An intensive professional development training course on
Cybersecurity
Audit Masterclass
The Structure
This comprehensive training course consists of two modules which can be booked as a 10 Day Training event, or as individual, 5 Day training courses.
Module 1 – Cybersecurity Audit Essentials
Module 2 – Auditing a Cybersecurity Programme
The Course Content
Module 1: Cybersecurity Audit Essentials
Day One: IT Security Evolution
- Categorizing Physical and Electronic Risk
- Networking and Communication Technology
- Computer Systems Design
- Legal and Regulatory Considerations
- Current Threat and Trend Analysis
- Review and Case Study
Day Two: Identifying and Responding to Data Breaches - Risk Assessment and Crisis Management
- IPv6 Configuration and Risks
- Domain Name System Security Extensions (DNSSEC)
- Crisis Management Planning
- Forensic and Electronic investigations
- Responding to Business Continuity
- Review and Case Study
Day Three: Preparing the Cybersecurity Audit Scope
- NIST Cybersecurity Framework
- Cyber incident response policy requirements
- COBIT 5 framework
- Audit plan as per the NIST Cybersecurity Framework
- Audit plan using the COBIT 5 framework
- Review and Case Study
Day Four: Executing the Cybersecurity Audit
- Using BowTie method for cybersecurity risk management
- Using AuditXP software for cybersecurity audit
- Creating NIST Cybersecurity Framework audit questionnaire in AuditXP
- Creating COBIT 5 framework audit questionnaire in AuditXP
- Performing the Cybersecurity audit on the example entity
- Review and Case Study
Day Five: Cybersecurity Audit Workshop
- Forming the team, audit plan and the framework
- Executing the audit
- Review of the audit findings
- Preparing recommendations
- Discussing the findings and recommendation and their implementation
- Constant monitoring and upgrade
Module 2: Auditing a Cybersecurity Programme
Day Six: Introduction to cybersecurity
- Vulnerability assessment
- Threat analysis
- Cybersecurity risk assessment
- Cybersecurity program
- Cybersecurity risk auditing
Day Seven: Inventory Security Management
- Inventory authorized and unauthorized devices
- Inventory authorized and unauthorized software
- Secure configurations
- Continuous vulnerability assessment and remediation
- Control use of administrative privileges
- Maintenance, monitoring and analysis of audit logs
Day Eight: Network Security Management
- Email and web browser protection
- Malware defenses
- Security configurations for network devices
- Wireless access control
- Limitation and control of network ports, protocols and services
Day Nine: Data Security Management
- Data protection
- Controlled data access based on need to know
- Data recovery capability
- Boundary defenses
- Account monitoring and control
- Security skills assessment and training
Day Ten: Security Incident Management
- Application software security
- Cybersecurity Incidents
- Incident response management
- Penetration tests
- Red team exercises
The Certificate
- AZTech Certificate of Completion for delegates who attend and complete the training course
