Cybersecurity Audit School - ITG250


Organizations need to establish robust cybersecurity programs to:  

  1. Address risks to organizational infrastructure and data from cyberattacks through effective control design, the establishment of protection measures, identification of warning signs, and investigative techniques.
  2. Establish compliance with industry standards and regulatory requirements.  

Today’s auditor needs to know more than just the terms and concepts regarding cybersecurity. They need to understand what controls are needed, why they are important, where the controls should be positioned, and how to perform substantive tests to assess the control’s reasonable effectiveness specifically related to cybersecurity. This class will explore cybersecurity through a series of lecture segments and related scenarios based on actual events designed to reinforce the attendee’s knowledge of effective control design, execution, warning signs, and investigative techniques. By the end of the session, attendees will be armed with additional knowledge of how to implement and assess controls and how, as auditors, they can be valued players in their organization's “Cyber Defense Team.” 


Tuition cost


NASBA Certified CPE

32 Credits


Why you should attend

You should attend so you can better help your organization protect itself from hackers and other bad actors that have motives and skills to exploit and take advantage of cybersecurity weaknesses.

Who should attend

Auditors and IT professionals seeking a foundational understanding of Cybersecurity

What You'll learn

You will learn what controls are needed, where the controls should be positioned and how to perform substantive tests to assess the cybersecurity controls.


  • Fundamentals of Internal Audit (OAG101)
  • IT Audit School (ITG121) or equivalent experience

Course Objectives 

  • Assess techniques for implementing the NIST Cybersecurity and Risk Management Frameworks. 
  • Adapt methods for identifying, managing, and mitigating compliance risks for a sample of a real-world organization. 
  • Interpret case studies showing how sample organizations solved common security problems using the NIST CSF and RMF. 
  • Apply procedures and tools to apply the NIST Cybersecurity Framework's Five Functions. 
  • Evaluate publications, procedures, and tools for applying the NIST Risk Management Framework's Six Steps for an organization. 
  • Choose best practices for NIST CSF and RMF audits or assessments for organizations of all sizes, structures, and sectors. 

Course Topics 

  1. What is Cybersecurity? 
  2. How Hackers Attack? 
  3. Cyber Law and Ethics 
  4. Cyber Insurance Fundamentals 
  5. Contract Basics 
  6. The OSI Model 
  7. Asset and Configuration Management 
  8. Application Protections 
  9. Cybersecurity Prevention 101: What Can Companies Do to Reduce the Impact of a Cybersecurity Attack? 
  10. Investigation Techniques 
  11. Other Critical Processes 
  12. Developing a Cyber Awareness Program 
  13. The Auditors Role in Cyber Defense 
  14. Scoping and Auditing Cybersecurity 

Schedule your course

Use the table below to select the time and location that works best for you.

Timezone: Europe/London

August 2021

Aug 9th, 2021-Aug 12th, 2021

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: