Explore ACI

Learning HubsPractice LabsAuditProITProPartnerships
CatalogCertificationCPE

Explore ACI

Learning HubsPractice LabsAuditProITProPartnerships
BlogGET STARTED
  1. <Home>
  2. Course Catalog>
  3. Cybersecurity Risks from an Audit Manager's Perspective - OAM302

Cybersecurity Risks from an Audit Manager's Perspective - OAM302

Overview

New regulations, increasing IT security threats and staff shortages challenge audit management to address the organization’s IT risks. This course covers recent security breaches to put into perspective a strategy to help avoid devastating harm to the organization’s reputation from these headline-making security breaches. This course provides working knowledge of IT terms and concepts; updates on new and emerging technologies affecting your business, and ways to establish a strategic response.

 

Learning Options

Below are the available learning options for this course:

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize Your Training

NASBA Certified CPE

16 Credits

Auditing

Why you should take this course

You should attend because internal audit management must be aware of cybersecurity risks, their source, and mitigating techniques to effectively advise management and the board.

Who should take this course

Internal audit seniors, and managers involved with identifying, assessing and reporting on the technology-related risks for their internal audit projects or for the internal audit risk assessment.

What You'll learn

You will learn about a wide range of technologies, the challenges posed by technological change, and ways to provide assurance that IT risks are being adequately addressed.

Prerequisites

  • Fundamentals of Internal Auditing - OAG101
  • Equivalent Experience

 

IT Risks:

  • update on recent security breaches
  • data breach commonalities
  • how hackers are hacking
  • IT risk definitions
  • information security objectives
  • IT audit engagement strategies
  • IT control categories

Basics of Information Technology - Battling the Buzzwords:

  • why learn about technology?
  • defining cyberspace & cybersecurity
  • Operating Systems (OS)
  • mainframe & client/server technology
  • middleware
  • virtualization / virtual servers
  • network environment

Logical Security Risks and Controls:

  • social media and social engineering
  • components of access control
  • user identification and authentication
  • authorization and user access controls
  • log management
  • patch management
  • vulnerability assessments
  • systems administrator / privileged access

Network Risks and Controls:

  • what is a “network”?
  • networking risks
  • LANs & WANs
  • network addressing
  • encryption
  • firewalls
  • Intrusion Detection Systems (IDS / IPS)
  • Virtual Private Networks (VPNs)
  • wireless
  • cloud computing

Database Risks and Controls:

  • Database Management Systems (DBMS)
  • database terminology
  • database risks
  • relational databases
  • database audit procedures

IT General Controls:

  • change management
  • business continuity / disaster recovery
  • physical security
  • environmental exposures

Auditing System Development Projects:

  • business risks
  • getting involved … how, when, who?
  • audit’s coverage
  • auditing waterfall and RAD Projects
  • communicating audit’s roles and results
  • audit staffing
  • audit resources

Assessing IT Governance:

  • what is IT governance?
  • IT governance risks
  • determining the IT governance audit scope
  • using COBIT® 2019 to assess IT governance

Audit and Control Frameworks and Standards:

  • IIA - Global Technology Audit Guides
  • COBIT®
  • ISO 27002 Security Standard
  • NIST Cybersecurity Framework
  • Center for Internet Security - 20 Critical Security Controls
  • FISMA (NIST 800-53) - Federal Information Security Modernization Act

Learning Options

Below are the available learning options for this course:

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize Your Training

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org.