Day 1 - Monday 24 October, 2022
Opening Session (10:50 To 11:10)
Opening Remarks & Introduction
Session One (11:00 To 13:00)
CYBERSECURITY OVERVIEW
- Cybersecurity: Technology & Trends
- The Cyber Threat Landscape
- Defense-in-Depth & Layered Security
- Cyber Resilience
Break & Quiz
Session Two (13:20 To 15:20 )
CYBERSECURITY GOVERNANCE
- Overview of Cybersecurity governance
- Cyber Risk as Strategic Risk
- External Standards & Frameworks
- The NIST Cyber Security Framework
- Cybersecurity Policies and Procedures
Break & Quiz
Session Three (15:40 TO 17:10)
CYBERSECURITY OPERATIONS
- Key Cybersecurity Risks
- Critical Cybersecurity Controls
- The IIA Three-Lines of Defense Model for Cybersecurity
- Threat and Vulnerability management
- Essential datacenter, cloud, firewall and network security technologies
- Key Processes Set 1: asset, identity, configuration, change, and patch management
- Key Processes Set 2: third party vendor management and software development lifecycle management
Quiz
End of Day Group Interactive Discussion
Take Home Assignment: Reviewing a Case Study of a Notable Cyber Breach
Day 2 - Tuesday 25 October, 2022
Session One (11:00 To 13:00)
THE AUDITOR’S ROLE IN CYBERSECURITY
- Preparing for a Cybersecurity Audit Engagement
- Practical Audit Exercise on Cybersecurity Governance
Break & Quiz
Session Two (13:20 To 14:50)
AUDITING CYBERSECURITY GOVERNANCE
- Practical Audit Exercise on Cybersecurity Governance
Break
Session Three (15:10 TO 17:10)
AUDITING CYBERSECURITY OPERATIONS
- Practical Audit Exercise on Cybersecurity Operations
- Communicating the Cybersecurity Risk to the Board
Break
Session Four (17:30 TO 18:00)
COMMUNICATING CYBERSECURITY RISK TO THE BOARD– 30 MINS
Closing Remarks