Professional Course

Logging In: Auditing Cybersecurity in an Unsecure World

The Institute of Internal Auditors, Inc., Online (+10 locations)
2 days
2 days

Course description

IIA- Logging In: Auditing Cybersecurity in an Unsecure World

Logging In: Auditing Cybersecurity in an Unsecure World- Reducing IT Risks 

In this Institute of Internal Auditors (IIA) Logging In: Auditing Cybersecurity in an Unsecure World course, professionals will develop an understanding of cybersecurity concepts that can be used to facilitate integrated audit efforts. Considering that the average data breach costs a U.S.- based business $5.4 million, cybersecurity is a hot topic in business IT and a major challenge in internal auditing today.

Cybersecurity is as much a business risk as it is a security one, and this IIA course, facilitated by leading IT industry experts, will examine preventive, detective, and corrective controls, as well as how to apply the audit process to a cloud environment. 

Do you work at this company and want to update this page?

Is there out-of-date information about your company or courses published here? Fill out this form to get in touch with us.

Who should attend?

This course is designed for internal auditors involved in IT audits or those involved in audit activities that require an understanding of how to manage the impact of cybersecurity events on business risks.

There are no prerequisites or advance preparation required for this course. 

Training content

The outline for this course is as follows:

Overview of Cybersecurity

What is Cybersecurity?

  • Definition of Cybersecurity
  • Misconceptions
  • Cybersecurity Evolution
  • Types of Risks and Controls

Preventive Controls

  • Purpose of Preventive Controls
  • Types of Attackers
  • Threat Models
  • Anatomy of a Breach 
    • “The Breach Quadrilateral

Preventing Cyber Incidents

  • Network Controls (Internal and External)
  • Domain and Password Controls
  • Access Methods and User Awareness
  • Application Security
  • Secure Software Development Lifecycle (SSLDC)
  • Data Controls
  • Host and Endpoint Security
  • Vulnerability Management
  • Security Testing

Detective & Corrective Controls

  • Purpose of Detective Controls
  • Detecting Cyber Incidents
  • Log Detail Concepts
  • Security Information and Event Management (SIEM)
    • Traditional Silo-Specific Model
    • Alert Rules
    • Correlation Rules
  • Data and Asset Classification 

  • Purpose of Corrective Controls
  • Incident Response and Investigation Process
    • Incident Scoping and Evidence Preservation
    • Forensic Analysis
    • Defining Period of Compromise
    • Evaluating Risk of Harm to Information
    • Production of Data for Review
  • Corrective Actions
    • Incident Response Tasks
    • Identifying Potential Evidence Sources
  • Detection Dependencies
    • Understanding the Scope of the Breach
    • Identifying Compromised Systems and Applications
    • Determining Scope of Information to Be Preserved
    • Preparing for Future Media and Legal Inquiries

Cybersecurity Risks, Cyber Liability Insurance, and State Notification Laws

  • Mitigating Costs and Risks
    • Organizational Programs
    • Specific Preparation Tasks
    • Response Documentation
    • Data Segregation
    • Network and Application Patch Management
    • Backup and Archiving Solutions
    • Enterprise Monitoring Solutions
  • Insurance Overview
    • Security and Privacy Liability
    • Regulatory Defense and Penalties
    • Payment Card Industry Fines and Penalties
    • Breach Response Costs
  • Notification Law Overview
    • Who the Laws Apply To
    • What the Laws Do

Applying the Audit Process to a Cloud Environment or Third-Party Service Provider

  • Cloud Providers
    • Assessing the Provider
    • Evaluating the Data
    • Selecting the Provider
    • Annual Assessment/Service Organization Control (SOC) Reports
  • Third-Party Service Providers
    • Contractual Risks
    • Vendor Management Program
    • Individual Contractor Management/Security

The Mobile Environment, Bring Your Own Device (BYOD), and Social Networking

  • Mobile Computing Risks, Control Activities, and Incident Management
  • BYOD Risks, Control Activities, and Incident Management
  • Social Networking Risks, Control Activities, and Incident Management

Cyber Standards

  • Common Standards
    • ISO 2700 Series
    • NIST sp800 Series
  • Common Uses
    • Completeness vs. Correctness
    • Governance Mapping for Regulatory and Insurance Needs

Auditing Common Security Solutions

  • SEIM
  • Data Loss Prevention (DLP)
  • Intrusion Detection System (IDS)/Intrusion Prevention System (IPS)
  • Network Segmentation
  • Encryption


In order to ensure that you receive pricing best suited to your situation, please refer to IIA's website as well as to find out more about IIA's on-site training opportunities. 

Certification / Credits

Certified Internal Auditors (CIAs) completing this course are eligible to receive 16 ​Continuing Professional Education (CPE) hours. 

The Institute of Internal Auditors, Inc.

The Institute of Internal Auditors- Training from the Auditing Industry's Leading Authority 

The Institute of Internal Auditors (IIA) is the global voice and leading educator for the internal auditing profession, providing innovative internal audit training as well as engaging, facilitated learning opportunities for its members and customers. IIA auditing courses help you add value...

Read more and show all training delivered by this supplier