4.3 Cybersecurity Audit: Key and Emerging Risks, Regulations and Best Practices
Level: Intermediate
During this session you will learn the details and approach of a typical Cybersecurity audit including understanding key risks and an organizations overall cyber security posture with the following learning objectives:
- Audit an organization’s cyber security posture and identify key risks
- Define audit evidence requests needed to evaluate an institution’s cyber security controls including Service Organization Control (SOC) Reports
- Best practices internal auditors can leverage to support their organization to appropriately manage their response to ransomware and other cybersecurity threats including impact on Disaster Recovery Plans (DRPs)
- Examine ways to assess an organization’s cyber security maturity
- Recognize new and emerging cyber-attacks, threats, and vulnerabilities
- Discuss cyber security frameworks, regulations / guidance specific to Canada, and assessment tools currently available