Sunday, November 19, 2017

Focus and Features

$5.4 million — that’s the average cost of a data breach to a U.S.-based company. It’s no surprise, then, that cybersecurity is a hot topic and a major challenge in internal auditing today. Cybersecurity is as much of a business risk as it is a security one, making it critical for internal auditors to develop the

skill set needed to take on these challenges.

In this course, you will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts within your organization. Developed with and facilitated by leading industry experts, this course will examine preventive, detective, and corrective controls, and how to apply the audit process to a cloud environment. You will also be exposed to the mobile environment and cyber standards, as well as learn how to audit common security solutions.

This course is designed for internal auditors involved in IT audits or those involved in audit activities that require an understanding of how to manage  the impact of cybersecurity events on business risks.

Course Objectives

  • Define cybersecurity from an audit perspective, including an understanding of its scope, limitations, and how to measure effectiveness.
  • Identify the purpose of preventive, detective, and corrective controls.
  • Understand cyber liability insurance and its impact on cybersecurity.
  • Understand cyber standards, state notification laws, and how they affect an organization.
  • Understand how to assess an organization’s cyber capabilities from an attacker perspective, using threat modeling.
  • Assess cybersecurity risks and controls related to using cloud providers or third-party vendors.

What You Will Learn

Overview of Cybersecurity

    What is Cybersecurity?

  • Definition of Cybersecurity
  • Misconceptions
  • Cybersecurity Evolution
  • Types of Risks and Controls

Preventive Controls

  • Purpose of Preventive Controls
  • Types of Attackers
  • Threat Models
  • Anatomy of a Breach

                      o “The Breach Quadrilateral”

  • Preventing Cyber Incidents

                    o Network Controls (Internal and External)

                    o Domain and Password Controls

                    o Access Methods and User Awareness

                    o Application Security

                     o Secure Software Development Lifecycle (SSLDC)

                     o Data Controls

                     o Host and Endpoint Security o Vulnerability Management o  Security Testing

Detective Controls

  • Purpose of Detective Controls
  • Detecting Cyber Incidents
  • Log Detail Concepts
  • Security Information and Event Management (SIEM)

                     o Traditional Silo-Specific Model

                     o Alert Rules

                      o Correlation Rules

  • Data and Asset Classification

 

Who Should Attend

This professional seminar is ideal for all auditors

Facilitator: Mr. Solomon Anastacio, CISA, CISM
                       ICT Risk Manager
                       MERALCO

Schedule: 24 – 25 November 2017
Time:
 8:30am – 5: 00 pm

Venue:  St. Giles Hotel, Makati Ave., Makati City

 

Seminar Investment: 

Member’s Rate: Php9,000

Non-Member’s Rate: Php12,000

No. of CPE Credits : 18*

* IIA Certifications

*BOA Accredited CPD Provider

 

Seminar Inclusions:

  • Seminar Kit
  • Certificate of Participation
  • AM & PM Snack, Buffet Lunch

 

How to Enroll:

  •  email at training@iia-p.org or fax to 325.0414
  • call us at 238-8888 loc 8962 and look for Sheena Malapitan or  Thei Mendoza
  • Click here to register online