IT Security Risk Control Management
An Audit Preparation Plan
This course is framed to walk you through building a security program for an organization about to be audited. Even if you don’t think you’re going to be audited, this is still a useful way to approach a security program. If you think you’re not going to be audited, think again.
Even if you aren’t being audited, it’s useful to act as if you will. The threat of outside scrutiny focuses your attention and keeps you from getting sloppy. For some, the fear of an audit is greater than a fear of hackers. Audits force you to be thorough and organized in your work.
This course follows a chronological progression of building a security program and getting ready for audit.
Part I: Getting a Handle on Things. A good way to develop a security program is to design with an audit in mind to focus attention and to ensure that all controls work as described. This section covers the audit focus, asset analysis, risk assessment, and scope design.
Part II: Wrangling the Organization. This section includes chapters on how to design, nurture, and incorporate an IT security program into a dynamic organization over time. You rarely have a chance to design a program when a new company is formed. Most companies are born without security and need it added later as they grow and experience more security incidents. A security professional is always growing and trimming their program to fit the needs of their organization. These chapters cover everything from high-level governance to how you work with the various teams.
Part III: Managing Risk with Controls. Once the risk and scope are fleshed out, controls can be applied to reduce the risk. These series of topics cover the various types of controls and how you can best implement them. This is the biggest section, starting with control design and moving into the implementation details of technical and physical controls.
Part IV: Being Audited. This section covers the process of being audited. Its topics describe how to hire an auditor and the mechanics of various types of formal audits. It also covers the healing power of internal audits and the auditing of your organization’s critical partners and suppliers.
Online Price - R3999.00
Venue Price - R8999.00
Who Should Attend - This course is intended for IT professionals and Managers