Logging In: Auditing Cybersecurity in an Unsecure World



Similar documents
Big Data, Big Risk, Big Rewards. Hussein Syed

Attachment A. Identification of Risks/Cybersecurity Governance

Compliance Guide ISO Compliance Guide. September Contents. Introduction 1. Detailed Controls Mapping 2.

By: Gerald Gagne. Community Bank Auditors Group Cybersecurity What you need to do now. June 9, 2015

THE NEW REALITY OF RISK CYBER RISK: TRENDS AND SOLUTIONS

Maintaining PCI-DSS compliance. Daniele Bertolotti Antonio Ricci

Personal Security Practices of the CAO

North American Electric Reliability Corporation (NERC) Cyber Security Standard

FINRA Publishes its 2015 Report on Cybersecurity Practices

Payment Card Industry Data Security Standard

Click to edit Master title style

OCIE CYBERSECURITY INITIATIVE

Intelligence Driven Security

Advanced Visibility. Moving Beyond a Log Centric View. Matthew Gardiner, RSA & Richard Nichols, RSA

Reneaué Railton Sr. Informa2on Security Analyst, Duke Medicine Cyber Defense & Response

Data Breaches and Cyber Risks

ASSUMING A STATE OF COMPROMISE: EFFECTIVE DETECTION OF SECURITY BREACHES

How To Protect Yourself From A Hacker Attack

Cyber Risks in the Boardroom

Security Controls What Works. Southside Virginia Community College: Security Awareness

Solutions and IT services for Oil-Gas & Energy markets

Cloud Vendor Evaluation

Anatomy of a Breach: A case study in how to protect your organization. Presented By Greg Sparrow

The Next Generation of Security Leaders

Strategic Compliance & Securing the Cloud. Annalea Sharack-Ilg, CISSP, AMBCI Technical Director of Information Security

Program Overview and 2015 Outlook

Data Breach Response Planning: Laying the Right Foundation

Securely Yours LLC Top Security Topics for Sajay Rai, CPA, CISSP, CISM

Incident Response. Six Best Practices for Managing Cyber Breaches.

INCIDENT RESPONSE CHECKLIST

Customer-Facing Information Security Policy

University of Pittsburgh Security Assessment Questionnaire (v1.5)

Information Blue Valley Schools FEBRUARY 2015

Data Privacy, Security, and Risk Management in the Cloud

Law Firm Cyber Security & Compliance Risks

Securely Yours LLC IT Hot Topics. Sajay Rai, CPA, CISSP, CISM

GEARS Cyber-Security Services

Managing Cloud Computing Risk

Compliance Doesn t Mean Security Achieving Security and Compliance with the latest Regulations and Standards

Eliminating Cybersecurity Blind Spots

Best practices and insight to protect your firm today against tomorrow s cybersecurity breach

Using the HITRUST CSF to Assess Cybersecurity Preparedness 1 of 6

Identifying and Managing Third Party Data Security Risk

State of Oregon. State of Oregon 1

HIPAA Compliance Evaluation Report

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

The Changing IT Risk Landscape Understanding and managing existing and emerging risks

External Supplier Control Requirements

CYBERSECURITY: PROTECTING YOUR ORGANIZATION AGAINST CYBER ATTACKS. Viviana Campanaro CISSP Director, Security and Compliance July 14, 2015

IT Best Practices Audit TCS offers a wide range of IT Best Practices Audit content covering 15 subjects and over 2200 topics, including:

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Small Firm Focus: A Practical Approach to Cybersecurity Friday, May 29 9:00 a.m. 10:15 a.m.

Agenda. Cyber Security: Potential Threats Impacting Organizations 1/6/2015. January 10, 2015 Scott Petree

Caretower s SIEM Managed Security Services

THE BLUENOSE SECURITY FRAMEWORK

Data Breach and Senior Living Communities May 29, 2015

Cybersecurity Implications in the US Chemical Industry. Modernization and Greenfield Opportunities

State of Security Monitoring of Public Cloud

AlienVault for Regulatory Compliance

The STAGEnet Security Model

John Essner, CISO Office of Information Technology State of New Jersey

Practice Good Enterprise Security Management. Presented by Laurence CHAN, MTR Corporation Limited

IBM Security Strategy

Client Security Risk Assessment Questionnaire

Top Ten Technology Risks Facing Colleges and Universities

FEDERAL HOUSING FINANCE AGENCY ADVISORY BULLETIN AB Cyber Risk Management Guidance. Purpose

Securing and protecting the organization s most sensitive data

HIPAA CRITICAL AREAS TECHNICAL SECURITY FOCUS FOR CLOUD DEPLOYMENT

Cloud Security Trust Cisco to Protect Your Data

State Agency Cyber Security Survey v October State Agency Cybersecurity Survey v 3.4

by: Scott Baranowski Community Bank Auditors Group Best Practices in Auditing Record Retention, Safeguarding Paper Documents, GLBA and Privacy

