How to Perform an Information Security Audit

We are glad to bring you a course to learn how to perform information security audits.

This course is ideal for:

1. IT and information security professionals who wish to learn techniques on how to assess the security of their information and the vulnerability of their information systems; and

2. Auditors or others performing assessments who wish to learn more about performing information security audits.

The course will give you the knowledge and tools necessary to perform information security audits, starting from how to plan them, how to perform and how to report on the results of the engagement. It will teach you about which threats to assess and which controls should be put in place.

It is taught by Adrian Resag, an experienced and CISA certified information security auditor who has decades of experience evaluating information security, IT and ISO 27001 in many organizations.

The course covers:

Performing Information Security Audits

Planning Engagements

• Understand how to properly plan engagements by determining their objectives, criteria and scope.

• Know how to create working papers to document an audit and learn about different ways to staff an audit.

Performing Engagements

• Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.

Communicating Progress and Results

• Learn how to communicate engagement results and the process of acceptance of risks. Learn how to monitor progress on the implementation status of internal audit recommendations.

Information Security Threats and Controls

Threats to information security

• Know about which threats to information security should be assessed, including threats to the integrity of data, confidentiality and the availability of data.

• Be able to evaluate privacy risks, risks from smart devices, insider threats, illicit software threats and cybersecurity threats amongst others.

• Be able to evaluate risks by using the Asset-Threat-Vulnerability triangle.

Controls over information security

• Know about the different types of information security controls, including IT general controls.

• Be able to put in place a solid governance over information security, such as by putting in place IT management and governance controls.

• Be able to implement the segregation of IT duties and IT departmentalization, an information security framework and cybersecurity governance and policies.

• Be able to apply the Three Lines of Defense Model in cybersecurity.

• Learn about controls such as identity access management and authentication, encryption and firewalls, data privacy and protection controls.

• Know about application and access controls, technical IT infrastructure controls, external connections controls and 3rd party information security controls.

Who this course is for:

• Current or future IT and information security professionals who wish to learn techniques on how to assess the security of their information and the vulnerability of their information systems.
• Auditors or others performing assessments who wish to learn more about performing information security audits.