Upload
others
View
3
Download
0
Embed Size (px)
Citation preview
AUDITING IN AN UNSECURE W RLD
2018Sept
New Delhi
7
Oct
Hyderabad
12
Oct
Bengaluru
24
Nov
Chennai
2
Dec
Mumbai
14
Marketing Partner Content Partner
IIA GLOBAL TRAINING MATERIAL HOURS8CPE
In this course, you will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts within your organization. Developed with and facilitated by leading industry experts, this course will examine preventive, detective, and corrective controls, and how to apply the audit process to a cloud environment. You will also be exposed to the mobile environment and cyber standards, as well as learn how to audit common security solutions.
$5.4 million — that's the average cost of a data breach to a U.S.-based company. It's no surprise, then, that cybersecurity is a hot topic and a major challenge in internal auditing today. Cybersecurity is as much of a business risk as it is a security one, making it critical for internal auditors to develop the skill set needed to take on these challenges.
Course Description
Ÿ Understand cyber liability insurance and its impact on cybersecurity. Ÿ Identify the purpose of preventive, detective, and corrective controls.
Ÿ Assess cybersecurity risks and controls related to using cloud providers or third-party vendors.
Ÿ Understand how to assess an organization's cyber capabilities from an attacker perspective, using threat modeling.
Ÿ Define cybersecurity from an audit perspective, including an understanding of its scope, limitations, and how to measure effectiveness.
Ÿ Understand cyber standards, state notification laws, and how they affect an organization.
ABOUTTHISCOURSE
CourseObjectives
This course is designed for internal auditors involved in audits or ITthose involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks.
Ÿ Types of Risks and Controls
Ÿ Misconceptions
Ÿ What is Cybersecurity? Ÿ Definition of Cybersecurity
Ÿ Cybersecurity Evolution
Overview of Cybersecurity
Preventive Controls Ÿ Purpose of Preventive Controls Ÿ Types of Attackers Ÿ Threat Models Ÿ Anatomy of a Breach
Ÿ "The Breach Quadrilateral" Ÿ Preventing Cyber Incidents
Ÿ Network Controls (Internal and External) Ÿ Domain and Password Controls Ÿ Access Methods and User Awareness Ÿ Application Security Ÿ Secure Software Development Lifecycle (SSLDC) Ÿ Data Controls Ÿ Host and Endpoint Security Ÿ Vulnerability Management Ÿ Security Testing
Detective Controls Ÿ Purpose of Detective Controls Ÿ Detecting Cyber Incidents Ÿ Log Detail Concepts Ÿ Security Information and Event Management (SIEM)
Ÿ Traditional Silo-Specific Model Ÿ Alert Rules Ÿ Correlation Rules
Ÿ Data and Asset Classification
Corrective Controls Ÿ Purpose of Corrective Controls Ÿ Incident Response and Investigation Process
Ÿ Incident Scoping and Evidence Preservation Ÿ Forensic Analysis Ÿ Defining Period of Compromise Ÿ Evaluating Risk of Harm to Information Ÿ Production of Data for Review
Ÿ Corrective Actions Ÿ Incident Response Tasks Ÿ Identifying Potential Evidence Sources
Ÿ Detection Dependencies Ÿ Understanding the Scope of the Breach Ÿ Identifying Compromised Systems and Applications Ÿ Determining Scope of Information to Be Preserved Ÿ Preparing for Future Media and Legal Inquiries
COURSE TOPICS
Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws Ÿ Mitigating Costs and Risks
Ÿ Organizational Programs Ÿ Specific Preparation Tasks Ÿ Response Documentation Ÿ Data Segregation Ÿ Network and Application Patch Management Ÿ Backup and Archiving Solutions Ÿ Enterprise Monitoring Solutions
Ÿ Insurance Overview Ÿ Security and Privacy Liability Ÿ Regulatory Defense and Penalties Ÿ Payment Card Industry Fines and Penalties Ÿ Breach Response Costs
Ÿ Notification Law Overview Ÿ Who the Laws Apply To Ÿ What the Laws Do
Applying the Audit Process to a Cloud Environment or Third-Party Service Provider Ÿ Cloud Providers
Ÿ Assessing the Provider Ÿ Evaluating the Data Ÿ Selecting the Provider Ÿ Annual Assessment/Service Organization Control (SOC) Reports
Ÿ Third-Party Service Providers Ÿ o Contractual Risks Ÿ o Vendor Management Program Ÿ o Individual Contractor Management/Security
The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking Ÿ Mobile Computing Risks, Control Activities, and Incident Management Ÿ BYOD Risks, Control Activities, and Incident Management Ÿ Social Networking Risks, Control Activities, and Incident Management
Cyber Standards Ÿ Common Standards
Ÿ ISO 2700 Series Ÿ NIST sp800 Series
Ÿ Common Uses Ÿ Completeness vs. Correctness Ÿ Governance Mapping for Regulatory and Insurance Needs
Auditing Common Security Solutions Ÿ SEIM Ÿ Data Loss Prevention (DLP) Ÿ Intrusion Detection System (IDS)/Intrusion Prevention System (IPS) Ÿ Network Segmentation Ÿ Encryption
COURSE TOPICS
Delegate Details
Title First Name Surname
Telephone
Job Title
Organization
Address
Postcode CountryI agree to APC’s payment term. If you have not received an acknowledgment before the conference, please call us to confirm your booking.
Standard terms and conditions
Cancellation and Refund Policy
You must notify us by email at least 48 hours in advance if you
wish to send a substitute participant. Delegates may not
“share” a pass between multiple attendees without prior
authorization. If you are unable to find a substitute, please
notify Achromic Point Consulting (APC) in writing up to 10 days
prior to the conference date and a credit voucher valid for 1
year will be issued to you for the full amount paid, redeemable
against any other APC conference. No credits or refunds will
be given for cancellations received after 10 days prior to the
conference date. APC reserves the right to cancel any
conference it deems necessary and will not be responsible for
airfare, hotel or other costs incurred by registrants. No liability
is assumed by APC for changes in program date, content,
speakers, or venue.
Terms & Conditions
Achromic point holds all the rights to circulate and distribute
the information discussed, shared and presented at the
seminar.
Account No: 914020057251909
Swifts Code: AXISINBBA45 IFSC Code: UTIB0001021
Branch: Kalkaji, New DelhiBank: Axis Bank
MICR Code No: 11021107
Beneficiary Name: Achromic Point Consulting Pvt Ltd
Please make payment to Achromic Point Consulting Pvt Ltd
All bank charges are to be borne by the sender.
contact us at +91 11 2628 1521.*Please email the remittance advice to [email protected] or
Payment must be received prior the even
Please refer to the following payment options:-
By Cheque/By Demand Draft-All cheques/demand drafts should be crossed, marked 'A/C Payee only' and made payable to 'Achromic Point Consulting Pvt Ltd' with the title of the programme (s) indicated clearly on the back of the cheque/demand draft.
ndB-92/A, 2 Floor (Top Floor), Kalkaji, New Delhi – 110019, India.
By Electronic Transfer- Payment Gateway
011 26281521
www.achromicpoint.com
Group [email protected]
o Reg t iss ty ea rW
Payment Method
Please complete in as information is used to BLOCK CAPITALSproduce delegate badge.
Please photocopy for multiple bookings.
REGISTRATION
10995+GST
INVESTMENTFOR ENROLLING
9500+GST
8+