Understanding and auditing Cybersecurity: Challenges for auditors and IT risk professionals
Date 20 – 21 Qershor 2019 Time: 09:00 – 17:00 Location – Tirana Course director: Komitas Stepanyan, PhD, CRISC, CRMA, CobIT Cert.
Introduction
Cybersecurity has become a pressing issue for virtually all industries so the need for businesses
to understand the threat landscape and have an effective plan in place to respond to cyberattacks
has grown exponentially in just the past several years. In today's interconnected and digital
business environment, organizations need to think about and address the vulnerabilities
introduced by insecurely architected systems. Organizations, and we as a society, are more
vulnerable than ever before. The most adequate quote used by of cybersecurity is “It's not if, but
when”.
According to PwC Global Economic Crime Survey 2018, cybercrime together with asset
misappropriation and consumer fraud, are the most frequently reported crimes across industries.
The Cost of Cyber Crime Study produced on a yearly basis by HP and Ponemon Institute states
that companies experienced 99 successful attacks (intrusions) per year (a 46 percent increase in
just four years) in 2015. As per Trend Micro’s report, ransomware has almost doubled in the first
half of 2016 with a 172% percent growth in comparison to the past year – meanwhile even the US
Police have paid ransom to get their data back from cybercriminals. Their colleagues from the City
of London Police say banks are obscuring the true amount of money lost to cyber-attacks,
preferring to write off cyber incidents as losses. Finally, Cybersecurity Ventures predicts
cybercrime will cost $6 trillion annually by 2021.
Do we need more reasons to prioritize CYBERSECURITY in our organizations?
Course objective
The course aims to present cybersecurity risks and challenges as well as problems and solutions
for understanding and auditing cybersecurity in the digital world.
After the course participants will learn about fundamental challenges of cybersecurity, how to
assess cybersecurity maturity and identify vulnerabilities; how to effectively mitigate cybersecurity
risks; which is the main role and main tasks of IT security professionals, internal auditors and
other relevant actors in this context.
Participants will be able to learn about putting cybersecurity in their organisations’ business
context. We will talk about threats such as ransomware as well as solutions and defenses such
as inventorying organisations’ digital assets, frameworks of cybersecurity, and many other tools
and techniques in order to arm them with additional knowledge of how to implement and assess
controls and how they can be add value in the fight against the cybercrime.
Target audience
Auditors and IT professionals seeking a foundational understanding of Cybersecurity.
Content
DAY 1
1. Introduction and course agenda
2. Cybersecurity challenges
o Digital era
o Why Cybersecurity is matter?
o IoTs; Social networks; Public Wifi; Cloud; BYOD; Ransomware
o Proposed solutions
3. Cybersecurity Frameworks
o IT/Cybersecurity Frameworks:
3
o Cobit,
o NIST
o FFIEC Cybersecurity maturity assessment tool
o How to link Cybersecurity inherent risk to maturity level of the organization?
o How to use for annual planning and audit engagement phases
o Three lines of defense model for addressing Cybersecurity
4. Case Study – Cybersecurity Maturity Assessment
DAY 2
5. Main controls for Cyber Security
o Firewall
o Permission management
o Privileged users management
6. Auditing BCP
7. Cyber resilience: Are you willing to give assurance?
8. Audit of System Hardening
o Patch management
o Configuration management based on Cobit
o Configuration analysis during the audit: tools you can easily use
o Logging: How to analyze and what to look during log analyses?
9. Case Study (group work) – Auditing IT Governance
4
INSTRUCTOR BIO
The trainer for this course is Komitas Stepanyan, Deputy Head of Internal Audit, Central Bank
of Armenia. He has 20 years of experience working as a network and system administrator,
information security professional, internal Audit consultant and cybersecurity consultant.
Komitas has conducted and has led several technical Assistance and capacity-building missions
covering a diverse range of countries and topics, including cybersecurity risk management,
cybersecurity regulation and supervision, IT fraud examination in Africa, Asia and Pacific for
international organisations such as The World Bank and for International Monetary Fund. He
is a chair of cybersecurity sub-group in Alliance of Financial Inclusion (AFI) and currently
working on a development of Policy Framework for Cybersecurity Risk.
He is one of the key players in Central bank of Armenia, who pushes forward IT/Cybersecurity
Governance agenda in Central Bank of Armenia. He is trussed adviser for the board and top
management on cyber security issues.
In recent years, Komitas is actively engaged in international knowledge sharing opportunities,
as a speaker and a trainer such as IIA International Conference, Anaheim, USA, 2019, FinSAC
Conference on Fintech, 2019, World bank, Vienna, CyberCentral, Prague 2019, 2nd Annual
Excellence in Corporate IT Audit, 2017, Berlin/Speaker, Chairman and many others.
Komitas has a PhD in the field of applied physics and is a holder of several international
certificates: Certified in Risk and Information Systems Control (CRISC- issued by ISACA) and
Certification in Risk Management Assurance (CRMA) and Cobit Foundation Certificate
(CobitF - issued by ISACA).
5
IMPORTANT FINANCIAL DATA
Cost per participant: AIIA Members 340 € (VAT included)
Non-members 389 € (VAT included)
Price includes course attendance, educational material, lunch and coffee breaks.
Payment* can be made by bank transfer or direct deposit by using the following account info:
Account Holder: Albanian Institute of Internal Auditors Nr.llog: 0010039700
Swift: SGSBALTX IBAN: AL43 2021 1123 0000 0000 1003 9700
Raiffeisen Bank Albania
Contact us for quotes related to more than two participants from the same organization or
other information: [email protected]
* Important: The transferred amount must include the entire amount as stated above. No
shortfalls due to exchange fee/or other administration charges may arise. Albanian Institute
of Internal Auditors has to receive the amount that is stated in your invoice.
6
REGISTRATION FORM
Understanding and auditing Cybersecurity:
Challenges for auditors and IT risk professionals
20 – 21 Qershor 2019, Tiranë, Albania.
Full name
Position
Company name
VAT No.
Contact Tel.
Address
Cancellation Policy:
Places on AIIA Training courses are limited so we therefore operate a cancellation policy regarding refund. 1. In case of cancellation of a training event by AIIA or related partner, we will endeavour to inform all participants 10
days before the course is due to take place, although please be aware that this is not always possible. All course fees paid will be reimbursed in full, but we are unable to reimburse any other costs that may have been incurred, including flights, accommodation etc.
2. No refund will be made for: a. Bookings cancelled less than three weeks before the event, except in exceptional circumstances and then only
at the discretion of Albanian Institute of Internal Auditors.
b. Non-attendance on the course.
3. For bookings cancelled three or more weeks before a course is due to start, 100% per cent of course fees paid will
be refunded to the applicant.
• I confirm all the data I provided is true and accurate. • I confirm that I read the training program and I agree to have such content delivered during the course.
Name Surname Signature
Date, location