SlideShare a Scribd company logo

ISACA Cybersecurity Audit course brochure

Thilak Pathirage -Senior IT Gov and Risk Consultant
Thilak Pathirage -Senior IT Gov and Risk Consultant

ISACA Cybersecurity audit brochure

Education
1 of 2
Download to read offline
CYBER SECURITY AUDIT THE OBJECTIVE OF A CYBER SECURITY AUDIT IS TO PROVIDE MANAGEMENT WITH AN ASSESSMENT OF AN ORGANIZATION’S CYBER SECURITY POLICIES AND PROCEDURES AND THEIR OPERATING EFFECTIVENESS. ADDITIONALLY, CYBER SECURITY AUDITS IDENTIFY INTERNAL CONTROL AND REGULATORY DEFICIENCIES THAT COULD PUT THE ORGANIZATION AT RISK. A cyber security audit focuses on cyber security standards, guidelines and procedures, as well as the implementation of these controls. The cyber security audit relies on other operational audits as well.1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) GUIDELINES There are many approaches available for specifying cyber security control environments, such as NIST Special Publication (SP) 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.2 SP 800-53 provides guidelines for selecting and specifying security controls for information systems supporting executive agencies of the federal government. It is prescriptive in nature, contains detailed definitions, and may help organizations develop their own overarching cyber security process(es). KEY ELEMENTS OF CYBER SECURITY AUDITING: CONTROLS AND THREATS Part of auditing is ensuring that organizations have implemented controls. This means that preventative tools such as firewalls and antivirus software have been put in place. It also means that awareness efforts have been made, and that user education about password construction and backups has been provided. Regular updates—to both preventative tools and awareness efforts—are a necessity. That’s why regular audits are so important; your organization must ensure that these processes are well-designed, executed properly and as up-to-date as possible. Cyber security audits should be done annually based on business needs. They should include planned activities with specific start and end dates, including exact expectations and clear communications.3 Threats, both internal and external, have the potential to impact confidentiality, integrity and availability if controls are not in place. And the definition of ‘threat’ is broad, encompassing a variety of elements that can impact an enterprise. New laws and regulations or growth in data may pose a threat to the organization. Human threats can include everything from carelessness to espionage. And, of course, there are an array of technical threats, including, but in no way limited to, malicious code, unauthorized access, malware, or hardware/software failures. 1 Primary security and control issues for cyber security audits are: ❖ Protection of sensitive data and intellectual property ❖ Protection of networks to which multiple information resource are connected ❖ Responsibility and accountability for the device and information contained in it The scope of a cyber security audit includes: ❖ Data security policies relating to the network, database and applications in place ❖ Data loss prevention measures deployed ❖ Effective network access controls implemented ❖ Detection/prevention systems deployed ❖ Security controls established (physical and logical) ❖ Incident response program implemented
The amount or significance of threat can vary, dependent upon whether the enterprise is working in cloud, mobile, Internet of Things (IoT), big data or security analytics. As information shifts location (moving from mobile, to IoT, to cloud, for example), there will be a need for new classes of controls to address the new locations of information, and those new classes of controls will require updating as well—and auditing. AN AUDIT IN THREE PARTS The cyber security audit and review process contribute to cyber security audit success. Internal auditors and risk management professionals have key roles to play, as does enterprise management. Management — Management ultimately owns the risk decisions made for the organization. Therefore, it has a vested interest in ensuring that cyber security controls exist and are operating effectively. Decisions are typically made based on guidance received during the risk management processes, on the appropriate direction to take. Risk Management — Risk assessments are typically made based on guidance by the security officer at an organization and enterprise management make decisions, employing risk management processes. The objective in any risk assessment is twofold. First, it is critical to communicate the state of the risk so that it is easy to understand and be clear on the level of risk involved. Secondly—and just as significantly—the ways in which to address that risk must be identified as well. This provides both problem and solution, and mitigates the negative impact of that risk to an enterprise. The risk landscape is ever-changing. It is important to have defined processes, trained and competent cyber security resources, and a governance framework to ensure that appropriate actions are carried out by enterprise leadership and managed effectively to address current and emerging threats. Internal Audit — Auditing is a security measure—not an inconvenience. It is critical to protecting an enterprise in today’s global digital economy. The internal audit department plays a vital role in cyber security auditing in many organizations, and often has a dotted-line reporting relationship to the audit committee to ensure an independent view is being communicated at the board level of the enterprise. Audit helps enterprises with the challenges of managing cyber threats, by providing an objective evaluation of the controls and making recommendations to improve them as well as assisting the senior management and the board of directors understand and respond to cyber risks. Organizations, especially within the public sector, also contract for the services of external auditors to provide independent assurance of the financial and operational controls primarily to ensure the controls design is effective and the needs of the organization are being met. 1 ISACA IS Audit / Assurance Program Cybersecurity: Based on the NIST Cybersecurity Framework 2 National Institute of Standards and Technology (NIST), NIST SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, USA, 2015, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf 3 ISACA Auditing Cyber Security: Evaluating Risk and Auditing Controls, http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Auditing-Cyber-Security.aspx Contact: Tara Wisniewski Jen Gremmels twisniewski@isaca.org jgremmels@isaca.org 847.660.5673 847.385.7207

