According to The IIA's OnRisk 2022 Report, cybersecurity continues to be the top risk faced by organizations. The report states, “The growing sophistication and variety of cyberattacks continue to wreak havoc on organiza¬tions' brands and reputations, often resulting in disastrous financial impacts.” With innovations, including automation, cloud, and mobile computing, not to mention customer preferences moving toward self-service from any device throughout the world, having a basic understanding of cybersecurity is crucial for today's operational auditor. Internal auditors are expected to be cyber savvy and able to assess whether organi¬zations are sufficiently prepared to manage cyber threats that could cause disruption and reputational harm.Are you up to the challenge?This introductory course provides a comprehensive overview of key cybersecurity concepts that can be used to facilitate audit efforts within your organization. It examines directive, preventive, detective, corrective, and mitigating controls, and how to apply each within the audit process. Finally, commonly accepted frameworks, standards, and guidelines are presented to prepare you to assess cybersecurity during operational audits.
This course is designed for internal auditors who are looking for a fundamental understanding of cybersecurity and common exploits. It is recommended for internal auditors that are involved in operational audit activities and need to know how to assess
This course intends to provide a comprehensive overview of key cybersecurity concepts, along with practical applications, that can be used to facilitate audit efforts within your organization.
Date(s) and Time: Oct 1, 3, 8, 10 from 12:30 PM - 4:00 PM ET
- Define cybersecurity from an internal audit perspective.
- Describe the scope, purpose, and limitations of cybersecurity.
- Recognize how to measure effectiveness within the cybersecurity program.
- Express the importance of information security governance with the cybersecurity program.
- Examine the importance of cybersecurity and vendor risk assessments.
- Explore basic auditing considerations for cybersecurity-related compliance.
- Recognize typical cybersecurity-related preventive, directive, detective, mitigating, redundant, compensating, and corrective controls.
- Identify simple audit activities to assess cyber resiliency within existing operational audit programs.
Fundamentals of IT Auditing or equivalent experience with auditing IT general controls.