With an increasing number of businesses being technology and data driven, organizations have been met with an equal rise in cyberthreats and cybersecurity challenges that threaten their ability to meet their strategic goals. Additionally, the steady uptick in legal, regulatory and contractual compliance obligations around information security and cybersecurity as well data has made it such that organizations, and indeed cybersecurity professionals, need to have a comprehensive idea of cybersecurity issues and challenges to ensure organizational preparedness and protection against cyber-attacks.

Organizations need to be able to assess the effectiveness of an organization’s Cybersecurity program. They need to understand the organization’s cyber assets, what controls should be in place around these assets and how to perform substantive tests to assess their effectiveness in mitigating cybersecurity threats.

The Cybersecurity Audit Masterclass aims to equip professionals with technical expertise to conduct cybersecurity program assessment; identify control gaps that exist, their criticality and impact to the organization and make practical recommendations to improve the organization’s cybersecurity posture.  

  1. To enable the participant to acquire comprehensive understanding of cyber-related risks and the ability to prepare for and perform cybersecurity audits taking into consideration the organisation’s cyber risks
  2. To enable the participant to gain knowledge on the latest best practices that include international standards and frameworks that should guide the performance of cybersecurity audits
  3. To enable the participant to conduct cybersecurity program assessments; identify control gaps that exist, their criticality and impact to the organization

Day One

Cybersecurity Concepts

  • Definitions; Cybersecurity, cyber assets, threats, vulnerabilities etc.
  • Cybersecurity Threats and Attack Mechanisms
  • Cyber Laws, Regulations and Contractual Requirements, Cyber Insurance
  • Roles of stakeholders in Cybersecurity

Cybersecurity Risk Management

  • Introduction to Risk Management Frameworks to address Cybersecurity Risks
  • ISO 31000, Risk management – Principles and guidelines, provides principles and generic guidelines on risk management
  • ISO/IEC 27005, Information technology – Security techniques – Information security risk management
  • Guidelines for organizations, including service providers:

—  management of information security risk in the business; and

—  security requirements for hosting services and other application services

Day Two

Auditing Cybersecurity Programs against Best Practice Frameworks

Introduction to Cybersecurity Best Practice Frameworks

  • NIST Cybersecurity Framework
  • ISO 27032 – Information technology — Security techniques — Guidelines for cybersecurity
  • ISO 27001 – Information Security Management System Requirements

Auditing Cybersecurity Controls

  • Application Level Controls
  • Server Protection
  • End-User Controls
  • Controls against Social-engineering attacks
  • Cybersecurity readiness
  • Cybersecurity Information sharing and coordination

Day Three

Impact of Trends and Technologies on Cybersecurity

  • Security Incident & Event Management (SIEM)
  • Cloud Computing
  • Mobile Security
  • Virtualized Security
  • Machine Learning and Artificial Intelligence
  • Internet of Things(IoT)

Case Study