Skip to main content

Manager's Guide to CyberSecurity Risk Assessment and Management and Audit Priorities

Date(s): Dec 17, 2018
Time: 8:15AM - 4:30PM
Registration Fee: $279.00
Cancellation Date: Dec 07, 2018
Location: JOHN M. KEEL LEARNING CENTER
City: Austin
Parking Info:

Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.

A course coordinator will Email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.


Course Description

CyberSecurity risks abound and are constantly in the forefront of today’s Information Technology (IT) systems management and internal audit concerns. Known but unmitigated vulnerabilities are among the highest CyberSecurity risks faced by many organizations - known vulnerabilities include: using software and/or hardware beyond the vendor's support lifecycle, declining to implement security patches, or failing to execute security-specific system configuration guidance.

We will explore not only CyberSecurity management and human resources controls, but also a high-level conceptual look at the fundamentals of important technical CyberSecurity controls for protecting valuable information assets and associated resources in today’s highly complex and rapidly changing Cyber world.


Potential CPE Credits: 8.0
Govt Hours: This class meets 8.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 8.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level: INTERMEDIATE
Category: Auditing

Course Objectives

In this seminar, we will discuss:

·        What is CyberSecurity?...Building your CyberSecurity vocabulary

·        Understanding the many faces of CyberSecurity risks, methods to detect them…and what’s necessary to effectively report them to The Board

·        Organization and human resource factors that can increase CyberSecurity within the enterprise

·        Important laws, standards and frameworks relating to CyberSecurity and CyberAudit

Upon completion of this course, participants will be able to:

·        Understand CyberSecurity terminology and associated risks

·        Gain familiarity with CyberSecurity regulatory requirements and best practices

·        How to develop an overall CyberSecurity audit program to effectively assess Cyber risks, including the critical human factor<

·        How to gauge and effectively report CyberSecurity risks to The Board

Course Outline

Defining the CyberSecurity Landscape

• Defining CyberSecurity

• Business Drivers for CyberSecurity

• CyberSecurity and the De-Perimeterization of Information Technology

Facing the Challenges of CyberSecurity Governance, Risk, and Compliance

• Defining CyberSecurity Strategy and Senior Leadership

• Defining the Elements of Risk Management

• Measuring CyberSecurity Risk: CyberSecurity Risk Frameworks

• Notable CyberSecurity Incidents and…Lessons Learned

• Existing, Emerging…and Expanding CyberSecurity Regulatory Compliance Targets

• Summary

Planning Audits of CyberSecurity

• Planning Audits of CyberSecurity

• CyberSecurity/Audit Frameworks

• Tools and Techniques for Conducting CyberSecurity Audits

• Corrective Actions…What to Fix First?

• Sources of Information and Tools

Communicating with Senior Management

• Effectively Communicating CyberSecurity Risks to Senior Management

• CyberSecurity Metrics

Board of Directors – A Dozen CyberSecurity Guideposts


Instructors

Leighton Johnson

Leighton is a Senior Fellow with CPE Interactive focusing on information security and IT audit. In addition to his training role at CPE Interactive, he is CTO of ISFMT, a company focusing on computer security, forensics consulting and certification training, and cybersecurity. He is also the founder and CEO of Chimera Security, a research and development company focusing on cryptography, mobile technology, and cloud computing to create better and more secure solutions for today’s advanced users and providers.

He has over 40 years’ experience in computer security, cybersecurity, software development, communications equipment operations and maintenance, incident response, and forensic investigations. He has taught numerous cybersecurity, anti-terrorism, forensics, and risk management courses both domestically and internationally.

He previously was the Regional CIO and Senior Security Engineer for a large directorate within Lockheed Martin Information Systems and Global Solutions Company.

He is members of the CSA CloudSIRT Working Group developing the model for collaboration among cloud providers, CERT organizations, responders and users; the CSA Security-as-of-Service working group, and other cloud related working groups. He is a contributing author to the “Encyclopedia of Information Assurance”, and authored “Computer Incident Response and Forensics Team Management”, and “Security Controls Evaluation, Testing, And Assessment Handbook”.

He holds certifications in CISM (Certified Information Security Manager), CISA (Certified Information Systems Auditor), CISSP (Certified Information Systems Security Professional), CIFI (Certified Information Forensics Investigator), CSSLP (Certified Secure Software Lifecycle Professional), CAP (Certified Authorization Professional), CRISC (Certified in Risk & Information Systems Control), CMAS (Certified Master Antiterrorism Specialist), FITSP-A (Federal IT Security Professional – Auditor), ATOL2 (DOD Anti-Terrorism Officer Level 2), CAS-CTR (Certified Antiterrorism Specialist – Cyber Terrorism Response) and MBCI (Certified Member Business Continuity Institute).


Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit http://www.sao.texas.gov/training/faq.html.