ISACA Chicago Chapter - Spring Seminar: Managing and Auditing Cybersecurity – Data, Infrastructure and Applications
Presented by: Audit Serve, Inc. Speaker - Mitch Levine
2 day Seminar - 16 CPEs
Dates: June 24-25, 2019
Location: Conference Center at One North Wacker
1 North Wacker Drive 2nd Floor - Michigan II Conference Room
Chicago, IL, 60606
ISACA Member fee: $475.00
Non-Member fee $575. 00
ISACA Member In-transition/student fee $150.00
Handout, refreshments and lunch included.
Contact (bobpardon@aol.com; or
630-292-6244
) for questions.
Seminar Objective/Background
After being on the audit side for the first half of his 30-year career, the instructor has spent most of the last 15 years consulting full-time with systems development groups, Infrastructure groups and data centers, uncovering many cybersecurity control issues which were in many instances unknown to the most experienced auditors. The instructor has devised unique methods for performing compliance testing which disclose major gaps in an organization’s cyber security.
Attendees will achieve the following learning outcomes:
• Will be able to identify the production resources which need to be included in-scope for a security access audit
• Understand the controls that need to be established to prevent traditional access controls from being bypassed
• Identify key network security, host-level, database and application design initiatives required to prevent cyber security attacks
• Understand the key components to performing an effective data privacy audit
• Effective methods for implementing a Cybersecurity program
• Understanding how new regulations are raising the bar of the expected requirements of a cybersecurity program
Seminar Length
Two days (7 ½ -hour presentation time per day plus 1-hour lunch and four 10-minute breaks per day)
Who Should Attend
This seminar is designed for senior IT Auditors, Security and GRC personnel. No prerequisites or advanced preparation is required.
Continuing Professional Education Credits
All attendees are eligible to receive 16 hours of continuing professional education (CPE) credits by attending. These credits are recognized by the National Association of State Boards of Accountancy (NASBA). The CPE field of study is Accounting and Auditing.
Audit Serve is registered with the National Association of State Boards of Accountancy (NASBA), as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit.
Seminar Outline - The following topics will be discussed:
Day 1
• Cybersecurity overview
• Understanding the recent cybersecurity regulations and how they are raising the bar of the required security controls
• Detailed implementation and audit guidance for DFS Part 500 Cybersecurity Requirements for Financial Institutions, how they are being adopted by other states, and how the March 1, 2019 deadline to complete vendor due diligence oversight programs are impacting many organizations across the US
• Implementing a Cybersecurity program using the NIST and other frameworks
• Establishing models to drive decision making processes for security technology to be deployed
• Cybersecurity approaches when using third party service providers
Day 2
• Conducting Cybersecurity and Data Privacy Audits
• Alternatives to approaching the Cybersecurity Audits
• In-depth auditing techniques for Cybersecurity focus areas
o Network Security
o Host-level Security
o Database security
o Application and mid-tier security
o Control of PII
o Data Loss Prevention
• Implementing and Auditing Incident Management and Data Breach Handling processes which includes enhances requirements mandated by GDPR and other regulations
• Understanding how controls over production access are being bypassed
• Ineffective security design & management approaches
Case Studies
Two case studies (i.e., one each day) will be presented during the seminar which will provide the attendees the understanding of how to identify flaws within an organizations cybersecurity program and how to establish effective compliance testing.
Audit Program
An audit program which covers all topics discussed will be distributed as part of the session materials.