Session 1: Integrating Cyber risk within the Risk Management Framework
Part 1 of the course is aimed at creating awareness and sensitising the audience about cyber risks that organisations are facing and how these are evolving. We will further delve into the role that Internal Audit plays as the third line of defence, within the organisation to protect and defend from cyber attacks. The course will look into the evolving internal controls and risk management techniques associated with these risks. The course will end with a case study scenario and workshop relating to a cyber attack: what happened; how the incident was handled through to recovery; how could it have been prevented.
Session 2: Executing IT internal audits to address cyber risks
In part 2 we will build on the knowledge gained in part 1, by looking into the potential assessments that can be deployed by internal audit functions to evaluate processes and controls implemented to counteract cyber risks. The course will give an overview of the benefits that can be derived by performing specific audits (e.g. firewall rule assessment, controls over data transmission between systems; access control mechanisms; privileged rights management; etc).