Internal audit should play a key role in supporting the organisation in reducing cyber risk. Cybersecurity program auditing can serve as the critical barrier between a potential cyber-attack and the organisation. Due to the cost, risk, and reputational damage that can result from a cyber incident or data breach, every organisation needs a cyber strategy and response plan.
Each course segment concludes with a short multiple-choice quiz, requiring an 80% score to pass. Participants can retake these quizzes as often as needed to achieve mastery. After completing all segments, participants must pass a 40 multiple-choice certificate exam. The exam allows up to three attempts before a retake fee is required.
Date
Durée
Tarif HT
Lieu
Horaire
Places
Crédits CPE
Fiche formation
Date: 02/06/2025
Durée: 2,5 jours*
Adhérents: 1900 €
Non adhérents : 2400 €
Lieu: Classe-virtuelle-anglais
Horaires 5*9h-13h
Crédits CPE: 20
Date: 29/09/2025
Durée: 2,5 jours*
Adhérents: 1900 €
Non adhérents : 2400 €
Lieu: Classe-virtuelle-anglais
Horaires 5*9h-13h
Crédits CPE: 20
Date: 17/11/2025
Durée: 2,5 jours*
Adhérents: 1900 €
Non adhérents : 2400 €
Lieu: Classe-virtuelle-anglais
Horaires 5*9h-13h
Crédits CPE: 20
This program is intended for operational internal auditors and audit leaders who want to deepen their understanding and gain recognition of their cybersecurity knowledge.
Fundamentals of Cybersecurity or equivalent knowledge
Live sessions
Participants who complete the course are eligible to sit for the certificate exam which is administered on The IIA’s LMS platform
Live sessions
Participants who complete the course are eligible to sit for the certificate exam which is administered on The IIA’s LMS platform
– Recognize what drives cyber risk and how internal audit can assess control effectiveness
– Identify how to assess data storage solutions
– Define digital transformation, digitalization risks, and associated controls
– Recognize characteristics of a typical, timely patch management process
– Explain key concepts relating to the vulnerability management program, including commonly applied vulnerability management maturity models
– Identify how automation of business impacts the methods used in audit testing
– Investigate méthodes to reduce risk exposure from common API and web services vulnerabilities
– Determine how to mitigate risk exposure from common privileged access management vulnerabilities
– Identify methods to adjust audit approches for DevSecOps
– Review how to mitigate risk exposure from common SoD vulnerabilities in DevSecOps Applications
– Understand internal audit’s role in continuous monitoring and continuous auditing
– Recall objectives and methods deployed in red team exercises
– Recall important factors relating Security Operations Centers (SOC) and incident management, monitoring, detection, and response frameworks
-Identify controls, and associated assessments, needed to operate a SOC
Unit 1 : Auditing the Cybersecurity Program :
– Importance of the cybersecurity Program
– Drivers of cybersecurity risk
– Manage cybersecurity risk
– The cybersecurity program audit plan
Unit 2 : Auditing Storage Management Solution and Containers :
– Overview of storage management solutions and containers
– Data storage compliance landscape
– Auditing ephemeral and micro-services
– Cloud provider data storage tools and their benefits
– Adopting continuous auditing for data protection, retention, and destruction
Unit 3 : Auditing Digital Transformation and Digitization Programs :
– Key concepts of digital transformation and digitization
– Digital technologies and risks
– Internal audit’s role in digital initiatives
– Auditing digitization programs
– Auditing digital transformation programs
Unit 4 : Auditing the Vulnerability Management Program
– Vulnerability management program overview
– Understand common vulnerability management maturity models used to assess organizational cybersecurity vulnerabilities
– Review key metrics for auditing the vulnerability program
– How to implement appropriate actions when auditing vulnerabilities
Unit 5 : Auditing the Patch Management Program
– Key concepts of patch management
– Understand typical, timely patch management process
– How the patch management program reduces cybersecurity risk and organizational vulnerabilities
– How the patch management program reduces data breach risk and loss
Unit 6 : Auditing automation
– Automation impact on audit testing
– Effective audit automation
– Visualize the risks of automation when establishing the internal audit scope
– Auditing automation
Unit 7 : Auditing API and Web Services
– API and web services overview
– Audit and test API and web services security
– Reduce API-bases web services risk
Unit 8 : Auditing privileged Access Management
– Key concepts of privileged access management
– Types and purposes of privileged access management
– Inventory and audit privileged access management
– Mitigate risk exposure from common privileged access management cyberattacks
Unit 9 : Auditing DevSecOps
– DevSecOps overview
– The DevSecOps development process
– Issues and controls
– Auditing DevSecOps
Unit 10 : Auditing Continuous Monitoring
– Auditing continuous monitoring process components
– Internal audit’s role in incorporating data analytics and continuous monitoring into the organization
– Develop a simplified yet high-impact reporting mechanism to meet a variety of stakeholders needs
– Continuous monitoring, high impact reporting, agile audit approach and dynamic risk assessment methodologies
Unit 11 : Auditing Red, Blue, and Purple Team Testing
– Overview of the kill chain and types of attacks
– Points of vulnerability as it relates to people, technologies and systems
– Identify areas of improvement in defensive incident response processes across every phase of the kill chain
– Establish the organization’s first-hand experience to detect and contain a targeted attack
Unit 12 : Auditing the Security Operations Center (SOC)
– Key concepts of the SOC
– SOC processes and checklists
– Controls needed to operate a SOC
L’IFACI est membre de
The Institute of Internal Auditors
L’IFACI est membre de l’ECIIA
© Copyright 2024 – IFACI
