Assessing A Cyber Program - ITG251WEB


This course covers how to design, maintain and assess the effectiveness of cybersecurity programs, what controls are needed, where the controls should be positioned, and how to perform substantive tests to assess the controls’ reasonable effectiveness.


Tuition cost


NASBA Certified CPE

6 Credits


Why you should attend

You should attend because cybersecurity risks have increased substantially and the IIA has issued advisories stating that all internal auditors must have sufficient knowledge of key information technology risks and controls.

Who should attend

Financial, operational, business applications, IT and external auditors; quality assurance personnel; audit managers and directors; and systems analysts.

What You'll learn

You will learn how to conduct and evaluate vulnerability assessments and cybersecurity programs.




Vulnerability Assessment:

  • Assessment Components
  • Conducting
  • Evaluating Self Assessment Audit

Threat Analysis:

  • Assessment Components
  • Conducting
  • Evaluating Self-assessment Audit

Cybersecurity Risk Assessment:

  • Assessment Components
  • Conducting
  • Evaluating Self-assessment Audit

Cybersecurity Program:

  • Assessment Components
  • Conducting
  • Evaluating Self-assessment Audit

Conducting A Cybersecurity Program Assessment based on the Top 20 Controls Identified in CIS Critical Security Controls V7

  • Inventory Authorized and Unauthorized Devices
  • Inventory Authorized and Unauthorized Software
  • Secure Configurations
  • Continuous Vulnerability Assessment and Remediation
  • Control Use of Administrative Privileges
  • Maintenance, Monitoring and Analysis of Audit Logs
  • Email and Web Browser Protection
  • Malware Defenses
  • Limitation and Control of Network Ports, Protocols and Services
  • Data Recovery Capability
  • Security Configurations for Network Devices
  • Boundary Defenses
  • Data Protection
  • Controlled Access Based on Need to Know
  • Wireless Access Control
  • Account Monitoring and Control
  • Security Skills Assessment and Training
  • Application Software Security
  • Incident Response and Management
  • Penetration Test and Red Team Exercises

Schedule your course

Use the table below to select the time and location that works best for you.

We don't currently have any dates scheduled for this course.


ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: