Course Information
What You Will Learn
Course Curriculum
1) Cybersecurity vs Audit’s Role :
Digital Asset Protection; Lines of Defense; Role of Audit; Audit Objectives; Audit Scope
2) Cybersecurity Governance :
Security Organization Goals and Objectives; Cybersecurity Risk Assessment; Service Providers; Performance Measurement
3) Cybersecurity Operations – Cyberattacks :
Threat Assessment; Cybersecurity Measures; Vulnerability Management; Penetration Testing; Red Team/Blue Team/Purple Team Exercises
4) Cybersecurity Operations – Identity and Access Management :
Enterprise Identity and Access Management; Identity Management; Federated Identity Management; Key Objectives of Identity Management; Provisioning and Deprovisioning; Authorization; Privileged User Management and Controls; Third-party Access; Authentication Protocols; Configuration Management; Asset Management; Change Management; Patch Management; Network Security; Security Architecture; Security Perimeter; Network Perimeter; Interdependencies; Network Architecture; Remote Access; System Hardening
5) Cybersecurity Operations – Security Measures :
Incident Management; Digital Forensics; Client Endpoint Protection; Security within SDLC; Data Backup and Recovery
6) Cybersecurity Operations – Compliance and Cryptography :
Security Compliance; Cryptography
7) Security Technologies :
Firewall and Network Security technologies; Security Incident & Event Management (SIEM); Wireless Technology; Cloud Computing; Mobile Security; Internet of Things (IoT)
8) Correlations with COBIT
COBIT control objectives for the Cybersecurity Audit according to the NIST Cybersecurity Framework
Group exercises and practical examples
1) Basic concepts of Vulnerability Management
Main vulnerabilities, how and when to carry out an assessment and with which tools, remediation plan, criticality prioritization, reporting and classification.
2) Basic concepts of Penetration Testing and guidelines:
What is it for, who does it, when it should be done, Definition of the scope, recommendations on the use of tools, Non-Disclosure Agreement, etc.
3) Notes on the main frameworks that can be used (PCI, OSSTMM, etc.)
4) Phases of the PT with a focus on the attack phase
5)Definition, roles and skills of Blue/Red/Purple Team
6) Presentation and reasoned reading of a real Vulnerability Assessment and PenTest report
1) Fundamentals of Vulnerability Assessment for LAN networks
– Main types of host and application vulnerabilities
– The Vulnerability Assessment activity (Phases, standards, subjects involved, the final report)
– Vulnerability research (“Manual” research; General purpose vulnerability scanner (Nessus and OpenVas); Vulnerability scanner for web applications)
2) Fundamentals of Penetration Testing of LAN networks
– Penetration Testing activities
– Differences compared to VA
– Types of PenTest
– Critical issues in carrying out a PenTest
– The final report
– Frameworks that can be used for the Penetration Test of LAN networks
3) Group exercises and practical examples
Get the Full Syllabus as a PDF
Curriculum, exam format & everything included — sent straight to your inbox.
All You Need to Know
IT Auditors, Security Professionals, CISOs, Audit/Assurance professionals, IT Risk professionals, IT Risk Managers. The course is also aimed at Managers, Professionals, and Lawyers who wish to acquire the basic skills needed to understand cybersecurity risk scenarios, vulnerabilities, and threats, as defined by the NIST Cybersecurity Framework, internationally recognized as the cybersecurity reference framework.
A basic understanding of cybersecurity fundamentals is recommended for participation in this course.
If you are completely new to this knowledge, supplementary e-learning sessions are available upon request.
The course includes the slides presented during the lectures.
Those who intend to take the exam will also receive the Official ISACA “Cybersecurity Audit Certificate Study Guide” in electronic format by purchasing the exam voucher.
The guide explores the following topics: Cybersecurity and the Audit’s role, Cybersecurity Governance, Cybersecurity Operations, case studies, examples, and insights into specific areas of Cybersecurity technologies.