• Classroom

Each year in the United States and around the world regulations are enhanced to further protect citizens and nations form those wanting to gain from others. This five-day course will focus on three highly relevant topics concerning corporations and individuals today: Cyber Security, IT Governance and Data Privacy.

The program is designed to heighten an Auditor's knowledge of Cybersecurity, Data Privacy and IT Governance using common business language. During the course we will discuss some current and pending regulations and explore some of the known vulnerabilities, threats and risks facing today's enterprise or agency and some of the more common controls used to defend against a cyber attack.

By the end or our course attendees will gain a broad base understanding of how to incorporate Cybersecurity, Data Privacy and IT Governance components into every audit engagement and how to indoctrinate executive management and the Audit Committee on these topics. We will include several group discussion activities to allow collaboration amongst participants.

Learning Objectives: Build a repeatable and agile Cybersecurity Program that fits the changing regulatory and criminal landscape, Build a repeatable and agile Privacy Program that fits the changing regulatory and criminal landscape, Build a repeatable and agile IT Governance Program that fits the changing regulatory and criminal landscape, Develop Cybersecurity policies and procedures to meet company culture and regulatory requirements. Develop Data Privacy policies and procedures to meet company culture and regulatory requirements. Develop a Data Governance Program that meets regulatory and business Requirements.

This course is only available on-site at your location.

Learning Objectives

What You Will Learn:

  1. Cybersecurity basics including its connection with Information Security and Data Privacy
  2. Data Privacy Fundamental's
  3. Data Governance Fundamental's
  4. Trends in Data Privacy Cybercrime, analysis and technology
  5. NIST Cybersecurity Framework and several related NIST 800 Series Guidelines
  6. Common Privacy Frameworks and Principles
  7. Cybersecurity Regulations - Current and Pending
  8. OCIE Alert2, FFIEC, etc.
  9. Data Privacy Regulations, US and International
  10. The New C-Suite Roles, CDO, CPO, CRO
  11. Critical Components and Success Factors when building or assessing a Cyber, Data Governance and Privacy Programs
  12. Policy Considerations Related to Data/Information
  13. Data Privacy and Cyber Assessments
  14. Cyber Inherent Risk Profile
  15. Cyber Maturity Modeling
  16. Privacy and Cyber Contract Language (SLA, MOU, SOW)
  17. Common cyber related vulnerabilities, threats and possible risks facing enterprises who use the Internet to:, Interact with Consumers, Customers, Suppliers and other Third Parties through computers and mobile devices, Process, Transmit or Store Cardholder or other Personally Identifiable Data, Use Social Media , Use email, chat and Voice Over IP
  18. Other Vulnerabilities that impact CIA:, Metadata Concerns , SSL/TLS, WEP, WPA2, IPv4, IPv6, CVE's/Signatures on the devices and systems we rely upon
  19. Basic Control Suite to defend against Cyber Attacks and better ensure data privacy and management
  20. Incident Program Components and Plan Development
  21. Business Continuity Components and Plan Development
  22. Disaster Recovery Components and Plan Development
  23. MOU/SLA
  24. Minimal Audit Steps to add to every engagement to assure effectiveness against possible cyber attacks (Financial, Operational, IT and Third Party Assessments)
  25. Considerations for Indoctrinating Executive Management and the Audit Committee on Cybersecurity

Framework Connections