Information Technology (IT) is an integral component of modern enterprises. To be effective, auditors need substantial knowledge of IT systems, IT operations and associated risks. This is essential to enable the auditor make effective assessments of the said risks and necessary controls to help mitigate those risks. Information security is a major risk to information in IT systems. It is essential for auditors to understand information security issues, the risks thereof and means of protecting the information.
This course introduces information security concepts and how they relate to audits. Participants will learn information security terminology; principles of information protection, risks associated with information on ICT systems and mitigation controls. This is in addition to learning to perform information security-related audits
Expose existing and emerging practices in information security and their application to Audits. Specifically, the course will:
- Examine the “why, what, when, how and who” aspects of information security
- Establish the relationship between information security risks, IT governance and enterprise risk management
- Show the need for systematic approaches to information protection and associated controls
- Illustrate practical steps towards sound information security management and information security auditing
- Illustrate how to plan, develop and implement IT and cybersecurity audits in an organization
|Why should you attend?||Who should attend?|
|· Understand the why, what, when and how of information security in today’s world
· Appreciate the value of systematic approach to information security management and effective information security controls
· Understand the information security as it relates to audits
· Know how to audit information security processes, plans and programmes
|· Managers, staff and others responsible for enterprise risk management, audit and information security management
· Information security practitioners
· Personnel charged with IT planning, implementation & management
· Staff responsible for risk management & compliance
|Day One||Day Two|
|· Overview of information security
· The threat landscape and implication on cybersecurity
· Information security in organizations
· Information Security & cybercrime
· Information Security & Risk Management
|· Information security governance & corporate governance?
· Why IS governance? Illustrations of IS governance? IS governance frameworks?
· IS Governance & Audit
· IS Governance, Risk and Compliance
|Day Three||Day Four|
|– IS audit: definitions, scope & process
– IS audit versus IT Audit
– IT audit, including auditing automated systems
– Information security audit process
|– Types of IS Audits: policy, application, infrastructure, processes, etc.
– Vulnerability management, ethical hacking, change management, incident management
|– Change management
– Reporting auditing outcomes and presenting results
– Forming audit opinions; reporting and report overview
– Report format and what forms a well presented audit report; Presenting results
|$1100 (KES 95,000) + VAT. Covers: 5-day workshop: 2 teas/snacks morning tea/snack, lunch, and learning material: presentation.||· email@example.com; firstname.lastname@example.org
· Phone: +254 20 267 0743
 Also available for in-house training; contact us for terms and pricing.