Course on IT Audit and Security Risk Management (or How to Focus on Cybersecurity in the Organization)

 

With the increasing number of devices connected to the IT infrastructure, massive transition to remote operation caused by Covid-19 and the martial law in Ukraine, the boundaries of the network perimeter of companies have expanded significantly in recent years. This leads to an increased number of cyberattacks in the world every day. In addition, cyberattacks are becoming more regular and complex. So, is it time to update your knowledge of cybersecurity so as not to leave any chance to intruders?

 

The course focuses on the tools and techniques used in organizations to support cybersecurity decision-making. The knowledge and tools of the course are used in the practice of security managers, security analysts, compliance managers, risk managers, auditors, consultants, and are required for professional certificates in these areas.

 

40 academic hours of the course involve:

  • ways to structure the technological environment in the organization (for example, the audit universe in auditing, risk register in risk management, DPIA (data privacy impact assessment) in privacy management, BIA (business impact analysis) in continuity management);
  • ways to determine the importance of the element in the environment (risk assessment techniques, methodologies and tools, including the role of artificial intelligence, such as sampling during audits, FAIR (Factor Analysis for Information Risk) in risk management, modeling scenarios with MITER Att&ack, ROSI (Calculation of Return on Security Investments) from ENISA, vulnerability assessment from FIRST, etc.);
  • ways to meet ever-increasing regulatory requirements (HIPAA, SOX, GDPR, EU Cybersecurity act, laws and regulatory requirements of Ukraine on cybersecurity of critical infrastructure, etc.) and best practices (CMMC, CIS Controls, ISO 27k, 31k, 22301, NIST RMF, CSA, COBIT, etc.), which form the audit criteria, risk factors in risk management, safety margins;
  • ways of forming professional opinion (the concept of professional ethics; audit evidence in auditing, data quality in risk management, forensic in security, etc.);
  • ways to develop solutions in conditions of uncertainty (for example, effective advice and recommendations in audit, risk management plans in risk management, design of control in internal control system, business continuity planning);
  • basics of reporting and communication on cybersecurity in the organization and the role of professionals in it;
  • continuous improvement (follow-up during the audit, risk monitoring in risk management, self-assessment of compliance).

 

Course program

Module 1: Environment (8 hours)

Module 2: Risk (4 hours)

Module 3: Compliance (4 hours)

Module 4: Professionals (4 hours)

Module 5: Solutions (8 hours)

Module 6: Reporting (4 hours)

Module 7: Maturity (4 hours)

 

Modules can be listened to separately. The success of the course is determined by the test results.

 

DOWNLOAD THE DETAILED COURSE PROGRAM

 

The course is read by Anastasia Konoplyova

Anastasia is a certified trainer, the holder of certificates CISA, CRISC, CDPSE, Director of UAG LLC (continuity since 1999), President of ISACA Kyiv 2018-2020, Master of Economics (Economic Cybernetics), has experience in auditing and consulting since 2005 for companies from 5 to 40,000 employees in implementation and control of information security management systems, business continuity plans, audit of information systems, implementation of consulting projects on process automation, electronic document management and archiving, implementation of operational risk management systems, audit of financial statements, capital, credit risks.

 

The cost of the program - to be specified

Date —– on request

Venue and format are discussed individually

 

If you have any questions — call/write +38 095 310 -17- 82 (WhatsApp, Viber) or academy@bdo.ua

 

 

Key Contact