Recommended

Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Security Experts
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
cyberprosocial
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
Kinetic Potential
 

Recommended

Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdfCyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Audit | Cyber Crime | Network Security | Cyber Security Audit- 2023.pdf
Cyber Security Experts
 
The Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk AssessmentThe Significance of IT Security Management & Risk Assessment
The Significance of IT Security Management & Risk Assessment
Bradley Susser
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
Anil
 
ISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_IntindoloISSC471_Final_Project_Paper_John_Intindolo
ISSC471_Final_Project_Paper_John_Intindolo
John Intindolo
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
Mastering Cybersecurity Risk Management: Strategies to Safeguard Your Digital...
cyberprosocial
 
Cyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptxCyber Families - Incident Response.pptx
Cyber Families - Incident Response.pptx
Kinetic Potential
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
Josef Sulca Cueva
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
Priyanka Aash
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
Hamed Moghaddam
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
james morris
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
TEWMAGAZINE
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
AmeliaJonas2
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
CIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdfCIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdf
LBagger1
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
Diane M. Metcalf
 
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Thilak Pathirage -Senior IT Gov and Risk Consultant
 
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
Thilak Pathirage -Senior IT Gov and Risk Consultant
 

More Related Content

Similar to ISACA Cybersecurity Audit course brochure

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
toltonkendal
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
Ram Srivastava
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
sdfghj21
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
PECB
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
Sergey Erohin
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Alan Yau Ti Dun
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
Ben Browning
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
soulscout02
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
VISTA InfoSec
 

Similar to ISACA Cybersecurity Audit course brochure (20)

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
Cyber Security Governance
Cyber Security GovernanceCyber Security Governance
Cyber Security Governance
 
Cissp- Security and Risk Management
Cissp- Security and Risk ManagementCissp- Security and Risk Management
Cissp- Security and Risk Management
 
Bit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_printBit defender ebook_secmonitor_print
Bit defender ebook_secmonitor_print
 
It Security Audit Process
It Security Audit ProcessIt Security Audit Process
It Security Audit Process
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
Solve the exercise in security management.pdf
Solve the exercise in security management.pdfSolve the exercise in security management.pdf
Solve the exercise in security management.pdf
 
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
Implementing of a Cyber Security Program Framework from ISO 27032 to ISO 55001
 
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
 
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
The Crucial Role of Security Testing Services in Ensuring a Secure and Effici...
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
The security risk management guide
The security risk management guideThe security risk management guide
The security risk management guide
 
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala LumpurCybersecurity Assurance at CloudSec 2015 Kuala Lumpur
Cybersecurity Assurance at CloudSec 2015 Kuala Lumpur
 
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
AP_Cybersecurity_and_Risk_Management_Lead_from_the_C-suite_Mar_2016
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Legal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptxLegal and Ethical Implications of Cybersecurity.pptx
Legal and Ethical Implications of Cybersecurity.pptx
 
CIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdfCIS20 CSCs+mapping to NIST+ISO.pdf
CIS20 CSCs+mapping to NIST+ISO.pdf
 
What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?What is expected from an organization under NCA ECC Compliance?
What is expected from an organization under NCA ECC Compliance?
 
