Day 1 - Tuesday 06 December, 2022
Opening Session (10:50 AM To 11:00 AM)
Opening Remarks & Introduction
Session One (11:00 AM To 01:00 PM)
CYBERSECURITY OVERVIEW
- Cybersecurity: Technology & Trends
- The Cyber Threat Landscape
- Defense-in-Depth & Layered Security
- Cyber Resilience
Break & Quiz
Session Two (01:20 PM – 03:20 PM)
CYBERSECURITY GOVERNANCE
- Overview of Cybersecurity governance
- Cyber Risk as Strategic Risk
- External Standards & Frameworks
- The NIST Cyber Security Framework
- Cybersecurity Policies and Procedures
Break & Quiz
Session Three (03:40 PM – 05:10 PM)
CYBERSECURITY OPERATIONS
- Key Cybersecurity Risks
- Critical Cybersecurity Controls
- The IIA Three-Lines of Defense Model for Cybersecurity
- Threat and Vulnerability management
- Essential datacenter, cloud, firewall and network security technologies
- Key Processes Set 1: asset, identity, configuration, change, and patch management
- Key Processes Set 2: third party vendor management and software development lifecycle management
Quiz
End of Day Group Interactive Discussion
Take Home Assignment: Reviewing a Case Study of a Notable Cyber Breach
Day 2 - Wednesday 07 December, 2022
Session One (11:00 AM – 01:00 PM)
THE AUDITOR’S ROLE IN CYBERSECURITY
- Preparing for a Cybersecurity Audit Engagement
Break & Quiz
Session Two (01:20 PM – 2:50 PM )
AUDITING CYBERSECURITY GOVERNANCE
- Practical Audit Exercise on Cybersecurity Governance
Break
Session Three (03:10pm To 5:10 pm )
AUDITING CYBERSECURITY OPERATIONS
- Practical Audit Exercise on Cybersecurity Operations
Break
COMMUNICATING CYBERSECURITY RISK TO THE BOARD– 30 MINS
Closing Remarks and Certificate Distribution