002

TRUSTED IT: REDEFINE SOCIAL, MOBILE & CLOUD INFRASTRUCTURE. John McDonald

MITIGATE CYBER ATTACK RISK

T11: Incident Response Clinic Kieran Norton, Deloitte & Touche

Altius IT Policy Collection Compliance and Standards Matrix

2018 IT Priorities: Cybersecurity, Cloud Outsourcing & Risk Management. Follow Along

Aligning IT, Security and Risk Management Programs. Ahmed Qurram Baig, CISSP, CBCP, CRISC, CISM Information Security & GRC Expert

Combating Cyber Risk in the Supply Chain

CYBER SECURITY AIR TRANSPORT IT SUMMIT

Course 832 EC-Council Computer Hacking Forensic Investigator (CHFI)

General Data Protection Regulation

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

Risk: Security s New Compliance. Torsten George VP Worldwide Marketing and Products, Agiliance Professional Strategies - S23

Altius IT Policy Collection Compliance and Standards Matrix

Heavy Vehicle Cyber Security Bulletin

FDIC InTREx What Documentation Are You Expected to Have?

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

the SWIFT Customer Security

CompTIA Advanced Security Practitioner (CASP) (Exam CAS-001)

E-guide Getting your CISSP Certification

National Cyber Security Operations Center (N-CSOC) Stakeholders' Conference

THE TRIPWIRE NERC SOLUTION SUITE

Course Outline Topic 1: Current State Assessment, Security Operations Centers, and Security Architecture

Oracle Security Products and Their Relationship to EBS. Presented By: Christopher Carriero

Stephanie Zierten Associate Counsel Federal Reserve Bank of Boston

Plenary Session: Branch Cybersecurity Controls Thursday, February 22 1:15 p.m. 2:15 p.m.

The Key Principles of Cyber Security for Connected and Automated Vehicles. Government

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

Insider Threat Detection Including review of 2017 SolarWinds Federal Cybersecurity Survey

Version 1/2018. GDPR Processor Security Controls

Information Security in Corporation

Cybersecurity: Considerations for Internal Audit. Gina Gondron Senior Manager Frazier & Deeter Geek Week August 10, 2016

Baseline Information Security and Privacy Requirements for Suppliers

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

The GenCyber Program. By Chris Ralph

How to Establish Security & Privacy Due Diligence in the Cloud

Transcription:

About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity is a hot topic and a major challenge in internal auditing today. Cybersecurity is as much of a business risk as it is a security one, making it critical for internal auditors to develop the skill set needed to take on these challenges. In this course, you will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts within your organization. Developed with and facilitated by leading industry experts, this course will examine preventive, detective, and corrective controls, and how to apply the audit process to a cloud environment. You will also be exposed to the mobile environment and cyber standards, as well as learn how to audit common security solutions. This course is designed for internal auditors involved in IT audits or those involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks. Course Objectives Define cybersecurity from an audit perspective, including an understanding of its scope, limitations, and how to measure effectiveness. Identify the purpose of preventive, detective, and corrective controls. Understand cyber liability insurance and its impact on cybersecurity. Understand cyber standards, state notification laws, and how they affect an organization. Understand how to assess an organization s cyber capabilities from an attacker perspective, using threat modeling. Assess cybersecurity risks and controls related to using cloud providers or third-party vendors.

Course Topics Overview of Cybersecurity What is Cybersecurity? o Definition of Cybersecurity o Misconceptions o Cybersecurity Evolution o Types of Risks and Controls Preventive Controls Purpose of Preventive Controls Types of Attackers Threat Models Anatomy of a Breach o The Breach Quadrilateral Preventing Cyber Incidents o Network Controls (Internal and External) o Domain and Password Controls o Access Methods and User Awareness o Application Security o Secure Software Development Lifecycle (SSLDC) o Data Controls o Host and Endpoint Security o Vulnerability Management o Security Testing Detective Controls Purpose of Detective Controls Detecting Cyber Incidents Log Detail Concepts Security Information and Event Management (SIEM) o Traditional Silo-Specific Model o Alert Rules o Correlation Rules Data and Asset Classification

Corrective Controls Purpose of Corrective Controls Incident Response and Investigation Process o Incident Scoping and Evidence Preservation o Forensic Analysis o Defining Period of Compromise o Evaluating Risk of Harm to Information o Production of Data for Review Corrective Actions o Incident Response Tasks o Identifying Potential Evidence Sources Detection Dependencies o Understanding the Scope of the Breach o Identifying Compromised Systems and Applications o Determining Scope of Information to Be Preserved o Preparing for Future Media and Legal Inquiries Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws Mitigating Costs and Risks o Organizational Programs o Specific Preparation Tasks o Response Documentation o Data Segregation o Network and Application Patch Management o Backup and Archiving Solutions o Enterprise Monitoring Solutions Insurance Overview o Security and Privacy Liability o Regulatory Defense and Penalties o Payment Card Industry Fines and Penalties o Breach Response Costs Notification Law Overview o Who the Laws Apply To o What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider Cloud Providers o Assessing the Provider o Evaluating the Data o Selecting the Provider o Annual Assessment/Service Organization Control (SOC) Reports Third-Party Service Providers o Contractual Risks o Vendor Management Program o Individual Contractor Management/Security The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking Mobile Computing Risks, Control Activities, and Incident Management BYOD Risks, Control Activities, and Incident Management Social Networking Risks, Control Activities, and Incident Management Cyber Standards Common Standards o ISO 2700 Series o NIST sp800 Series Common Uses o Completeness vs. Correctness o Governance Mapping for Regulatory and Insurance Needs Auditing Common Security Solutions SEIM Data Loss Prevention (DLP) Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Network Segmentation Encryption

Course Information Course Duration: 2 Days CPE Hours Available: 16 Knowledge Level: Basic Field of Study: Information Technology Prerequisites: None Advance Preparation: None Delivery Format: elearning (Group-Internet-Based); On-site Training (Group-Live); Seminar (Group- Live)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback