AUDITING IN AN UNSECURE W RLD

2018Sept

New Delhi

7

Oct

Hyderabad

12

Oct

Bengaluru

24

Nov

Chennai

2

Dec

Mumbai

14

Marketing Partner Content Partner

IIA GLOBAL TRAINING MATERIAL HOURS8CPE

In this course, you will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts within your organization. Developed with and facilitated by leading industry experts, this course will examine preventive, detective, and corrective controls, and how to apply the audit process to a cloud environment. You will also be exposed to the mobile environment and cyber standards, as well as learn how to audit common security solutions.

$5.4 million — that's the average cost of a data breach to a U.S.-based company. It's no surprise, then, that cybersecurity is a hot topic and a major challenge in internal auditing today. Cybersecurity is as much of a business risk as it is a security one, making it critical for internal auditors to develop the skill set needed to take on these challenges.

Course Description

Ÿ Understand cyber liability insurance and its impact on cybersecurity. Ÿ Identify the purpose of preventive, detective, and corrective controls.

Ÿ Assess cybersecurity risks and controls related to using cloud providers or third-party vendors.

Ÿ Understand how to assess an organization's cyber capabilities from an attacker perspective, using threat modeling.

Ÿ Define cybersecurity from an audit perspective, including an understanding of its scope, limitations, and how to measure effectiveness.

Ÿ Understand cyber standards, state notification laws, and how they affect an organization.

ABOUTTHISCOURSE

CourseObjectives

This course is designed for internal auditors involved in audits or ITthose involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks.

Ÿ Types of Risks and Controls

Ÿ Misconceptions

Ÿ What is Cybersecurity? Ÿ Definition of Cybersecurity

Ÿ Cybersecurity Evolution

Overview of Cybersecurity

Preventive Controls Ÿ Purpose of Preventive Controls Ÿ Types of Attackers Ÿ Threat Models Ÿ Anatomy of a Breach

Ÿ "The Breach Quadrilateral" Ÿ Preventing Cyber Incidents

Ÿ Network Controls (Internal and External) Ÿ Domain and Password Controls Ÿ Access Methods and User Awareness Ÿ Application Security Ÿ Secure Software Development Lifecycle (SSLDC) Ÿ Data Controls Ÿ Host and Endpoint Security Ÿ Vulnerability Management Ÿ Security Testing

Detective Controls Ÿ Purpose of Detective Controls Ÿ Detecting Cyber Incidents Ÿ Log Detail Concepts Ÿ Security Information and Event Management (SIEM)

Ÿ Traditional Silo-Specific Model Ÿ Alert Rules Ÿ Correlation Rules

Ÿ Data and Asset Classification

Corrective Controls Ÿ Purpose of Corrective Controls Ÿ Incident Response and Investigation Process

Ÿ Incident Scoping and Evidence Preservation Ÿ Forensic Analysis Ÿ Defining Period of Compromise Ÿ Evaluating Risk of Harm to Information Ÿ Production of Data for Review

Ÿ Corrective Actions Ÿ Incident Response Tasks Ÿ Identifying Potential Evidence Sources

Ÿ Detection Dependencies Ÿ Understanding the Scope of the Breach Ÿ Identifying Compromised Systems and Applications Ÿ Determining Scope of Information to Be Preserved Ÿ Preparing for Future Media and Legal Inquiries

COURSE TOPICS

Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws Ÿ Mitigating Costs and Risks

Ÿ Organizational Programs Ÿ Specific Preparation Tasks Ÿ Response Documentation Ÿ Data Segregation Ÿ Network and Application Patch Management Ÿ Backup and Archiving Solutions Ÿ Enterprise Monitoring Solutions

Ÿ Insurance Overview Ÿ Security and Privacy Liability Ÿ Regulatory Defense and Penalties Ÿ Payment Card Industry Fines and Penalties Ÿ Breach Response Costs

Ÿ Notification Law Overview Ÿ Who the Laws Apply To Ÿ What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider Ÿ Cloud Providers

Ÿ Assessing the Provider Ÿ Evaluating the Data Ÿ Selecting the Provider Ÿ Annual Assessment/Service Organization Control (SOC) Reports

Ÿ Third-Party Service Providers Ÿ o Contractual Risks Ÿ o Vendor Management Program Ÿ o Individual Contractor Management/Security

The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking Ÿ Mobile Computing Risks, Control Activities, and Incident Management Ÿ BYOD Risks, Control Activities, and Incident Management Ÿ Social Networking Risks, Control Activities, and Incident Management

Cyber Standards Ÿ Common Standards

Ÿ ISO 2700 Series Ÿ NIST sp800 Series

Ÿ Common Uses Ÿ Completeness vs. Correctness Ÿ Governance Mapping for Regulatory and Insurance Needs

Auditing Common Security Solutions Ÿ SEIM Ÿ Data Loss Prevention (DLP) Ÿ Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Ÿ Network Segmentation Ÿ Encryption

COURSE TOPICS

Delegate Details

Title First Name Surname

Email

Telephone

Job Title

Organization

Address

Postcode CountryI agree to APC’s payment term. If you have not received an acknowledgment before the conference, please call us to confirm your booking.

Standard terms and conditions

Cancellation and Refund Policy

You must notify us by email at least 48 hours in advance if you

wish to send a substitute participant. Delegates may not

“share” a pass between multiple attendees without prior

authorization. If you are unable to find a substitute, please

notify Achromic Point Consulting (APC) in writing up to 10 days

prior to the conference date and a credit voucher valid for 1

year will be issued to you for the full amount paid, redeemable

against any other APC conference. No credits or refunds will

be given for cancellations received after 10 days prior to the

conference date. APC reserves the right to cancel any

conference it deems necessary and will not be responsible for

airfare, hotel or other costs incurred by registrants. No liability

is assumed by APC for changes in program date, content,

speakers, or venue.

Terms & Conditions

Achromic point holds all the rights to circulate and distribute

the information discussed, shared and presented at the

seminar.

Account No: 914020057251909

Swifts Code: AXISINBBA45 IFSC Code: UTIB0001021

Branch: Kalkaji, New DelhiBank: Axis Bank

MICR Code No: 11021107

Beneficiary Name: Achromic Point Consulting Pvt Ltd

Please make payment to Achromic Point Consulting Pvt Ltd

All bank charges are to be borne by the sender.

contact us at +91 11 2628 1521.*Please email the remittance advice to contactus@achromicpoint.com or

Payment must be received prior the even

Please refer to the following payment options:-

By Cheque/By Demand Draft-All cheques/demand drafts should be crossed, marked 'A/C Payee only' and made payable to 'Achromic Point Consulting Pvt Ltd' with the title of the programme (s) indicated clearly on the back of the cheque/demand draft.

ndB-92/A, 2 Floor (Top Floor), Kalkaji, New Delhi – 110019, India.

By Electronic Transfer- Payment Gateway

011 26281521

marketing@achromicpoint.com

www.achromicpoint.com

Group Discountsnupur.verma@achromicpoint.com

o Reg t iss ty ea rW

Payment Method

Please complete in as information is used to BLOCK CAPITALSproduce delegate badge.

Please photocopy for multiple bookings.

REGISTRATION

10995+GST

INVESTMENTFOR ENROLLING

9500+GST

8+