Aan IT auditors wordt steeds vaker gevraagd uitspraken te doen over (cyber)security controls die een organisatie in meer of mindere mate heeft ingebouwd. Omdat cybersecurity slechts beperkt aan bod komt in de reguliere IT audit opleidingen, ontbreekt vaak voldoende kennis om hier gefundeerde uitspraken over te doen en dit vakgebied mee te kunnen nemen in een audit.

De Cybersecurity Audit opleiding van ISACA vult dit gat en geeft IT audit/assurance professionals grondige kennis op het gebied van (cyber)security controls, kwetsbaarheden, technieken, frameworks, wet- en regelgeving en strategieën. Hiermee bent u na de training in staat zelfstandig Cybersecurity Audits uit te voeren. 

Naast IT auditors profiteren ook IT Risk professionals van deze training waarin zij relevante kennis opbouwen over cybergerelateerde risico's en beheersmaatregelen.

Wat kan ik na deze training?

• Understand Security Frameworks to Identify Best Practices
• Define threat and vulnerability management
• Assess threats with the help of vulnerability management tools
• Build and deploy secure authorization processes
• Explain all aspects of cybersecurity governance
• Distinguish between firewall and network security technologies
• Enhance asset, configuration, change and patch management practices
• Manage enterprise identity and information access
• Identify application security control
• Identify cyber and legal regulatory requirements to aid in compliance assessments
• Identify weaknesses in cloud strategies and controls
• Perform cybersecurity and third-party risk assessments
• Identify the benefits and risks of containerization
• And much more!

Duur training

3 dagen

Globale inhoud

Cyber security audit - Introduction

• Digital asset protection
• Lines of defense
• Role of audit
• Audit objectives
• Audit scope

Cyber security governance

• Cyber security roles and responsibilities
• Security frameworks
• Security organization goals and objectives
• Cyber security policy and standards
• Cyber and legal/regulatory requirements
• Information asset classification
• Cyber security insurance
• Cyber security risk assessment
• Cyber security awareness training and education
• Social media – risk and control
• Third-party assessment
• Service providers
• Supply Chain Risk Management (SCRM)
• Performance measurement

Cyber security operations

• Concepts and definitions
• Threat and vulnerability management
• Enterprise Identity and Access Management (IAM)
• Configuration management/asset management
• Change management
• Patch management
• Network security
• Build and deploy/secure authorization process for IT
• Incident management
• Client endpoint protection
• Application security
• Data backup and recovery
• Security compliance
• Cryptography

Cyber security technology – topics

• Firewall and network security technologies
• Security Incident & Event Management (SIEM)
• Wireless technology
• Cloud computing
• Mobile security
• Internet of Things (IoT)
• Virtualization security
• Industrial Control Systems (ICS)