Time
51 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:01
brings everyone welcome to sever Security Audit Overview Episode two
00:06
What is a Suburb Security audit?
00:10
In this episode, we're going to start building that foundation of knowledge that we need in order to proceed with understanding everything about cybersecurity auditing.
00:20
But before we get started, let me ask you one quick question.
00:25
What did the internal auditing do to make sure
00:30
that the company picnic was going to be successful?
00:37
They stayed at home.
00:43
In this video, you will learn what is an audit?
00:46
What is it separates a curiosity
00:48
and what we perform on its
00:53
now. This audit definition is my definition. There's a lot of different definitions. They're out there. But I believe this is the best one because it's fairly concise, inaccurate.
01:03
And what is a formal review of a program or organizational entity that compare standards and controls against verifiable performance.
01:14
Now, since it's a formal review, it should be conducted by an internal audit team or third party
01:19
and never buy those being audited.
01:23
No, why is that?
01:27
Well, simply put, there's a conflict of interest. I mean, can you really trust those people that are in charge of a program
01:34
to give you a factual assessment
01:38
of that program.
01:42
Okay, standards and controls.
01:44
Well, those were set by higher authority management, basically,
01:49
and those outline their expectations of our dearly performance
01:56
and verifiable informants. Includes interviews, logs, records, et cetera.
02:01
This is documentation.
02:05
If the organization our audit t, provides the audit tours
02:08
that basically says, Yeah,
02:10
we are complying against the sinners and controls
02:19
All right? A quiz
02:21
informal audit should be performed by
02:24
informal internal lot of team,
02:28
the respective program manager
02:30
or anyone designated by management.
02:39
And all the correct answer is a formal, internal lot of team
02:44
respective program manager. Well, once again, that's a conflict of interest.
02:49
You know he's the one that's being audited, so you shouldn't perform the order himself
02:53
and anyone designated by management.
02:57
Well, that could mean anyone from
03:00
Sally working in the cafeteria, you know, to me working on the loading dock,
03:06
so it's just too nebulous. It's not concrete enough,
03:14
you know, the cybersecurity definition is provided from my sack. Oh, wonderful organization. Please take a look at him in your leisure.
03:23
Severance curiosity is to provide management with an assessment of an organization, cyber security policies and procedures in their operating effectiveness,
03:32
so that's fairly straightforward.
03:36
So the audit is an assessment of effectiveness for management,
03:42
basically answers. How is our cybersecurity program?
03:46
Does it working? Is it failing? What's going on?
03:51
And the standards and controls
03:53
listed here?
03:54
Well, for our purposes, those equal policies and procedures were gonna break him out.
04:00
Talk about the little differences in the future
04:04
deal. But for now, they mean the same thing.
04:10
Okay, another quiz.
04:14
Which of the following statements are true?
04:15
Each cybersecurity Odjick provides an assessment to management?
04:20
Or does it review several security policies and procedures
04:26
or doesn't measure program effectiveness?
04:33
Well, the correct answer is all of the above. I'm sure you knew that. Can't slip anything by you guys.
04:44
No, what? We perform audits
04:46
well stated earlier.
04:47
The other assessment of effectiveness for management provide situational awareness.
04:55
Well, sir perform audits to comply with higher authority laws, industry regulations or insurance requirements. And, yes, believer, not insurance companies are going to request audits to be performed or reviewed.
05:06
It's part of their insurance policy
05:11
validation of corrective action.
05:14
Well, if we have identified problems in a previous audit, we want to make sure that they have been corrected
05:20
so we're basically validating
05:23
that. The oddity
05:26
has corrected the problems.
05:29
There's also special circumstances data breaches in the leadership, legal issues, etcetera
05:35
requires to perform an audit, a special on it.
05:41
And oftentimes those special audits are directed by management.
05:48
You're right. Another quiz
05:51
tour falls. A newly hired chief information officer may ask for a special cyber security audit to be performed
06:00
as part of his or her appointment to the position through or falls.
06:10
Well, the answer is true, and it falls under the area of special circumstances in the leadership.
06:18
All right, time for another knowledge bomb.
06:21
No. One. Things that I used to do whenever I took over,
06:26
you know, new department had, um
06:30
your division had whatever
06:32
was I would always ask for a copy of the last audit
06:38
for my review.
06:40
No. Why is this important?
06:42
Well, it gives you an idea of what you're getting into.
06:45
You have an opportunity to take a look at what the audit team found in the last audit.
06:49
And oftentimes they would put in the common section, you know, second time, third time that they came across this problem.
06:57
So it gives you an idea of what to focus on.
07:00
So if you're gonna be taking over as the new leader, you know, Manager, assistant manager, whatever.
07:05
Don't be afraid to ask for a copy of the audit, you know, take a look at it, review it. You know,
07:12
it's a good way Thio get a baseline of understanding information about the organization or the entity that you're taking over.
07:23
All right,
07:25
today's video We discussed the definition of an audit definition of a cyber security audit
07:30
and why audits were performed. Hopefully, you learn something,
07:34
and let's move on
07:36
to Episode three.

Up Next

Cybersecurity Audit Overview

This cybersecurity audit training is a beginner level course for anyone interested in cybersecurity audits or a career as an auditor. Upon completion of the course, the student will be familiar with the concept and purpose of auditing along with control frameworks focused on cybersecurity.

Instructed By

Instructor Profile Image
Darcy Kempa
Instructor