Home > Training and Events Calendar

Training and Events Calendar



Auditing the Cybersecurity Program Certificate (2.5 day)
Date(s):
24th - 26th Nov 2025
Time:
9:00AM - 5:00PM
Venue:
In-person training, venue to be confirmed

Location: Singapore
Costs:

Member (Incl. 9% GST): $2,398.00
Non-Member (Incl. 9% GST): $2,834.00
Description:

 

CPE Hours: 20

INTRODUCTION

With cyber-attacks growing at alarming rates around the globe, and data breaches increasing by 37 percent in just on quarter (according to Statista) at a staggering average cost of $4.24 million USD (according to IBM), it is no wonder law makers are focusing on cyber-focused regulations.

International laws including EU’s GDPR, German IT Security Law, and US Principles for Cyber Incident Reporting, and US Global Cyber Incident Reporting Policy Principles are a few examples where governments world-wide are articulating the need for strong cyber controls and increased transparency regarding cyber-related incidents. Additional proposals are under consideration by governments around the world including the proposed SEC cyber reporting rules. With the increased scrutiny, it is in the strategic best interest of both public and private organisations to audit their cybersecurity programs.

Internal audit should play a key role in supporting the organisation in reducing cyber risk. Cybersecurity program auditing can serve as the critical barrier between a potential cyber-attack and the organisation. Due to the cost, risk, and reputational damage that can result from a cyber incident or data breach, every organisation needs a cyber strategy and response plan.

Participants who complete the course are eligible to sit for the certificate exam which is administered on The IIA’s LMS platform.

TARGET AUDIENCE

This certificate program is designed to ensure the internal audit community possesses the fundamental competencies to effectively assess an organization’s cybersecurity governance and management practices, including their cybersecurity program capabilities. This program is intended for operational internal auditors and audit leaders who want to deepen their understanding and gain recognition of their cybersecurity knowledge. Participants who successfully complete this program are eligible to plus themselves by obtaining The Auditing the Cybersecurity Program Certificate- a wonderful addition to both your resume and LinkedIn profile.

Prerequisites: Fundamentals of Cybersecurity or equivalent knowledge.

CERTIFICATE OBJECTIVES

  • Recognize what drives cyber risk and how internal audit can assess control effectiveness.
  • Identify how to assess data storage solutions.
  • Define digital transformation, digitization risks, and associated controls.
  • Recognize characteristics of a typical, timely patch management process.
  • Explain key concepts relating to the vulnerability management program, including commonly applied vulnerability management maturity models.
  • Identify how automation of business processes impacts the methods used in audit testing.
  • Investigate methods to reduce risk exposure from common API and web services vulnerabilities.
  • Determine how to mitigate risk exposure from common privileged access management vulnerabilities.
  • Identify methods to adjust audit approaches for DevSecOps.
  • Review how to mitigate risk exposure from common SoD vulnerabilities in DevSecOps applications.
  • Understand internal audit’s role in continuous monitoring and continuous auditing.
  • Recall objectives and methods deployed in red team exercises.
  • Recall important factors relating to Security Operations Centers (SOC) and incident management, monitoring, detection, and response frameworks.
  • Identify controls, and associated assessments, needed to operate a Security Operations Center (SOC).

CERTIFICATE TOPICS

Auditing the Cybersecurity Program

  • Importance of the cybersecurity program.
  • Drivers of cybersecurity risk.
  • Manage cybersecurity risk.
  • The cybersecurity program audit plan.

Auditing Storage Management Solutions and Containers

  • Overview of storage management solutions and containers.
  • Data storage compliance landscape.
  • Auditing ephemeral and micro-services.
  • Cloud provider data storage tools and their benefits.
  • Adopting continuous auditing for data protection, retention, and destruction.

Auditing Digital Transformation and Digitization Programs

  • Key concepts of digital transformation and digitization.
  • Digital technologies and risks.
  • Internal audit’s role in digital initiatives.
  • Auditing digitization programs.
  • Auditing digital transformation programs.

Auditing the Vulnerability Management Program

  • Vulnerability management program overview.
  • Understand common vulnerability management maturity models used to assess organizational cybersecurity vulnerabilities.
  • Review key metrics for auditing the vulnerability program.
  • How to implement appropriate actions when auditing vulnerabilities.

Auditing the Patch Management Program

  • Key concepts of patch management.
  • Understand typical, timely patch management process.
  • How the patch management program reduces cybersecurity risk and organizational vulnerabilities.
  • How the patch management program reduces data breach risk and loss.
  • Auditing Automation

Automation impact on audit testing.

  • Effective audit automation.
  • Visualize the risks of automation when establishing the internal audit scope.
  • Auditing automation.

Auditing API and Web Services

  • API and web services overview.
  • Audit and test API and web services security.
  • Reduce API-based web services risk.

Auditing Privileged Access Management

  • Key concepts of privileged access management.
  • Types and purposes of privileged access management.
  • Inventory and audit privileged access management.
  • Mitigate risk exposure from common privileged access management cyberattacks.

