How to Perform an Information Security Audit

What you need to know to perform information security audits

4.75 (22 reviews)

Udemy

platform

English

language

Network & Security

What you will learn

Understand how to properly plan engagements by determining their objectives, criteria and scope.

Know how to create working papers to document an audit and learn about different ways to staff an audit.

Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.

Learn how to communicate engagement results and the process of acceptance of risks. Learn how to monitor progress on the implementation status of internal audit

Know about which threats to information security should be assessed, including threats to the integrity of data, confidentiality and the availability of data.

Be able to evaluate privacy risks, risks from smart devices, insider threats, illicit software threats and cybersecurity threats amongst others.

Be able to evaluate risks by using the Asset-Threat-Vulnerability triangle.

Know about the different types of information security controls, including IT general controls.

Be able to put in place a solid governance over information security, such as by putting in place IT management and governance controls.

Be able to implement the segregation of IT duties and IT departmentalization, an information security framework and cybersecurity governance and policies.

Be able to apply the Three Lines of Defense Model in cybersecurity.

Learn about controls such as identity access management and authentication, encryption and firewalls, data privacy and protection controls.

Know about application and access controls, technical IT infrastructure controls, external connections controls and 3rd party information security controls.

Why take this course?

We are glad to bring you a course to learn how to perform information security audits.

This course is ideal for:

IT and information security professionals who wish to learn techniques on how to assess the security of their information and the vulnerability of their information systems; and
Auditors or others performing assessments who wish to learn more about performing information security audits.

The course will give you the knowledge and tools necessary to perform information security audits, starting from how to plan them, how to perform and how to report on the results of the engagement. It will teach you about which threats to assess and which controls should be put in place.

It is taught by Adrian Resag, an experienced and CISA certified information security auditor who has decades of experience evaluating information security, IT and ISO 27001 in many organizations.

The course covers:

Performing Information Security Audits

Planning Engagements

Understand how to properly plan engagements by determining their objectives, criteria and scope.
Know how to create working papers to document an audit and learn about different ways to staff an audit.

Performing Engagements

Learn how to collect engagement information and then analyze and evaluate it. Learn how to supervise engagements.

Communicating Progress and Results

Learn how to communicate engagement results and the process of acceptance of risks. Learn how to monitor progress on the implementation status of internal audit recommendations.

Information Security Threats and Controls

Threats to information security

Know about which threats to information security should be assessed, including threats to the integrity of data, confidentiality and the availability of data.
Be able to evaluate privacy risks, risks from smart devices, insider threats, illicit software threats and cybersecurity threats amongst others.
Be able to evaluate risks by using the Asset-Threat-Vulnerability triangle.

Controls over information security

Know about the different types of information security controls, including IT general controls.
Be able to put in place a solid governance over information security, such as by putting in place IT management and governance controls.
Be able to implement the segregation of IT duties and IT departmentalization, an information security framework and cybersecurity governance and policies.
Be able to apply the Three Lines of Defense Model in cybersecurity.
Learn about controls such as identity access management and authentication, encryption and firewalls, data privacy and protection controls.
Know about application and access controls, technical IT infrastructure controls, external connections controls and 3rd party information security controls.

Screenshots

How to Perform an Information Security Audit - Screenshot_01

How to Perform an Information Security Audit - Screenshot_02

How to Perform an Information Security Audit - Screenshot_03

How to Perform an Information Security Audit - Screenshot_04

Reviews

Yasemin

July 13, 2023

I took several courses of this instructor. The second part of the course consist of same content that is present in other courses. Thus, it really does not help in terms of learning new things. However, part one related with ıs and controls which is really helpful to understand it audit and enhance your knowledge on ıs. Overall, it is quiet clear and conceise delivery and material for beginners in audit.

Olu

January 22, 2023

The explanation is not detailed for beginners to understand the concept in real-life scenarios but just reading PowerPoint.

Japheth

January 6, 2023

The course was a good match. It has added significant knowledge in my professional development in Information systems.

Charts

Price

Rating

Enrollment distribution

How to Perform an Information Security Audit - Distribution chart