Logging In: Auditing Cybersecurity in an Unsecure World

The outline for this course is as follows:

Overview of Cybersecurity

What is Cybersecurity?

• Definition of Cybersecurity
• Misconceptions
• Cybersecurity Evolution
• Types of Risks and Controls

Preventive Controls

• Purpose of Preventive Controls
• Types of Attackers
• Threat Models
• Anatomy of a Breach 
  • “The Breach Quadrilateral

Preventing Cyber Incidents

• Network Controls (Internal and External)
• Domain and Password Controls
• Access Methods and User Awareness
• Application Security
• Secure Software Development Lifecycle (SSLDC)
• Data Controls
• Host and Endpoint Security
• Vulnerability Management
• Security Testing

Detective & Corrective Controls

• Purpose of Detective Controls
• Detecting Cyber Incidents
• Log Detail Concepts
• Security Information and Event Management (SIEM)
  • Traditional Silo-Specific Model
  • Alert Rules
  • Correlation Rules

• Data and Asset Classification 

• Purpose of Corrective Controls
• Incident Response and Investigation Process
  • Incident Scoping and Evidence Preservation
  • Forensic Analysis
  • Defining Period of Compromise
  • Evaluating Risk of Harm to Information
  • Production of Data for Review
• Corrective Actions
  • Incident Response Tasks
  • Identifying Potential Evidence Sources
• Detection Dependencies
  • Understanding the Scope of the Breach
  • Identifying Compromised Systems and Applications
  • Determining Scope of Information to Be Preserved
  • Preparing for Future Media and Legal Inquiries

Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws

• Mitigating Costs and Risks
  • Organizational Programs
  • Specific Preparation Tasks
  • Response Documentation
  • Data Segregation
  • Network and Application Patch Management
  • Backup and Archiving Solutions
  • Enterprise Monitoring Solutions
• Insurance Overview
  • Security and Privacy Liability
  • Regulatory Defense and Penalties
  • Payment Card Industry Fines and Penalties
  • Breach Response Costs
• Notification Law Overview
  • Who the Laws Apply To
  • What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider

• Cloud Providers
  • Assessing the Provider
  • Evaluating the Data
  • Selecting the Provider
  • Annual Assessment/Service Organization Control (SOC) Reports
• Third-Party Service Providers
  • Contractual Risks
  • Vendor Management Program
  • Individual Contractor Management/Security

The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking

• Mobile Computing Risks, Control Activities, and Incident Management
• BYOD Risks, Control Activities, and Incident Management
• Social Networking Risks, Control Activities, and Incident Management

Cyber Standards

• Common Standards
  • ISO 2700 Series
  • NIST sp800 Series
• Common Uses
  • Completeness vs. Correctness
  • Governance Mapping for Regulatory and Insurance Needs

Auditing Common Security Solutions

• SEIM
• Data Loss Prevention (DLP)
• Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
• Network Segmentation
• Encryption