Seminar on Managing and Auditing Cybersecurity – Data, Infrastructure and Applications

When:  Apr 30, 2019 from 08:00 to 16:30 (ET)

DETAILS

After being on the audit side for the first half of his 30-year career, the instructor has spent most of the last 15 years consulting full-time with systems development groups, infrastructure groups, and data center staff, uncovering many cybersecurity control issues which were in many instances overlooked by the most experienced auditors. As a result of these experiences, the instructor has devised unique methods for performing compliance testing that disclose major gaps in an organization’s cybersecurity program. This two-day seminar will focus on auditing cybersecurity at the three layers where the most threats occur: (1) data level (2) infrastructure level, and (3) applications level. In addition, this seminar will include discussions about the latest technologies used, such as containers, and discussions about cloud-based platforms, such as AWS.

 

Case Studies

Two case studies (i.e., one each day) will be presented during the seminar which will provide the attendees the understanding of how to identify flaws within an organizations cybersecurity program and how to establish effective compliance testing. 

Audit Program

An audit program which covers all topics discussed will be distributed as part of the session materials.

Who Should Attend

IT Auditors, Cybersecurity and GRC professionals, IT professionals or anyone interested in growing their skills and knowledge with respect to data protection, privacy, and new technologies.  The cybersecurity skills gap is very pronounced in the areas this course covers and it would be of value to anyone in the field.

Learning Objectives

  • Will be able to identify the production resources which need to be included in-scope for a security access audit
  • Understand the controls that need to be established to prevent traditional access controls from being bypassed
  • Identify key network security, host-level, database and application design initiatives required to prevent cyber security attacks
  • Understand the key components to performing an effective data privacy audit
  • Effective methods for implementing a Cybersecurity program
  • Understanding how new regulations are raising the bar of the expected requirements of a cybersecurity program

AGENDA

  • Cybersecurity overview
  • Understanding the recent cybersecurity regulations and how they are raising the bar of the required security controls
  • Implementing and reviewing audit guidance for DFS Part 500 Cybersecurity Requirements
  • Implementing a cybersecurity program using the NIST and other frameworks
  • Establishing models to drive decision making processes for security technology to be deployed
  • Cybersecurity approaches when using third party service providers
  • Conducting cybersecurity and data privacy audits
  • Alternatives to approaching the Cybersecurity Audits
  • In-depth auditing techniques for Cybersecurity focus areas
  • Implementing and Auditing Incident Management and Data Breach Handling processes which includes enhances requirements mandated by GDPR and other regulations
  • Understanding how controls over production access are being bypassed
    Ineffective security design & management approaches

MEET THE PRESENTER

Mitchell H. Levine, CISA

Founder, Audit Serve

Mitchell Levine is the founder of Audit Serve, Inc. which is an IT Audit & Systems consulting company.   For the last 28 years at Audit Serve, Mr. Levine has split his time between traditional IT & Integrated Audit consulting projects, restructuring IT Departments, Implementing DFS Part 500 Cybersecurity initiatives, PCI Implementations, and performing pre & post-implementation reviews of system migrations.  Mr. Levine spends 220+ days per year consulting which is the basis for the material which is included in the seminars.

Over the past fourteen years Mr. Levine has presented over 110 seminars to twenty-seven different ISACA & IIA chapters.  Mr. Levine also was the primary writer and editor of Audit Vision which is published monthly and has a subscription base of over 3,000 audit & security professionals.

Prior to establishing Audit Serve, Inc. Mr. Levine was an IT Audit Manager at Citicorp where his duties included managing a team of IT Auditors who were responsible for auditing 25+ service bureaus and the corporate financial systems

ADDITIONAL DETAILS

Special Instructions

All Students: Please arrive at 7:30am the first day for registration

ISACA Members from Other Chapters:You will need to bring your ISACA Membership Card to the event to verify your ISACA Membership.

Presentations

Presentations are made available for download after the course completion.  If permission is granted from the instructor, a link to the presentation(s) will be made available along with the CPE certificate.

Requests for Assistance

If you require assistance for an audio, visual, or other disability, please contact the Programs Director, Marvin Muhumuza, to discuss your needs, as soon as possible.  We need as much advance notice as possible to determine whether requests can be accommodated. Thank You.

Cancellation

If you are unable to attend an event, you can cancel your registration. To receive a refund, all cancellations must be received by April 28, 2019. A $15 cancellation fee is charged.

To cancel, access your payment confirmation e-mail message and click the UNREGISTER link.

 

CPE

  • Earn up to 14 Continuing Professional Education (CPE) credits in the area of Specialized Knowledge. The ISACA® GWDC is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: http://www.learningmarket.org.

    CPE Distribution and Evaluation Survey

    CPE's will be distributed via e-mail along with the event evaluation survey after the completion of the event. Attendees must be present the full day to receive full CPE credit.

    CPE-Related Details

    • Prerequisites and Advance Preparation: None
    • Program Knowledge Level: None
    • Delivery Method: Classroom Live / In person

    Cost

    GWDC Member Fee: $650.00
    Other ISACA Chapter Member: $700.00
    Non-Member: $780.00

Location

George Mason University - Arlington
3351 Fairfax Drive
Arlington, VA 22201

Contact

Marvin Muhumuza

programs@isaca-gwdc.org