Skip to Content

Auditing the Cybersecurity Program Certificate

This certificate program is designed to ensure the internal audit community possesses the fundamental competencies to effectively assess an organizations cybersecurity governance and management practices, including their cybersecurity program capabilities.

The IIA’s Auditing the Cybersecurity Program Certificate

Ensure that you are ready to play a key role in supporting your organization in reducing cyber risk. Cybersecurity program auditing can serve as the critical barrier between a potential cyber-attack and the organization. This certificate program showcases fundamental competencies in 12 key areas that demonstrate the ability to effectively assess an organization’s cybersecurity governance and management practices, including their cybersecurity program capabilities. 

By the end of this program, internal auditors should:

  • Understand what drives cyber risk.
  • Identify how to assess data storage solutions.
  • Explore how to respond to digital transformation risk in real-time.
  • Determine how to establish a typical, timely patch management process.
  • Investigate commonly applied Vulnerability Management Maturity Models to assess organizational cybersecurity vulnerabilities.
  • Identify how automation tools can be used in internal audit activities.
  • Learn how to reduce risk exposure from common API and web services vulnerabilities.
  • Determine how to mitigate risk exposure from common privileged access management vulnerabilities.
  • Establish how to adjust audit approaches for DevSecOps.
  • Review how to mitigate risk exposure from common SoD vulnerabilities.
  • Understand internal audit’s role in incorporating data analytics and continuous monitoring.
  • Determine areas of improvement in defensive incident response processes across every phase of the kill chain.
  • Implement a Security Operations Centers (SOC) Framework for incident management, monitoring, detection, and response.
  • Identify controls needed to operate a Security Operations Centers (SOC).