IIA Canada National Conference - Call for Presentations deadline January 29, 2021 4:00 pm EST

How to Audit the TOP 10 Cyber Security Threats

Day 1 - Concurrent Session 2 - Track 5

How to Audit the TOP 10 Cyber Security Threats

Level: Intermediate

We, the internal audit team from Communications Security Establishment (CSE), have developed a Cyber Security Audit Program based on CSE’s TOP10 Cyber Security Threats to the Government of Canada.  This generic audit program, applicable to both the public and private sectors and written in plain language, is accompanied by:

  • Cyber Security Audit Guide
  • A cyber security Preliminary Survey Tool (PST)
  • 10 cyber security Evidence Gathering Tools (EGT’s), one for each of the TOP10 cyber security threats, and
  • 10 brief presentation decks, one for each TOP10 threat, that illustrate what the cyber threat and resulting mitigation look like. 

The audit program and tools target auditors who are new to auditing in cyber space.  To help de-mystify cyber security concepts, our presentation includes a walk-through of these cyber threat visualizations / illustrations and explains how the audit program and tools are applied to each of the threats.  All the cyber security tools are based on the audit program. 

The suite of audit tools will be available in English and French.