Home > Training, Events and Conferences > > Two Day Seminar: Cybersecurity for Internal Auditors

Two Day Seminar: Cybersecurity for Internal Auditors

CPE Hours: 16
 
INTRODUCTION
This 2-day course will assist with understanding the process of auditing cyber security, the practical issues relating to the governance and management of cyber security, the different cyber security controls, process and the standards available.
 
WHO SHOULD ATTEND
Auditors or IT auditors who are seeking to gain knowledge about the main processes of auditing a cybersecurity program
 
LEARNING OUTCOMES
The course will help professionals from any discipline to understand the critical aspects of governance, risk, security, control relating to cyber security and obtain the level of knowledge required to audit cyber security controls.
 
COURSE OUTLINE
Evolution of Cyberthreats and Controls
  • Phishing,
  • Virus and Malware,
  • Denial of Service Attack,
  • Cyber Fraud,
  • Zero day Attacks,
  • Risks Associated with Internet, Servers/Desktop, WIFI, Cloud Security, Internet of Things (IoT) and some of the ready controls available
 
Business Impact Assessment on Cyber attacks
  • To understand the impact and loss of Cyberattack to the different industries
 
Cybersecurity Law and Regulations
  • Understanding different Cybersecurity Law and other regulations
 
Cybersecurity Best Practices
  • Discussion on the different types of best practices/controls like ISO27001, Cloud, Cobit, MAS TRM, NIST standards etc.
 
Cyber Risk Assessment and Scoping
  • Performing a cyber risk assessment using the Cyber security best practices to scope and prepare the audit work programme.
 
Other Types of Cyber Developments
Understand the other types of developing cyber security controls like:
  • threat intelligence/analytics,
  • user behaviour analysis,
  • secure code development,
  • automated threat modeling & attack simulations,
  • pattern of life technologies,
  • content disarming and reconstruction and more.
 
Cyber Security Maturity Model
  • Understand how to measure the success of a cyber security programme
 
Other Security Considerations
  • Discussion on other security threats like technology risks, information security risk, insider risks and more.
 
Skillsets of a Cyber Security Professional
  • Discussion on the types of soft skills, training and certifications for cyber security professionals
 
ABOUT THE TRAINER
Mr. Hoi Wai Khin specialises in information security and business continuity, and has vast overseas and local experience in managing technology risk. In his current position, he has extensive exposure to the management of risk/audit/security programmes to meet legal, human resources, audit, IT, risk management and information security requirements. This involves constant innovation of ideas to implement value-added security programmes to support the client's organisational objectives and building a robust security framework that goes beyond regulatory compliance.
 
His global experiences include assisting organisations in audits for IT due diligence, Sarbanes Oxley 404 IT General Computer Control, and IT diagnostics for mergers & acquisitions. Wai Khin has also supported clients in ISO 27001 certification projects, cloud technology, bring your own device (BYOD), as well as compliance with Singapore's Personal Data Protection Act (PDPA) and internal and external IT audit requirements.
 
Prior to joining the firm, he was an information security officer managing security, business continuity and audit programmes for a global B2B company. His experiences also include working as a data protection officer for a leading semiconductor manufacturer, tasked with protecting highly confidential R&D IP information. Wai Khin also previously provided audit assurances, security and business continuity advisory services at a Big 4 firm.
 
Qualifications
  • Certified Information Systems Security Professional (CISSP), (ISC)²
  • Certified Information Security Manager (CISM), ISACA
  • Certified in Risk and Information Systems Control (CRISC), ISACA
  • Certified Business Continuity Professional (CBCP), DRI International
  • Singapore Certified Management Consultant (PSCMC), TUV SUD PSB
  • Master of Science Information Security, University of London, Royal Holloway
  • Master of Science Software Engineering, University of Essex