Professional Documents
Culture Documents
Cyber Security Focus On IT Audit Webiar 19-02-2024
Cyber Security Focus On IT Audit Webiar 19-02-2024
Welcome
Cyber Security
Focus on
IT audit
LN
19 Feb 2024
20 February 2024 1
• To highlight
20 February 2024 2
1
2/20/2024
20 February 2024 3
2
2/20/2024
Agenda
About IT audit and its relevance to Cyber
1 Security, Compliance and Risk Management
3 Challenges
20 February 2024 5
Compliance IT Risk
Management Management
IT IT Operations IT
Governance Audit
20 February 2024 6
3
2/20/2024
Information Security
Sources of Controls Sources of audit
Cyber Security requirements
• ISO / IEC 27001:2022
• ITIL • Statutory audits
• COBIT • SOX
• NIST • SOC1, 2, 3
• Cloud Security Alliance Internet Web Network • FISMA
• CIS (Centre for Internet Security) Security Security Security • FedRAMP
• PCI / DSS • HIPAA
• GDPR • PCI / DSS
• HIPAA • GDPR
• ISO/IEC 27001:2022
4
2/20/2024
Information Security
• Physical security, IT asset management, Human resource security, Data management, BCP and DR, Third
Party Risk Management
Cyber Security
• Security training, Security monitoring, Incidence response
Internet Security
• Firewall
• IDS & IPS
• Anti malware Network Security
• SSL & Transport layer Security
• VPN
Web Security • Network segmentation
• Secure coding (Code review) • Access Controls List
• Web application firewall • Network log monitoring
• Secure authentication • Content filter
• Data Encryption
• Application Vulnerability assessment
20 February 2024
9
20 February 2024 10
5
2/20/2024
IT audit
20 February 2024 11
20 February 2024 12
6
2/20/2024
20 February 2024 20
20 February 2024 21
7
2/20/2024
20 February 2024 22
• Audit is a high revenue business for the audit firms. So auditors get a
handsome salary.
20 February 2024 23
8
2/20/2024
We have a solution
20 February 2024 24
20 February 2024 25
9
2/20/2024
20 February 2024 26
20 February 2024 27
10
2/20/2024
20 February 2024 28
We are facing SOX audit for the first time. The We regularly conduct user access
auditors talk about controls and ask for reviews. I was very much surprised
evidences, I do not know what a control is and when the auditor tested this and
which evidences they require. They are not informed me that it is a deficient
allowing me to do my regular job. process. Auditor failed the control and
We migrated to new ERP in the mid of the we felt the wrath of the top
year. Old systems are decommissioned, Now management. Had I known the audit
auditor asks screenshot from the old system. requirements early, I would have
improved the process and passed the
test.
20 February 2024 29
11
2/20/2024
Understanding audit
requirements help me to Understanding IT
improve the compliance level Understanding IT audit
controls and controls and evidences and
It also helps me to effectively evidence the level of the audits help
coordinate between the requirements gives me to implement and monitor
auditors and the IT teams. I me a better view on controls more effectively.
can communicate well and IT risks and helps
decipher what the auditors me to suggest
want. improved risk
mitigation measures.
20 February 2024 30
20 February 2024 31
12
2/20/2024
20 February 2024 32
20 February 2024 33
13
2/20/2024
• Seven modules
• Moving from basic level (module 1) to 1 IT audit overview
advanced level (module 6)
• Module 7 provides valuable insights, with 2 IT audit process
7 real case examples of challenging
IT environment
situations and how to analyse and come to 3
the correct conclusion
4 IT risks and controls
• Detailed guideline materials and templates
• Quality related tips Performing IT audit
5
• Training on right prioritisation
6 Testing key controls
• Fifteen hours of online sessions
• Thirteen (13) hours of training sessions
IT audit Insights
15 one hour a day from Monday to Friday
7
20 February 2024
35
14
2/20/2024
20 February 2024 36
20 February 2024 37
15
2/20/2024
20 February 2024 38
20 February 2024 39
16
2/20/2024
Mobile: 7200081965
Gopichand@robokode.com
Thank You
20 February 2024
43
17