Creating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware PracticesCreating And Enforcing Anti Malware Practices
Creating And Enforcing Anti Malware Practices
 

More from Thilak Pathirage -Senior IT Gov and Risk Consultant

More from Thilak Pathirage -Senior IT Gov and Risk Consultant (12)

Cybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdfCybersecurity-Audit-A-Case-Study-for-SME.pdf
Cybersecurity-Audit-A-Case-Study-for-SME.pdf
 
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdfISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
ISACA Cyber-Audit-Certificate-Exam-Guide_Eng_0819.pdf
 
Auditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterpriseAuditing-Cybersecurity in the enterprise
Auditing-Cybersecurity in the enterprise
 
Capability_Assessment_of_IT_Governance_Using_the_2.pdf
Capability_Assessment_of_IT_Governance_Using_the_2.pdfCapability_Assessment_of_IT_Governance_Using_the_2.pdf
Capability_Assessment_of_IT_Governance_Using_the_2.pdf
 
cobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publicationcobit 2019 -current-user - ISACA Publication
cobit 2019 -current-user - ISACA Publication
 
Introduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdfIntroduction to ISACA COBIT-2019 Framwork.pdf
Introduction to ISACA COBIT-2019 Framwork.pdf
 
Social media-assessment
Social media-assessmentSocial media-assessment
Social media-assessment
 
Sql securitytesting
Sql securitytestingSql securitytesting
Sql securitytesting
 
Cissp nda
Cissp ndaCissp nda
Cissp nda
 
Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12Risk based it auditing for non it auditors (basics of it auditing) final 12
Risk based it auditing for non it auditors (basics of it auditing) final 12
 
314
314314
314
 
Composite indicators
Composite indicatorsComposite indicators
Composite indicators
 

Recently uploaded

Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
9953056974 Low Rate Call Girls In Saket, Delhi NCR
 

Recently uploaded (20)

Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Wellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptxWellbeing inclusion and digital dystopias.pptx
Wellbeing inclusion and digital dystopias.pptx
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17How to Manage Call for Tendor in Odoo 17
How to Manage Call for Tendor in Odoo 17
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
Call Girls in Uttam Nagar (delhi) call me [🔝9953056974🔝] escort service 24X7
 
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptxOn_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
On_Translating_a_Tamil_Poem_by_A_K_Ramanujan.pptx
 
AIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.pptAIM of Education-Teachers Training-2024.ppt
AIM of Education-Teachers Training-2024.ppt
 
How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17How to Add a Tool Tip to a Field in Odoo 17
How to Add a Tool Tip to a Field in Odoo 17
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
Sensory_Experience_and_Emotional_Resonance_in_Gabriel_Okaras_The_Piano_and_Th...
 

