Course Information
Cybersecurity Audit School
Parking for SAO, Professional Development courses is in Garage B (1511 San Jacinto Blvd.). The Garage signage may read 1511 San Jacinto or Garage B. The elevator in Garage B is not reliable. If you are unable to walk the stairs, please contact the professionaldevelopment@sao.texas.gov for alternate parking arrangements. Handicapped parking is free at the meters around the downtown area.
A course coordinator will email you a parking permit prior to the course start date. A permit must be displayed or you will be ticketed.
Course Description
This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.
Course Objectives
Upon completion of this course, participants will be able to:
Understand security fundamentals, including core security principles, critical security controls, and best practices for securing information technologies, operations, and data.
Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs.
Evaluate an organization’s technical, operational, and management infrastructure against common security principles and compliance controls
Detailed Course Outline
Lecture format due to volume of content. Agenda items can be removed or deprioritized to provide a more interactive learning experience.
1. Cybersecurity Overview
• Cybersecurity key concepts
• Cybersecurity history and breaches
• Types of cyber-attacks - human
• Types of cyber-attacks – technical
• Cybersecurity frameworks, standards, and regulations
• NIST framework and standards
• Industry frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)
• Cybersecurity oversight, governance, and compliance
• Security policies
• Security risk management overview
• Threat analysis
• Security risk management in practice
2. Asset Management
• Asset Identification and Inventory
• Third-party/service provider management
• Business impact assessment
• Configuration management and change control
3. Cybersecurity Protection Techniques
• Defending business assets overview
• Identity and access management
• Authentication and authorization
• Vulnerability and patch management
• Security awareness
• Physical security
• Personnel security
• Computer networking fundamentals
• Network defenses
• Network security access controls
• Endpoint and system security configuration
• Endpoint and system security protection
• Application security
• Cloud and virtualization security
4. Encryption, Digital Signatures, and Data Protection
• Encryption concepts
• Cryptographic algorithms
• Encryption – public key infrastructure
• Data protection techniques
• Data privacy controls
5. Event Detection, Incident Response, and Recovery
• Logging, monitoring, and alerting
• Incident response (IR) planning
• Incident response (IR) testing
• Digital forensics
• Recovering data and systems
• Business continuity and contingency planning
6. Auditing Cybersecurity
• The auditor’s role
• CISO’s role
• Establishing audit scope
• Building the audit plan
• Cybersecurity evaluation methods
• Vulnerability assessments, scanning and testing
• Penetration testing
• Security maturity models (CMMI)
• Auditing using NIST frameworks
• Auditing with other security frameworks and standards
• Auditing cybersecurity using the payment card industry (PCI)
• Cybersecurity auditing examples
7. Audit Evidence and Reporting
• Collecting and organizing cybersecurity evidence
• NIST reporting requirements
• Prioritizing risks and influencing decisions
8. Course Wrap-up
• Course summary and conclusion
Prerequisites
Prerequisite not required.
Instructors
Rob Clark, Jr., Chief Audit & Compliance Officer for Howard University, is a nationally recognized authority in internal audit, risk management, compliance and with over 30 years of industry experience. He is a highly rated and engaging speaker and instructor with a gift of being able to connect with his audience in an impactful way. He has created numerous audit classes through ACI Learning and is frequently requested instructor.
He joined Howard in July 2020 and has been leading the internal audit and compliance team to implement best practices. Prior to HU, he served as the Chief Audit & Compliance Officer at Clark Atlanta University. Prior to that he served as the Chief Audit Executive at Georgia Tech and the University of Nebraska, and Audit Manager at Massachusetts Institute of Technology.
He has held leadership positions as President of the Association of College and University Auditors (ACUA); President and now Board Member of the Institute of Internal Auditors (IIA)- Atlanta Chapter. He has served as a teaching faculty member of the IIA, the College Business Management Institute (CBMI), ACI Learning, and has been a highly sought-after speaker for dozens of organizations such as ACUA, The IIA, AGA, DCSHRM, NACUBO, EDUCAUSE, The Chronicle of Higher Education, Office of Inspectors General, SACUBO, Federal Reserve, and many others.
He holds professional designations as a Certified Internal Auditor, Certified Compliance and Ethics Professional, Certified Information Systems Auditor, and Certified Business Manager.? He is a Board Member of the National Speakers Association – GA; a Certified Virtual Presenter through eSpeakers; a CTM through Toastmasters; and has performed stand-up comedy at the Punchline Comedy Club, Laughing Skull, and numerous other engagements.
Although he spent over 20 years in Georgia, he still never developed a taste for grits.