It’s not just the high cost to an organization in the event of a breach, but the inevitability of an attack that makes cybersecurity critical. With the increasing number of cyberthreats, it is becoming critical for the audit plan in every organization to include cybersecurity. As a result, auditors are increasingly being required to audit cybersecurity processes, policies and tools to provide assurance that their enterprise has appropriate controls in place. Vulnerabilities in cybersecurity can pose serious risks to the entire organization—making the need for IT auditors well-versed in cybersecurity audit greater than ever.
ISACA’s new Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls.
The Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits. It provides security professionals with an understanding of the audit process, and IT risk professionals with an understanding of cyber-related risk and mitigating controls and specifically:
- IT audit professionals and enterprises who need additional guidance on auditing cybersecurity,
- Security professionals who need an understanding of the audit process,
- Risk and assurance professionals who need in-depth knowledge of cyber-related risk and mitigating controls,
You do not need any prerequisites for this accelerated course. However, ISACA recommends that you have a basic understanding of cyber security concepts and previous experience within the industry.
After this two-days session, attendees will be able to:
- Understand security frameworks to identify best practices.
- Define threat and vulnerability management.
- Assess threats with the help of vulnerability management tools.
- Build and deploy secure authorization processes.
- Explain all aspects of cybersecurity governance.
- Distinguish between firewall and network security technologies.
- Enhance asset, configuration, change and patch management practices.
- Manage enterprise identity and information access.
- Identify application security controls.
- Identify cyber and legal regulatory requirements to aid in compliance assessments.
- Identify weaknesses in cloud strategies and controls.
- Perform cybersecurity and third-party risk assessments.
- Identify the benefits and risks of containerization.
Welcome and Introduction
Module 1: Introduction
- Digital Asset Protection
- Lines of Defense
- Role of Audit
- Audit Objectives
- Audit Scope
Module 2: Cybersecurity Governance
- Cybersecurity Roles and Responsibilities
- Security Frameworks
- Security Organization Goals & Objectives
- Cybersecurity Policy and Standards
- Cyber and Legal/ Regulatory Requirements
- Information Asset Classification
- Cybersecurity Insurance
- Cybersecurity Risk Assessment
- Cybersecurity Awareness Training & Education
- Social Media – Risk and Control
- Third-Party Assessment
- Service Providers
- Supply Chain Risk Management
- Performance Measurement
Module 3: Cybersecurity Operations
- Concepts and Definitions
- Threat and Vulnerability Management
- Enterprise Identity and Access Management
- Configuration Management / Asset management
- Change Management
- Patch Management
- Network Security
- Build and Deploy/Secure Authorization Process for Information Technology
- Incident Management
- Client Endpoint Protection
- Application Security
- Data Backup and Recovery
- Security Compliance
Module 4: Cybersecurity Technology Topics
- Firewall and Network Security technologies
- Security Incident & Event Management (SIEM)
- Wireless Technology
- Cloud Computing
- Mobile Security
- Internet of Things (IoT)
- Virtualization Security
- Industrial Control Systems (ICS)
Closing and Questions
The official ISACA Cybersecurity Audit exam is included in our training package.
The Cybersecurity Audit Certificate Exam is an online, closed-book, remotely proctored exam. The exam covers four domains and includes a total of 75 questions. The number of questions in each domain is based upon the domain’s assigned weight. The chart on the right displays the domains and the weights assigned to them.
Exam-takers will be given two hours to complete the exam. Each multiplechoice question has four options with only one correct answer. You will be given 2 hours (120 minutes) to complete the exam. A score of 65% or higher is required to pass the exam.
If you pass the exam, you will receive an email with instructions on how to claim your digital badge and share it via social media.
Individuals holding an ISACA certification (CISA/CISM/CGEIT/CRISC) may claim two CPE credits for each examination hour when a passing score is achieved.
The exam is only available in English.
CISA® - CISM® - CGEIT® - COBIT® - ISO 27001 - ITIL® - PRINCE2® - RESILIA® - VeriSM™ - ISO 20000 - DevOps
CGEIT® - CRISC™ - COBIT® - ISO 27001 - Audit
CISA® - CISM® - CGEIT® - CRISC™ - COBIT® - ISO 27001 - ISO 27005 - Privacy & Data Protection - ISACA Cybersecurity Audit
The following terms and conditions apply for bookings :
- the session is led by a trainer accredited by ISACA/APMG on the Cybersecurity audit domain,
- personalized welcome in the classroom with mineral water and breaks,
- accredited training material,
- a study guide (electronic document),
- a training course,
- an online, remote-proctored exam,
- a group of 10 participants max. in order to ensure the quality of the training delivery.
Course fees must be paid at least 10 working days prior to the commencement of the course in order to guarantee your place. We accept payment by Direct Debit, credit cards, paypal or bank transfers. Payment made by credit card will incur the following charges – MasterCard (1.5%), Visa (1.5%) American Express (3.0%).