2022 Fall Seminar: Security & Audit - CIS Controls Hybrid Meeting

Starts:  Nov 30, 2022 08:00 (ET)
Ends:  Dec 1, 2022 17:00 (ET)
Associated with  Detroit Chapter

Seminar Highlights

  • This session will focus on understanding and auditing the CIS Controls (cisecurity.org).
  • This session is based on the current version (v8) of the controls.
  • Key differences from version 7 of CIS Controls will be discussed.

Key Learning Objectives

  • Understand current control assessment frameworks and their relationship to CIS security controls
  • Understand CIS Controls and related audit objectives and steps
  • Discussion of security and audit tools and techniques

Topics to be Covered

Introduction and Overview

  • CIS Controls overview
  • Implementation Groups
  • Mapping of Controls to NIST Cybersecurity Framework. Mapping of Critical Security Controls to ISO/IEC 27001-2013 etc. (Note: Recent changes in ISO27001 and 27002 will be discussed in relation to CIS Controls Mapping)
  • CIS RAM – Risk Assessment Method
  • CIS Security Benchmarks and relationship to Critical Security Controls
  • Specific Guidance Areas (e.g., for SME and ICS environments)
  • Companion Guides (e.g., Cloud; Mobile)

CIS Controls and Related Audit
Objectives and Audit Steps

  • Inventory and Control of Enterprise Assets
  • Inventory and Control of Software Assets
  • Data Protection
  • Secure Configuration of Enterprise Assets and Software
  • Account Management
  • Access Control Management
  • Continuous Vulnerability Management
  • Audit Log Management
  • Email and Web Browser Protections
  • Malware Defenses
  • Data Recovery
  • Network Infrastructure Management
  • Network Monitoring and Defense
  • Security Awareness and Skills Training
  • Service Provider Management
  • Application Software Security
  • Incident Response Management
  • Penetration Testing

Audit Tools and Techniques

  • Audit Program
  • Security & Audit Resources

About the Seminar

Two-day Seminar

7.5 hours of presentation time, plus (1) hour for lunch and
(4)-10 minute breaks each day

All materials will be sent electronically 
for both in-person and virtual participants.

Cost

ISACA Members: $150 in person, $100 virtual

Non-Members: $325 in person, $275 virtual

Who Should Attend?

This seminar is designed for IT, GRC, IT Audit, Integrated & Operation Auditors
and Vendor Relationship Managers   

Continuing Professional Education Credits (CPEs)

The seminar is structured to allow ISACA chapters to issue up to 15 CPEs.

Registration closes at 12 pm on Wednesday, November 23, 2022.

Location

MSU Management Education Center
811 W Square Lake Rd,
Troy, MI 48098