ISACA Cybersecurity Audit course brochure

  • 1. CYBER SECURITY AUDIT THE OBJECTIVE OF A CYBER SECURITY AUDIT IS TO PROVIDE MANAGEMENT WITH AN ASSESSMENT OF AN ORGANIZATION’S CYBER SECURITY POLICIES AND PROCEDURES AND THEIR OPERATING EFFECTIVENESS. ADDITIONALLY, CYBER SECURITY AUDITS IDENTIFY INTERNAL CONTROL AND REGULATORY DEFICIENCIES THAT COULD PUT THE ORGANIZATION AT RISK. A cyber security audit focuses on cyber security standards, guidelines and procedures, as well as the implementation of these controls. The cyber security audit relies on other operational audits as well.1 NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) GUIDELINES There are many approaches available for specifying cyber security control environments, such as NIST Special Publication (SP) 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.2 SP 800-53 provides guidelines for selecting and specifying security controls for information systems supporting executive agencies of the federal government. It is prescriptive in nature, contains detailed definitions, and may help organizations develop their own overarching cyber security process(es). KEY ELEMENTS OF CYBER SECURITY AUDITING: CONTROLS AND THREATS Part of auditing is ensuring that organizations have implemented controls. This means that preventative tools such as firewalls and antivirus software have been put in place. It also means that awareness efforts have been made, and that user education about password construction and backups has been provided. Regular updates—to both preventative tools and awareness efforts—are a necessity. That’s why regular audits are so important; your organization must ensure that these processes are well-designed, executed properly and as up-to-date as possible. Cyber security audits should be done annually based on business needs. They should include planned activities with specific start and end dates, including exact expectations and clear communications.3 Threats, both internal and external, have the potential to impact confidentiality, integrity and availability if controls are not in place. And the definition of ‘threat’ is broad, encompassing a variety of elements that can impact an enterprise. New laws and regulations or growth in data may pose a threat to the organization. Human threats can include everything from carelessness to espionage. And, of course, there are an array of technical threats, including, but in no way limited to, malicious code, unauthorized access, malware, or hardware/software failures. 1 Primary security and control issues for cyber security audits are: ❖ Protection of sensitive data and intellectual property ❖ Protection of networks to which multiple information resource are connected ❖ Responsibility and accountability for the device and information contained in it The scope of a cyber security audit includes: ❖ Data security policies relating to the network, database and applications in place ❖ Data loss prevention measures deployed ❖ Effective network access controls implemented ❖ Detection/prevention systems deployed ❖ Security controls established (physical and logical) ❖ Incident response program implemented
  • 2. The amount or significance of threat can vary, dependent upon whether the enterprise is working in cloud, mobile, Internet of Things (IoT), big data or security analytics. As information shifts location (moving from mobile, to IoT, to cloud, for example), there will be a need for new classes of controls to address the new locations of information, and those new classes of controls will require updating as well—and auditing. AN AUDIT IN THREE PARTS The cyber security audit and review process contribute to cyber security audit success. Internal auditors and risk management professionals have key roles to play, as does enterprise management. Management — Management ultimately owns the risk decisions made for the organization. Therefore, it has a vested interest in ensuring that cyber security controls exist and are operating effectively. Decisions are typically made based on guidance received during the risk management processes, on the appropriate direction to take. Risk Management — Risk assessments are typically made based on guidance by the security officer at an organization and enterprise management make decisions, employing risk management processes. The objective in any risk assessment is twofold. First, it is critical to communicate the state of the risk so that it is easy to understand and be clear on the level of risk involved. Secondly—and just as significantly—the ways in which to address that risk must be identified as well. This provides both problem and solution, and mitigates the negative impact of that risk to an enterprise. The risk landscape is ever-changing. It is important to have defined processes, trained and competent cyber security resources, and a governance framework to ensure that appropriate actions are carried out by enterprise leadership and managed effectively to address current and emerging threats. Internal Audit — Auditing is a security measure—not an inconvenience. It is critical to protecting an enterprise in today’s global digital economy. The internal audit department plays a vital role in cyber security auditing in many organizations, and often has a dotted-line reporting relationship to the audit committee to ensure an independent view is being communicated at the board level of the enterprise. Audit helps enterprises with the challenges of managing cyber threats, by providing an objective evaluation of the controls and making recommendations to improve them as well as assisting the senior management and the board of directors understand and respond to cyber risks. Organizations, especially within the public sector, also contract for the services of external auditors to provide independent assurance of the financial and operational controls primarily to ensure the controls design is effective and the needs of the organization are being met. 1 ISACA IS Audit / Assurance Program Cybersecurity: Based on the NIST Cybersecurity Framework 2 National Institute of Standards and Technology (NIST), NIST SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations, USA, 2015, http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf 3 ISACA Auditing Cyber Security: Evaluating Risk and Auditing Controls, http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/Auditing-Cyber-Security.aspx Contact: Tara Wisniewski Jen Gremmels twisniewski@isaca.org jgremmels@isaca.org 847.660.5673 847.385.7207