Each year in the United States and around the world regulations are enhanced to further protect citizens and nations form those wanting to gain from others. This five-day course will focus on three highly relevant topics concerning corporations and individuals today: Cyber Security, IT Governance and Data Privacy.
The program is designed to heighten an Auditor's knowledge of Cybersecurity, Data Privacy and IT Governance using common business language. During the course we will discuss some current and pending regulations and explore some of the known vulnerabilities, threats and risks facing today's enterprise or agency and some of the more common controls used to defend against a cyber attack.
By the end or our course attendees will gain a broad base understanding of how to incorporate Cybersecurity, Data Privacy and IT Governance components into every audit engagement and how to indoctrinate executive management and the Audit Committee on these topics. We will include several group discussion activities to allow collaboration amongst participants.
Learning Objectives: Build a repeatable and agile Cybersecurity Program that fits the changing regulatory and criminal landscape, Build a repeatable and agile Privacy Program that fits the changing regulatory and criminal landscape, Build a repeatable and agile IT Governance Program that fits the changing regulatory and criminal landscape, Develop Cybersecurity policies and procedures to meet company culture and regulatory requirements. Develop Data Privacy policies and procedures to meet company culture and regulatory requirements. Develop a Data Governance Program that meets regulatory and business Requirements.
This course is only available on-site at your location.
Learning Objectives
What You Will Learn:
- Cybersecurity basics including its connection with Information Security and Data Privacy
- Data Privacy Fundamental's
- Data Governance Fundamental's
- Trends in Data Privacy Cybercrime, analysis and technology
- NIST Cybersecurity Framework and several related NIST 800 Series Guidelines
- Common Privacy Frameworks and Principles
- Cybersecurity Regulations - Current and Pending
- OCIE Alert2, FFIEC, etc.
- Data Privacy Regulations, US and International
- The New C-Suite Roles, CDO, CPO, CRO
- Critical Components and Success Factors when building or assessing a Cyber, Data Governance and Privacy Programs
- Policy Considerations Related to Data/Information
- Data Privacy and Cyber Assessments
- Cyber Inherent Risk Profile
- Cyber Maturity Modeling
- Privacy and Cyber Contract Language (SLA, MOU, SOW)
- Common cyber related vulnerabilities, threats and possible risks facing enterprises who use the Internet to:, Interact with Consumers, Customers, Suppliers and other Third Parties through computers and mobile devices, Process, Transmit or Store Cardholder or other Personally Identifiable Data, Use Social Media , Use email, chat and Voice Over IP
- Other Vulnerabilities that impact CIA:, Metadata Concerns , SSL/TLS, WEP, WPA2, IPv4, IPv6, CVE's/Signatures on the devices and systems we rely upon
- Basic Control Suite to defend against Cyber Attacks and better ensure data privacy and management
- Incident Program Components and Plan Development
- Business Continuity Components and Plan Development
- Disaster Recovery Components and Plan Development
- MOU/SLA
- Minimal Audit Steps to add to every engagement to assure effectiveness against possible cyber attacks (Financial, Operational, IT and Third Party Assessments)
- Considerations for Indoctrinating Executive Management and the Audit Committee on Cybersecurity