Ufundi Plaza, Moi Avenue Nairobi, Kenya

Information Security for Auditors

5[1]-Day Training on Information Security for Auditors[2]

Information Technology (IT) is an integral component of modern enterprises. To be effective, auditors need substantial knowledge of IT systems, IT operations and associated risks. This is essential to enable the auditor make effective assessments of the said risks and necessary controls to help mitigate those risks. Information security is a major risk to information in IT systems. It is essential for auditors to understand information security issues, the risks thereof and means of protecting the information.

This course introduces information security concepts and how they relate to audits. Participants will learn information security terminology; principles of information protection, risks associated with information on ICT systems and mitigation controls. This is in addition to learning to perform information security-related audits

Course Objectives

Expose existing and emerging practices in information security and their application to Audits. Specifically, the course will:

  • Examine the “why, what, when, how and who” aspects of information security
  • Establish the relationship between information security risks, IT governance and enterprise risk management
  • Show the need for systematic approaches to information protection and associated controls
  • Illustrate practical steps towards sound information security management and information security auditing
  • Illustrate how to plan, develop and implement IT and cybersecurity audits in an organization
 Why should you attend? Who should attend?
·         Understand the why, what, when and how of information security in today’s world

·         Appreciate the value of systematic approach to information security management and effective information security controls

·         Understand the information security as it relates to audits

·         Know how to audit information security processes, plans and programmes

·         Managers, staff and others responsible for enterprise risk management, audit and information security management

·         Information security practitioners

·         Personnel charged with IT planning, implementation & management

·         Staff responsible for risk management & compliance


Day One Day Two
·         Overview of information security

·         The threat landscape and implication on cybersecurity

·         Information security in organizations

·          Information Security & cybercrime

·         Information Security & Risk Management

·         Information security governance & corporate governance?

·         Why IS governance? Illustrations of IS governance? IS governance frameworks?

·         IS Governance & Audit

·         IS Governance, Risk and Compliance

Day Three Day Four
–    IS audit: definitions, scope & process

–    IS audit versus IT Audit

–    IT audit, including auditing automated systems

–    Information security audit process

–    Types of IS Audits: policy, application, infrastructure, processes, etc.

–    Vulnerability management, ethical hacking, change management, incident management

Day Five
–    Change management

–    Reporting auditing outcomes and presenting results

–    Forming audit opinions; reporting and report overview

–    Report format and what forms a well presented audit report; Presenting results


Fees Contact
$1100 (KES 95,000) + VAT. Covers:  5-day workshop: 2 teas/snacks morning tea/snack, lunch, and learning material: presentation. ·         info@aganoconsulting.com; training@aganoconsulting.com

·         Phone: +254 20 267 0743

Sample Participant Comments

Great insights on information security and how to audit information security systems; informative with practical and relevant examples; good and well-executed; an eye opener to link between Audit and cybersecurity.

Sample Participant Comments

It clarifies us on IT risk management and related auditing; knowledgeable trainers. Well-presented and offers greater value than was advertised. Amiable instructors and great practicals for participants


[1] Refer to our calendar for scheduled dates; check www.aganoconsulting.com or email: info@aganoconsulting.com

[2] Also available for in-house training; contact us for terms and pricing.