How to Perform an Information Security Audit

Name: How to Perform an Information Security Audit
Price: 44.99 USD
Rating: 4.5 (43 reviews)

What you need to know to perform information security audits

(43 ratings)

317 students

Created by Adrian Resag, QIAL, CMIIA, CIA, CRMA, CFSA, GRCP, IAAP, CIMA Adv Dip MA

Last updated 4/2025

English

English [Auto]

What you'll learn

Understand how to properly plan engagements by determining their objectives, criteria and scope.
Know how to create working papers to document an audit and learn about different ways to staff an audit.
Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.
Learn how to communicate engagement results and the process of acceptance of risks. Learn how to monitor progress on the implementation status of internal audit
Know about which threats to information security should be assessed, including threats to the integrity of data, confidentiality and the availability of data.
Be able to evaluate privacy risks, risks from smart devices, insider threats, illicit software threats and cybersecurity threats amongst others.
Be able to evaluate risks by using the Asset-Threat-Vulnerability triangle.
Know about the different types of information security controls, including IT general controls.
Be able to put in place a solid governance over information security, such as by putting in place IT management and governance controls.
Be able to implement the segregation of IT duties and IT departmentalization, an information security framework and cybersecurity governance and policies.
Be able to apply the Three Lines of Defense Model in cybersecurity.
Learn about controls such as identity access management and authentication, encryption and firewalls, data privacy and protection controls.
Know about application and access controls, technical IT infrastructure controls, external connections controls and 3rd party information security controls.

Requirements

No prior experience or knowledge is required.

Description

We are glad to bring you a course to learn how to perform information security audits.

This course is ideal for:

IT and information security professionals who wish to learn techniques on how to assess the security of their information and the vulnerability of their information systems; and
Auditors or others performing assessments who wish to learn more about performing information security audits.

The course will give you the knowledge and tools necessary to perform information security audits, starting from how to plan them, how to perform and how to report on the results of the engagement. It will teach you about which threats to assess and which controls should be put in place.

It is taught by Adrian Resag, an experienced and CISA certified information security auditor who has decades of experience evaluating information security, IT and ISO 27001 in many organizations.

The course covers:

Performing Information Security Audits

Planning Engagements

Understand how to properly plan engagements by determining their objectives, criteria and scope.
Know how to create working papers to document an audit and learn about different ways to staff an audit.

Performing Engagements

Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.

Communicating Progress and Results

Learn how to communicate engagement results and the process of acceptance of risks. Learn how to monitor progress on the implementation status of internal audit recommendations.

Information Security Threats and Controls

Threats to information security

Know about which threats to information security should be assessed, including threats to the integrity of data, confidentiality and the availability of data.
Be able to evaluate privacy risks, risks from smart devices, insider threats, illicit software threats and cybersecurity threats amongst others.
Be able to evaluate risks by using the Asset-Threat-Vulnerability triangle.

Controls over information security

Know about the different types of information security controls, including IT general controls.
Be able to put in place a solid governance over information security, such as by putting in place IT management and governance controls.
Be able to implement the segregation of IT duties and IT departmentalization, an information security framework and cybersecurity governance and policies.
Be able to apply the Three Lines of Defense Model in cybersecurity.
Learn about controls such as identity access management and authentication, encryption and firewalls, data privacy and protection controls.
Know about application and access controls, technical IT infrastructure controls, external connections controls and 3rd party information security controls.

Who this course is for:

Current or future IT and information security professionals who wish to learn techniques on how to assess the security of their information and the vulnerability of their information systems.
Auditors or others performing assessments who wish to learn more about performing information security audits.

Adrian Resag, QIAL, CMIIA, CIA, CRMA, CFSA, GRCP, IAAP, CIMA Adv Dip MA

Founder of the Risk Governance Institute

4.5 Instructor Rating
8,074 Reviews
24,671 Students
15 Courses

I have a great passion in the areas of internal audit, governance, risk management, artificial intelligence, IT & information systems auditing, internal control and fraud prevention. I would like to share those great interests of mine with those who wish to learn.

I am currently Head of Internal Audit, Risk Management and Internal Control to a well-known luxury brand, and previously was Head of Internal Audit in a global financial services institution and Chief Internal Auditor to the European subsidiary of a major global bank. I worked as Group Internal Auditor in the energy sector and advisor in internal audit in a 'Big-4' consulting firm.

I founded the Risk Governance Institute which provides courses, training and consulting services.

I have been teaching students and professionals in university, institutions and organizations.

I am currently working on creating a certification in Audit & Assurance and another in Compliance & Ethics with a major institution.

I hold the following qualifications and certifications:

- Qualification in Internal Audit Leadership (QIAL) from the Institute of Internal Auditors (IIA);

- Chartered Internal Auditor (CMIIA) from the Chartered Institute of Internal Auditors;

- Certified Internal Auditor (CIA) from the Institute of Internal Auditors (IIA);

- Governance, Risk & Compliance Professional (GRCP) from OCEG;

- I (re-)created the certification Governance, Risk & Compliance Auditor (GRCA) for OCEG;
- I created the certification Integrated Audit & Assurance Professional (IAAP) for OCEG;
- I created the certification Integrated Risk Management Professional (IRMP) for OCEG;

- I created the certification Integrated Compliance & Ethics Professional (ICEP) for OCEG;

- I created the certification Integrated Artificial Intelligence Professional (IAIP) for OCEG;

- Certification in Risk Management Assurance (CRMA) from the Institute of Internal Auditors (IIA);

- Certified Financial Services Auditor (CFSA) from the Institute of Internal Auditors (IIA);

- Certification in Control Self-Assessment (CCSA) from the Institute of Internal Auditors (IIA);

- Technical Specialist of the Institute of Risk Management (SIRM);

- The Advanced Diploma in Management Accounting (Adv Dip MA) from the Chartered Institute of Management Accountants (CIMA);

- ISO 22301 (Business Continuity Management Systems) trained and experienced Lead Auditor; and

- ISO 27001 (Information Security Management Systems) highly experienced Lead Auditor.

- ISO 42001 (Artificial Intelligence Management Systems) Lead Implementer and Lead Auditor, certified by PECB.