Auditing DevSecOps

  • DevSecOps overview.
  • The DevSecOps development process.
  • Issues and controls.
  • Auditing DevSecOps.

Auditing Continuous Monitoring

  • Auditing continuous monitoring process components.
  • Internal audit’s role in incorporating data analytics and continuous monitoring into the organization.
  • Develop a simplified yet high-impact reporting mechanism to meet a variety of stakeholder needs.
  • Continuous monitoring, high impact reporting, agile audit approach and dynamic risk assessment methodologies.

Auditing Red, Blue, and Purple Team Testing

  • Overview of the kill chain and types of attacks.
  • Points of vulnerability as it relates to people, technologies, and systems.
  • Identify areas of improvement in defensive incident response processes across every phase of the kill chain.
  • Establish the organization’s first-hand experience to detect and contain a targeted attack.

Auditing the Security Operations Center

  • Key concepts of the Security Operations Center (SOC).
  • Security Operations Center (SOC) processes and checklists.
  • Security Operations Center (SOC) Framework for incident management, monitoring, detection, and response.
  • Controls needed to operate a Security Operation Center (SOC). 

CERTIFICATE EXAM

Participants who complete the in-person training course are eligible to sit for the certificate exam which is administered on The IIA’s Learning OnDemand Platform.

  • Within 7-10 business days after the last session of the certificate program, the exam is available on the OnDemand Platform to all registered participants of the program. IIA Academy will inform participants via email once the exam is available.
  • The exam will be available for 90 days on the OnDemand Platform.
  • The exam consist of 50 multiple choice questions.
  • The exam must be taken in a single setting but is not timed.
  • You may reference any course materials or other IIA-published resources desired while taking the exam.
  • You are allotted 3 chances to pass the exam. Additional attempts will be charged the US$125 retake fee.

ABOUT THE TRAINER

Yoong Ee Chuan
Certified Internal Auditor (CIA), Fellow Chartered Accountant (FCA), Singapore, Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), ISCA Financial Forensics Professional (ISCA(FFP)), Certified Fraud Examiner (CFE), ASEAN CPA

Driving fraud risk management and awareness, internal audit and IT audit & security, governance and cybersecurity with deep exposure to non-profit board roles spanning Audit Committee Chairman, Treasurer and Board Member.

Former Head of Internal Audit in a public sector agency driving internal audits covering operational, compliance and IT domains. Leading data analytics and forensic investigations whilst supporting CET training in procurement audits, fraud risk management and internal controls.

Ee Chuan is a seasoned practitioner in internal audit and fraud detection. He successfully detected and flagged a high-profile bid-rigging case involving a public sector agency that led to the prosecution of the perpetrators by the Competition and Consumer Commission of Singapore (CCCS) in 2024. 

REGISTRATION

Please email the completed registration details as per the excel form to IIA Academy at iia-academy@iia.org.sg. We will notify you once your registration for the seminar has been successfully processed.

Unlock 10% Savings with Group Registration!
 
Register as a group of four or more participants for the same course and enjoy a 10% group discount!
This offer applies to registrations from the same company submitted on the same day. The discount is applicable in one single invoice.
PAYMENT
For more information on payment modes, please click HERE.

IMPORTANT NOTE

  • Please email the completed registration details as per the excel form to IIA Academy at iia-academy@iia.org.sg. We will update you upon successful registration of the mentioned seminar.
  • Once the course is confirmed, an email confirmation will be sent to the registrants’ contact email addresses 1 week prior to the course commencement date.
  • If you do not receive any email notification regarding your course registrations, please call IIA Academy at 6324 9029 ext 2004 or 2005.

TERMS AND CONDITIONS

  • Registration is on a first-come, first-served basis.
  • Contact person will be notified via email upon successful registration of the participants. The seminar details would be sent to the registered participants one week prior to the seminar.
  • Registration fee must be received prior to the date of the seminar.
  • Registered participants will be liable for the full registration fee in the event of non-attendance on the date of the seminar.
  • Cancellation must be submitted in writing to the Academy team at iia-academy@iia.org.sg at least 7 working days prior to the seminar and subject to IIA Singapore's approval. A processing fee of $100 per participant will be imposed for any cancellation. Substitutions will be permitted and conditions will apply. You may substitute a “like” person to attend the seminar in your place – for example, if you are an IIA Singapore member, you may substitute with another IIA Singapore member.
  • IIA Singapore reserves the right to revise the seminar programme as necessary.
  • IIA Singapore reserves the right to cancel or postpone the seminar should the minimum class size is not fulfilled. IIA Singapore will refund the full registration fee which has been paid.
  • IIA Singapore reserves the right to take videos and photographs during the seminar for use in IIA Singapore’s marketing collaterals and other publicity purposes.
  • Complimentary parking, if any, will be provided on a first-come-first-served basis.
Ref: TRAIN-P0000001-600