Examining Cybersecurity Concepts

Who will benefit from this course?

This course is intended to enhance your understanding of cybersecurity concepts- including common frameworks, standards and guidelines - to apply the audit process to emerging threats to associated with social media, mobile computing, cloud environments and more. This course is designed for internal auditors with a basic understanding of cybersecurity concepts and have been involved in integrated audits, or for those internal auditors who have been involved in internal audit activities that require an understanding of how to manage the impact of cybersecurity events on organizational risks.

Course Objectives

• Define cybersecurity from an internal audit perspective.
• Explore the business process-cybersecurity connection and the importance of classifying and assessing controls.
• Explain cyber liability insurance and its impact on cybersecurity.
• Describe cyber standards, state notification laws, and how they affect an organization.
• Express how to assess an organization’s cyber capabilities from an attacker perspective, using threat modeling.
• Explore how to assess cybersecurity risks and controls related to mobile computing and connected devices.
• Explore how to assess cybersecurity risks and controls related to social media and an organization’s digital presence.
• Explore how to assess cybersecurity risks and controls related to utilizing cloud providers or third-party vendors.

Course Topics

Exploring Cybersecurity Connections to Networking Concepts

• Cybersecurity connection to network security.
• Cybersecurity triad.
• Connection to the OSI Model.
• Defense in depth and layered security.
• Boundary controls.

Risks, Insurance, and State Notification Laws

• Tasks to mitigating costs and risks.
• Scenario-based risk management and its relationship to incident response.
• Common characteristics of cyber liability insurance and why it is important.
• Current U.S. and international notification laws affecting security incident management.

Assessing Cybersecurity Risk in the Cloud Environment

• Cloud definitions.
• Cloud models.
• Cloud deployments. 
• Cloud assessment tools.
• Risks related to cloud providers.
• Security analysis of clouds.
• Overview of security threats with the cloud.
• Annual assessment/service organization control (SOC) reports.

Mobile Computing and Connected Devices

• Mobile computing risks, control activities, and incident management.
• Bring your own device (BYOD) risks, control activities, and incident management.
• Connected devices (internet of things – IoT) risks, control activities, and incident management.

Social Media and Digital Presence

• Social media concepts and types of social networks.
• Social media risks and controls.
• Digital presence assessments.

Understanding the Breach

• Assessing a breach.
  • Attack view.
  • Detective view.
  • Corrective view.