Comprehensive Review and Audit of Information and Cyber Security Practices
in Internal Control & AuditAbout this course
Internal Audit is the backbone of any organisation's governance and compliance check for led out policy, process and controls. With the advancement in social, mobile, analytics, cloud and IOT technologies and its adoption by enterprise, cybersecurity posture has become one of the cornerstone of an enterprise resilience to cybersecurity threats.
The preparedness for cybersecurity threats and hence organisation risk management capacity is proportionate to the threat, vulnerability, likelihood and impact. Organisation risk management strategy with respect to cybersecurity threats not only depend on tools and technology deployment but policy, process and controls framework as well.
As part of organisation cyber security threat management, every medium and large organisation, often, implements information security management system in line with ISO 27001 standard. These systems are a combination of cyber security policy, process, controls and guidelines. Once the cyber security management system, also called as, Information security management system(ISMS) is implemented, it needs to be regularly audited to validate the compliance and improvement based on new cyber threats. The audit ensures that organisation cyber security strategy is in tune with the laid down process and is it at par with current threat vectors.
Hence, Cyber security Audit is always a difficult task. The stakeholder management becomes critical. There should be constructive discussion with auditee and auditor. The discussions and follow through requires a typical characteristic to be depicted during a fruitful audit exercise.
This course explains the need for internal cybersecurity audit i.e. why, how and what is being done during audits. It explains the preparation phase, audit conducting phase and post audit phase of audit. The soft aspect of audit are as much important as the audit itself. The Do and Don't are very crisply highlighted that can be applied as a practice by the auditors.
At the end of the course, you will be the most sought after auditor by the different unit of organisation.