Skip to main content

Cybersecurity Framework

Back to Course Schedule
Date(s): Jun 15, 2021 - Jun 16, 2021
Time: 8:00AM - 4:30PM
Registration Fee: $429.00
Cancellation Date: Jun 08, 2021
Location: Online

Course Description

Since 2014 a large number of industries and special interest groups have created cybersecurity standards. All of these standard frameworks have been designed with a series of risk mitigating controls that are to be integrated into back off technology processes and front office business practices. Unfortunately to date all standard frameworks have failed to include a management system that would allow organizations to provide oversight including governance, risk management, internal audit, compliance management, continual improvement, communications, vulnerability management, incident management, awareness training, asset management, and continual management monitoring. Participants attending this course are going to leave with the skills necessary to initiate, plan, execute and control the adoption and integration of their own cybersecurity management system.


Potential CPE Credits: 16.0
Govt Hours: This class meets 16.0 hours of the 24-hour requirement for governmental CPE under Government Auditing Standards (yellow book), in most cases.
Technical Hours: This class meets 16.0 CPE credits of technical training in compliance with Texas Admin. Code Rule 523.102.

Instruction Type: Live
Experience Level: BEGINNING
Category: 02 Auditing

Course Objectives

Upon completion of this course, participants will be able to:

         Understand the principles and risk management of cybersecurity

         Facilitate the adoption and integration of a cybersecurity management program

         Adopt best practices in their cybersecurity program internal audit



1.     Understanding the Principles and Practices of Cybersecurity Governance
• cybersecurity program scope statement
• cybersecurity strategic and tactical business plans
• cybersecurity committee terms of reference
• chief cybersecurity officer roles and responsibilities

2.     Defining the Cybersecurity Risk Management Process and Components
• cybersecurity program risk management
• cybersecurity program risk management policy
• cybersecurity program legal registry
• cybersecurity program risk assessment procedure
• cybersecurity program risk treatment plan
• cybersecurity program statement of applicability

3.     Assessing Opportunities for Continual Improvement of your Cybersecurity program
• continual improvement process 
• corrective actions plans
• preventive actions plans
• continual improvement roadmap

4.     Defining and Exploring the Fundamental Components of a Cybersecurity Internal Audit Program 
• Cybersecurity Internal Audit Program
• Cybersecurity Internal Audit Process
• Cybersecurity Internal Audit Plan
• Cybersecurity Internal Audit Control Effectiveness
• Cybersecurity Internal Audit Security Testing

5.     Developing a Cyber Program Communications Plan 
• cybersecurity program strategic and tactical communication plan

6.     Defining and Developing a Cybersecurity Training and Awareness Program
• cybersecurity program awareness and training plan
• conducting cybersecurity skills management

7.     Exploring Cyber Program Document and Records Management 
• cybersecurity program document and record registry
• cybersecurity program document and record retention policy 


Basic understanding of information technology or IT auditing.

Government Hours: 4.23(k)



Mary Siero

Mary Siero (CISSP, CISM, CRISC) is Senior Instructor for MISTI. She is an executive level Information Technology Consultant and the President of Innovative IT, a leading North Carolina based information technology consulting firm that specializes in IT operational, compliance and security consulting. Ms. Siero’s career includes ten years in healthcare as a Chief Information Officer and five years in the gaming industry as Vice President of IT Operations, both heavily regulated industries. She has over 40 years’ experience in engineering and technology from industries such as Healthcare, Government, Education, Gaming and Hospitality, Consumer Products, and Manufacturing. Ms. Siero is active in the information system security community and has provided testimony on the record for the State of Nevada Information Technology Board regarding The Current and Future Cyber Threat. She routinely presents at national conferences on information technology topics; holds several professional IT security certifications including CISSP, CISM and CRISC; and is the author of Safeguarding Your Organizations Data: A Call to Action. She is a Charter Member of the FBI Citizen’s Academy Alumni Association in Las Vegas, and is a member in good standing of the International Information Systems Security Certification Consortium (ISC)2, the Information Systems Security Association (ISSA), , the Information Systems Audit and Control Association (ISACA), and the North Carolina Technology Association She is a graduate of the University of Detroit with a Master’s Degree in Polymer Chemistry and a graduate of Michigan State University where she obtained her Bachelor’s Degree in Chemistry.

Additional Information

TAC Rule 523.142(g) requires the CPE Sponsor to monitor individual attendance and assign the correct number of CPE credits. Participants will be asked to document their time of arrival and departure in compliance with this Rule. Additionally, attendance will be monitored throughout the day and CPE certificates will reflect actual attendance of each participant.

If you are making travel plans to come to Austin, we recommend making "refundable" air and hotel reservations or waiting until 14 days before the class to actually book your reservations. Courses are occasionally canceled or rescheduled due to low enrollment. We determine whether a course has enough participants 16 days prior to the course date. If we cancel or reschedule, we will email the participant and his or her billing contact no later than 14 days before the original class date.

The course coordinator will contact you with parking information. Handicapped parking is free at the meters around the downtown area.

Vending machines with Coca-Cola products and various snack items are available. There is also a refrigerator and microwave in our coffee bar area. Feel free to bring in your own drinks and food if you prefer.

You might want to bring a light sweater or jacket, as room temperatures vary.

To see answers to our Frequently Asked Questions, visit

Back to Course Schedule