Auditing Cybersecurity Programs


This event qualifies for 24 CEUs

This event qualifies for 24 CPEs

This event qualifies for 24 CLPs


Cybersecurity is one of the biggest internal control areas that need executive attention.

You just received an urgent call from the CEO. An e-mail was received demanding $10M Bitcoin to be paid as ransom to unencrypt the company's data.

"Oh no! Maybe if we audited the organization's Cybersecurity program and controls before this happened, we might not be in this mess!"

Sound familiar? Hundreds of Security, Compliance and Audit professionals have faced this dilemma.

As we know, cybersecurity breaches occur throughout the world on a daily basis, and many are unreported. ALL organizations are vulnerable...including our most "secure" government agencies, financial institutions and public utility companies. A comprehensive cybersecurity program is an absolutely essential component of a system of internal control.

How can you assess its effectiveness? Have you conducted an audit? What are the common and not-so-common deficiencies? How can we improve our "security resiliency"?

Please join us for this valuable in-person, interactive training, and allow our expert instructors to carefully guide you as to how to assess the controls and processes of your organization's cybersecurity program. We will transfer our knowledge of this important topic to you in an educational, enjoyable manner. We will provide you with the information to enhance the effectiveness of your cybersecurity program.

This comprehensive in-person event is designed for Internal Auditors, Compliance Analysts, Security Officers and Administrators. Let's learn, grow, and enhance our Security effectiveness! Sign up now!

Follow the below links for further detail information:
. Seminar Highlights
. Learning Objectives
. Key Issues on the Agenda

This course is designed for professionals experienced in working with internal controls and ERM programs.

The retail cost of this CPE seminar is $1,875.00 for each attendee.

Each attendee will receive 24 NASBA CPE hours. Government attendees will satisfy their Yellow Book (YB) requirements. A Certificate of Completion will be provided at the conclusion of the class.

Program Level of Understanding: Intermediate
Prerequisites: Basic understanding of auditing and IT security
Advance Preparation: None
Delivery Format: On-site Training (Group-Live); Seminar (Group-Live)
NASBA Field(s) of Study: "Auditing" and "Information Technology"
CPE Credits: 24, based on 50 minutes of instruction per hour

Seminar Highlights

Obtain a comprehensive understanding of the best-practice components of a Cybersecurity Program and the methods to audit the program.

Event Learning Objectives

. Learn the relationship between risk, control, and audits
. Understand the core features of an effective Cybersecurity Program
. Assess the risks posed by Insider and Outsider threats
. Identify the processes of Account Management
. Determine methods to limit Privileged accounts
. Identify the stages of a Cybersecurity attack
. Learn the tools and techniques for continuous monitoring of security events
. Identify methods to remediate security vulnerabilities

Key Issues on the Agenda

Introduction Section 1 Introduction and Learning Objectives
Section 2 Overview, Definitions and Concepts: Internal Control and Auditing
Section 3 Components of Cybersecurity Programs
Section 4 Internal Control and Cybersecurity Frameworks
Section 5 AICPA Cybersecurity Risk Assessments
Section 6 Security Certifications
Section 7 Security and Privacy Laws and Regulations
Section 8 Breach Disclosure Requirements
Section 9 Understanding the Mission of the Organization
Section 10 Tone at the Top - The Auditor's Influence
Section 11 The Role of the CSO/ CISO
Section 12 Evaluating a Cybersecurity Risk Assessment
Section 13 Security Policy Development, Administration and Auditing
Section 14 Data Classification and Protection Methods
Section 15 Protecting the Physical Equipment
Section 16 Assessing Controls in Network Components
Section 17 Account Authentication
Section 18 Controlling Your Endpoints
Section 19 DevOps Application Security
Section 20 Configuration Management
Section 21 Asset Audits
Section 22 Vendor Management
Section 23 Command, Communication and Control
Section 24 Testing the Controls
Section 25 Corrective Action Plans
Section 26 Case Study: Anatomy of an Attack
Section 27 Countermeasures
Section 28 Summary and Wrap-Up

 

Speaker and Presenter Information

David S. Marshall, MBA, CISA, CFE is a Principal with Infotech Global, a provider of audit, compliance, IT and training services from Chicago, IL area. With over 20 years of experience, he is an expert in internal control, the Sarbanes-Oxley Act and information technology. He has assisted numerous companies, from startups to multinationals, improve their operations by strengthening their internal control programs and complying with Sarbanes-Oxley, as well as providing IT auditing, computer security and fraud prevention training.

During his career, Dave has performed financial, operational and IT audits, security assessments, fraud investigations, financial and manufacturing system implementations, and regulatory compliance assistance. He headed up the IT Audit Consulting group at one of the largest aerospace and defense contractors in the United States, where he conducted enterprise risk assessments, audits, network penetrations, program effectiveness studies, business continuity reviews, fraud examinations, and financial data analysis using IDEA software. Prior to that, he was a senior manager in the management consulting practice PWC, where he performed similar services to Fortune 500 companies, banks and agencies. Dave helped to develop the firms Audit methodology, participated in writing the Institute of Internal Auditors’ System Auditability and Control Guidelines, and conducted quality assurance reviews of internal and external audit groups.

He has an MBA degree, and is a Certified Information Systems Auditors (CISA) and a Certified Fraud Examiner (CFE). He is a member and past board director of the Information Systems Audit and Control Association (ISACA), is a member of the Institute of Internal Auditors (IIA) and helped organize the IIA International Conference, and is the President of the Chicago Chapter of the Association of Certified Fraud Examiners (ACFE). Mr. Marshall and Mr. Blackshire have been presenting informative and entertaining seminars on internal control, corporate governance and Sarbanes-Oxley Act compliance since 2004.

Expected Number of Attendees

15

Relevant Government Agencies

Air Force, Army, Navy & Marine Corps, Intelligence Agencies, DOD & Military, Office of the President (includes OMB), Dept of Agriculture, Dept of Commerce, Dept of Education, Dept of Energy, Dept of Health & Human Services, Dept of Homeland Security, Dept of Housing & Urban Development, Dept of the Interior, Dept of Justice, Dept of Labor, Dept of State, Dept of Transportation, Dept of Treasury, Dept of Veterans Affairs, EPA, GSA, USPS, SSA, NASA, Other Federal Agencies, Legislative Agencies (GAO, GPO, LOC, etc.), Judicial Branch Agencies, State Government, County Government, City Government, Municipal Government, CIA, FEMA, Census Bureau, Office of Personnel Management, Coast Guard, National Institutes of Health, FAA, USAID, State & Local Government, National Guard Association, EEOC, Federal Government, FDA, Foreign Governments/Agencies, NSA, FCC


This event has no exhibitor/sponsor opportunities


When
Mon-Wed, Jul 12-14, 2021, 9:00am - 5:00pm CT


Where
Oak Brook Pointe
700 Commerce Drive
Oak Brook, IL 60523
Get directions


Website
Click here to visit event website


Organizer
Corporate Compliance Seminars


Contact Event Organizer



Return to search results