Course Information
Cybersecurity for Non-IT Auditors
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
Cybersecurity is the highest risk and at the top of the minds of C-suite members at every company. This course will provide a practitioner’s viewpoint for both audit and cybersecurity professionals. Beginning with underlying fundamentals of cybersecurity, then going step by step through the primary focus areas, risk prioritization and key audit steps. This is a course for any auditor wanting to learn how to address cybersecurity as a key audit risk.
Course Objectives
Objectives:
• Select and implement a cybersecurity framework
• Audit against a cybersecurity framework
• Develop a prioritized remediation plan
• Audit cybersecurity maturity
Outline:
I. Overview/Key Terms
II. Primary Focus Areas
a. Protection
i. Top 4 Control Frameworks
ii. PCI DSS
iii. ISO 27001 / 27002
iv. CIS Critical Security Controls
v. NIST CSF (Cybersecurity Framework)
b. Detection
i. Technical Controls designed to discover the occurrence of a cybersecurity event in a timely
manner
ii. Review Examples of Detection Capabilities
c. Response
i. Crisis Management
ii. Incident Response
d. Recover
i. Resilience
1. Business Continuity
2. Disaster Recovery
III. Continuous Improvement
a. Cyber Security Strategy Review
IV. IT Risk Management
a. IT Risk Prioritization
b. IT Risk Register
c. Executive Reporting
V. Key Audit Steps
a. Three Levels of Review
b. Tone
c. Modifiers
VI. Summary and Wrap-Up
Prerequisites
Prerequisite not required.
YB 4.23 (k)
Instructors
Pedro Serrano has over 35 years of experience managing and installing technical controls in networks around the world, 20 of those in military systems. Previously Pedro was a former CISO, Network Security for an integrated healthcare system as well as Security Architect for major Oil and Gas Exploration company, today he is CDW’s Security Solutions Executive. He holds two postgraduates’ degrees one in Telecommunications Management and Computer Science and serves in the Board of Directors of The Information System Security Association (ISSA) chapter in Tulsa, and BSides Oklahoma. He also serves as an advisor to the Latino Leadership Institute and is a graduate from the Leadership Oklahoma program. Pedro holds the CISSP certification from ISC2.
• CDW Security Solutions Executive
• 35+ years of experience executing technical controls in networks around the world, 20 of those in military systems.
• Previously former CISO, Network Security for an integrated healthcare system as well as Security Architect for major Oil and Gas Exploration company
• Postgraduates’ degrees:
• Telecommunications Management (OSU)
• Computer Science – Cybersecurity (TU)
• Member of the Board of Directors of The Information System Security Association (ISSA) chapter in Tulsa
• Founding member of BSides Oklahoma. (BSidesok.com)
• Graduate from the Leadership Oklahoma program
Additional Information
TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.
If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.
To see answers to our Frequently Asked Questions, visit Texas State Auditor's Office - Professional Development FAQs