Auditing the Cybersecurity Program Certificate

Who will benefit from this program?

This program is for operational internal auditors and audit leaders who want to deepen their understanding and gain recognition of their cybersecurity knowledge.

Certificate Program Objectives

• Understand what drives cyber risk.
• Identify how to assess data storage solutions.
• Explore how to respond to digital transformation risk in real time.
• Determine how to establish a typical, timely patch management process.
• Investigate commonly applied Vulnerability Management Maturity Models to assess organizational cybersecurity vulnerabilities.
• Identify how automation tools can be used in internal audit activities.
• Learn how to reduce risk exposure from common API and web services vulnerabilities.
• Determine how to mitigate risk exposure from common privileged access management vulnerabilities.
• Establish how to adjust audit approaches for DevSecOps.
• Review how to mitigate risk exposure from common SoD vulnerabilities.
• Understand internal audit’s role in incorporating data analytics and continuous monitoring.
• Determine areas of improvement in defensive incident response processes across every phase of the kill chain.
• Implement a Security Operations Centers (SOC) Framework for incident management, monitoring, detection, and response.
• Identify controls needed to operate a Security Operations Centers (SOC). 

Program Structure and Topics

Auditing the Cybersecurity Program

• Importance of the cybersecurity program.
• Drivers of cybersecurity risk.
• Manage cybersecurity risk.
• The cybersecurity program audit plan.

Auditing Storage Management Solutions and Containers

• Overview of storage management solutions and containers.
• Data storage compliance landscape.
• Auditing ephemeral and micro-services.
• Cloud provider data storage tools and their benefits.
• Adopting continuous auditing for data protection, retention, and destruction.

Auditing Digital Transformation

• Key concepts of digital transformation.
• Respond to digital transformation risk in real time
• Collaborate and align with other teams to provide a consolidated view of risks.
• Examine and address digital transformation skill and talent gaps.

Auditing the Patch Management Program

• Key concepts of patch management.
• Understand typical, timely patch management process.
• How the patch management program reduces cybersecurity risk and organizational vulnerabilities.
• How the patch management program reduces data breach risk and loss.

Auditing the Vulnerability Management Program

• Vulnerability management program overview.
• Understand common vulnerability management maturity models used to assess organizational cybersecurity vulnerabilities.
• Review key metrics for auditing the vulnerability program.
• How to implement appropriate actions when auditing vulnerabilities.

Auditing Automation

• How automation tools can be used in internal audit activities
• Effectively audit automation at use within an organization within internal audit's scope.
• Visualize the risks of automation when establishing the internal audit scope.

Auditing API and Web Services

• API and web services overview.
• Audit and test API and web services security.
• Reduce API-based web services risk.

Auditing Privileged Access Management

• Key concepts of privileged access management.
• Types and purposes of privileged access management.
• Inventory and audit privileged access management.
• Mitigate risk exposure from common privileged access management cyberattacks.

Auditing DevSecOps

• DevSecOps overview.
• Types and features of DevSecOps.
• Audit approaches for DevSecOps.
• Mitigate risk exposure associated to DevSecOps.

Auditing Continuous Monitoring

• Auditing continuous monitoring process components.
• Internal audit’s role in incorporating data analytics and continuous monitoring into the organization.
• Develop a simplified yet high-impact reporting mechanism to meet a variety of stakeholder needs.
• Continuous monitoring, high impact reporting, agile audit approach and dynamic risk assessment methodologies.

Auditing Red, Blue, and Purple Team Testing

• Overview of the kill chain and types of attacks.
• Points of vulnerability as it relates to people, technologies, and systems.
• Identify areas of improvement in defensive incident response processes across every phase of the kill chain.
• Establish the organization’s first-hand experience to detect and contain a targeted attack.

Auditing the Security Operations Center

• Key concepts of the Security Operation Center (SOC).
• Security Operation Center (SOC) processes and checklists.
• Security Operation Center (SOC) Framework for incident management, monitoring, detection, and response.
• Controls needed to operate a Security Operation Center (SOC).

ADVANCE PREPARATION: None

AUTHOR: IIA

AUDIO/VIDEO: N/A

CATEGORY: Cybersecurity

COMPETENCIES: Applied Knowledge

DELIVERY FORMAT(S): Group Internet based

FIELD(S) OF STUDY: Auditing

PREREQUISITE(S): Fundamentals of Cybersecurity or equivalent knowledge.

ADVANCE PREPARATION: None

AUTHOR: IIA

AUDIO/VIDEO: N/A

CATEGORY: Cybersecurity

FIELD(S) OF STUDY: Auditing

PREREQUISITE(S): Fundamentals of Cybersecurity or equivalent knowledge.