Sarbanes-Oxley Compliance for Cloud Applications

Managed Hosting & Datacentre PCI DSS v2.0 Obligations

Privacy Liability & Data Breach Management Nikos Georgopoulos Cyber Risks Advisor cyrm October 2014

BMC s Security Strategy for ITSM in the SaaS Environment

Aftermath of a Data Breach Study

A Practical Approach to Network Vulnerability Assessment AN AUDITOR S PERSPECTIVE BRYAN MILLER, IT DIRECTOR JOHN KEILLOR, CPA, AUDIT PARTNER

Cybersecurity The role of Internal Audit

I n f o r m a t i o n S e c u r i t y

Department of Management Services. Request for Information

AHLA. N. HIPAA Security Breaches: What Should We Be Doing to Keep Us Out of the Headlines? Diane E. Felix Armstrong Teasdale LLP Saint Louis, MO

Address C-level Cybersecurity issues to enable and secure Digital transformation

Advanced Threats: The New World Order

FIVE PRACTICAL STEPS

Working with the FBI

Leveraging Regulatory Compliance to Improve Cyber Security

Agenda. Agenda. Security Testing: The Easiest Part of PCI Certification. Core Security Technologies September 6, 2007

Incident Response. Six Best Practices for Managing Cyber Breaches. Nick Pollard, Senior Director Professional Services EMEA / APAC, Guidance Software

Are you prepared for a Data Breach

Transcription:

About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity is a hot topic and a major challenge in internal auditing today. Cybersecurity is as much of a business risk as it is a security one, making it critical for internal auditors to develop the skill set needed to take on these challenges. In this course, you will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts within your organization. Developed with and facilitated by leading industry experts, this course will examine preventive, detective, and corrective controls, and how to apply the audit process to a cloud environment. You will also be exposed to the mobile environment and cyber standards, as well as learn how to audit common security solutions. This course is designed for internal auditors involved in IT audits or those involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks. Course Objectives Define cybersecurity from an audit perspective, including an understanding of its scope, limitations, and how to measure effectiveness. Identify the purpose of preventive, detective, and corrective controls. Understand cyber liability insurance and its impact on cybersecurity. Understand cyber standards, state notification laws, and how they affect an organization. Understand how to assess an organization s cyber capabilities from an attacker perspective, using threat modeling. Assess cybersecurity risks and controls related to using cloud providers or third-party vendors.

Course Topics Overview of Cybersecurity What is Cybersecurity? o Definition of Cybersecurity o Misconceptions o Cybersecurity Evolution o Types of Risks and Controls Preventive Controls Purpose of Preventive Controls Types of Attackers Threat Models Anatomy of a Breach o The Breach Quadrilateral Preventing Cyber Incidents o Network Controls (Internal and External) o Domain and Password Controls o Access Methods and User Awareness o Application Security o Secure Software Development Lifecycle (SSLDC) o Data Controls o Host and Endpoint Security o Vulnerability Management o Security Testing Detective Controls Purpose of Detective Controls Detecting Cyber Incidents Log Detail Concepts Security Information and Event Management (SIEM) o Traditional Silo-Specific Model o Alert Rules o Correlation Rules Data and Asset Classification

Corrective Controls Purpose of Corrective Controls Incident Response and Investigation Process o Incident Scoping and Evidence Preservation o Forensic Analysis o Defining Period of Compromise o Evaluating Risk of Harm to Information o Production of Data for Review Corrective Actions o Incident Response Tasks o Identifying Potential Evidence Sources Detection Dependencies o Understanding the Scope of the Breach o Identifying Compromised Systems and Applications o Determining Scope of Information to Be Preserved o Preparing for Future Media and Legal Inquiries Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws Mitigating Costs and Risks o Organizational Programs o Specific Preparation Tasks o Response Documentation o Data Segregation o Network and Application Patch Management o Backup and Archiving Solutions o Enterprise Monitoring Solutions Insurance Overview o Security and Privacy Liability o Regulatory Defense and Penalties o Payment Card Industry Fines and Penalties o Breach Response Costs Notification Law Overview o Who the Laws Apply To o What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider Cloud Providers o Assessing the Provider o Evaluating the Data o Selecting the Provider o Annual Assessment/Service Organization Control (SOC) Reports Third-Party Service Providers o Contractual Risks o Vendor Management Program o Individual Contractor Management/Security The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking Mobile Computing Risks, Control Activities, and Incident Management BYOD Risks, Control Activities, and Incident Management Social Networking Risks, Control Activities, and Incident Management Cyber Standards Common Standards o ISO 2700 Series o NIST sp800 Series Common Uses o Completeness vs. Correctness o Governance Mapping for Regulatory and Insurance Needs Auditing Common Security Solutions SEIM Data Loss Prevention (DLP) Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Network Segmentation Encryption

Course Information Course Duration: 2 Days CPE Hours Available: 16 Knowledge Level: Intermediate Field(s) of Study: Auditing Prerequisite(s): None Advance Preparation: Participants will complete an interactive self-study element as part of this course, which will be completed online prior to attending the facilitated session. Delivery Format(s): Seminar, On-site, elearning

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information