Udemy
    •  
    •  
    •  
    •  
    •  
    •  
    •  
    •  
Subscribe
Turn what you know into an opportunity and reach millions around the world.
Learn More
Your cart is empty.
Keep shopping
Cybersecurity Audit School
Rating: 4.6 out of 5(20 ratings)
130 students

Cybersecurity Audit School

"Enhancing Auditors' Roles in Cyber Risk Management and Control Assessment"
Created byStone River eLearning, Stone River eLearning
Last updated 10/2024
English

What you'll learn

  • Be able to identify and assess cybersecurity risks specific to their organization.
  • Understand how to implement and evaluate cybersecurity controls.
  • Recognize the auditor's role in the cybersecurity landscape and how to collaborate with cybersecurity teams.
  • Gain practical experience through scenarios that reinforce theoretical concepts.

Explore related topics

Course content

1 section58 lectures18h 31m total length

  • Overview1:57

    Learn how cybersecurity relates to audit, with practical assessments, audits, and best practices, tips, tools, and techniques to prepare, conduct, and communicate findings.

  • Cybersecurity Key Concepts18:33
  • Cybersecurity History and Breaches17:42
  • Types of Cyber Attacks - Human17:49
  • Types of Cyber Attacks - Technical22:14
  • Cybersecurity Frameworks, Standards19:59
  • NIST Frameworks and Standards15:29
  • Industry Frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)23:35
  • Cybersecurity Oversight, Governance & Compliance22:12
  • Security Policies22:21
  • Security Risk Management Overview21:24

    Explore what risk management means in cybersecurity, distinguish risk, threat, and vulnerability, and learn how risk assessments, stakeholders, and cost-benefit guide informed, data-centric security decisions.

  • Threat Analysis17:52
  • Security Risk Management in Practice21:48
  • Asset Identification and Inventory20:48
  • Third-party / Service Provider Management15:09
  • Business Impact Assessment14:54
  • Configuration Management and Change Control16:10
  • Defending Business Assets Overview19:02
  • Identity and access management22:14
  • Authentication and Authorization20:43

    Learn how authentication and authorization verify identity using something you know, something you have, something you are, and geolocation, then implement multi-factor authentication and just in time access.

  • Vulnerability and Patch Management23:06
  • Security awareness18:53
  • Physical Security19:34
  • Personnel Security22:21
  • Computer Networking Fundamentals19:36

    Discover how computer networks transfer data from applications to devices using the OSI seven-layer model, TCP/IP handshakes, IPv4/IPv6 addressing, DHCP, MAC addresses, and port-based protocols for cybersecurity auditing.

  • Network Defenses22:19
  • Network Security Access Controls20:43
  • EndPoint and System Security Configuration15:52
  • EndPoint and System Security Protection22:19
  • Application Security21:48
  • Cloud & Virtualization Security22:40
  • Encryption Concepts18:57

    Explore encryption and cryptography, revealing how algorithms and keys protect confidentiality, integrity, and availability across networks with transport layer security and digital certificates, and distinguish encoding, obfuscation, and steganography.

  • Cryptographic Algorithms22:55
  • Encryption - Public Key Infrastructure15:14
  • Data Privacy Controls20:13
  • Securing Data25:25
  • Logging, monitoring and alerting16:44
  • Incident Response (IR) Planning20:51
  • Incident Response (IR) Testing19:53
  • Digital Forensics14:04
  • Recovering Systems21:22
  • Business Continuity and Recovery14:54
  • The Auditor's Role23:06
  • CISO's Role19:25
  • Establishing Audit Scope17:27

    Discover how to establish audit scope for cyber security by defining what, when, where, and how, outlining in and out of scope items and data flows across production and cloud.

  • Building the Audit Plan28:02

    Define audit goals and scope, secure management support, and build a project plan with sequencing and profiling of current state, policies, and risk-based gaps to drive action.

  • Cybersecurity evaluation methods16:27

    Learn cybersecurity evaluation methods, including interviews, examinations, and technical tests, and how to define scope and objectives while aligning findings with frameworks like NIST, ISO, and HIPAA.

  • Vulnerability Assessments, Scanning and Testing20:58
  • Penetration Testing22:48

    Learn the penetration testing lifecycle from recon and scope to exploitation and reporting, with ethical testing, tools like OWASP ZAP and Burp Suite, and red, blue, and purple team roles.

  • Security Maturity Models14:55
  • Auditing using NIST frameworks16:58
  • Auditing other security frameworks, standards ISO15:32
  • Auditing PCI DSS19:37
  • Cybersecurity Auditing Examples15:30
  • Collecting and Organizing Cybersecurity Evidence24:26

    Collect, organize, and evaluate cybersecurity evidence across audits by gathering documents, policies, configurations, logs, and risk data, then apply root-cause analysis to support control-based conclusions.

  • NIST Reporting Requirements19:43
  • Prioritizing Risks and Influencing decisions18:53
  • Course Summary and Conclusion5:51

Requirements

  • Participants are expected to have the following foundational knowledge and skills before enrolling in the course:
  • 1. Basic Understanding of Auditing Principles: Familiarity with auditing concepts, processes, and methodologies is essential.
  • 2. Introductory Knowledge of Cybersecurity: A general understanding of cybersecurity terms, concepts, and common threats is beneficial.
  • 3. Experience with Risk Management: Prior experience or coursework related to risk assessment and management will enhance comprehension of course material.
  • 4. Familiarity with Regulatory Standards: Awareness of industry standards and regulations related to cybersecurity, such as GDPR, HIPAA, or PCI-DSS, is advantageous.
  • While these prerequisites are recommended, a strong desire to learn and engage with cybersecurity topics will also support participants' success in the course.

Description

In an era of increasing cyber threats, auditors must go beyond traditional roles and understand the complexities of cybersecurity. This course equips participants with the knowledge and skills to effectively contribute to their organization's cybersecurity efforts. Attendees will explore the risks associated with cyberattacks, learn how to design and implement robust controls, and understand compliance with industry standards and regulations.

Key topics include effective control frameworks, identifying warning signs of potential incidents, and employing investigative techniques to analyze cybersecurity breaches.

By the end of the course, attendees will be empowered to assess the effectiveness of cybersecurity controls and understand their crucial role as members of their organization’s “Cyber Defense Team.” This comprehensive program is essential for auditors aiming to enhance their contributions to safeguarding organizational data and infrastructure. Join us to build your expertise in cybersecurity and ensure your organization is well-prepared to face evolving threats.

Key Topics:

  • Cybersecurity Fundamentals: Overview of key concepts, terminology, and frameworks in cybersecurity.

  • Control Frameworks: Examination of popular cybersecurity frameworks (e.g., NIST, ISO 27001) and their application in organizational contexts.

  • Positioning Controls: Strategies for determining the most effective placement of cybersecurity controls within organizational processes.

  • Substantive Testing: Techniques for assessing the effectiveness of cybersecurity controls through substantive testing.

Who this course is for:

  • This course is ideal for anyone looking to strengthen their skills in cybersecurity assessment and contribute effectively to their organization’s cyber defense strategy.

Report abuse