Time
51 minutes
Difficulty
Intermediate
CEU/CPE
1

Video Transcription

00:00
Greetings, everyone. Welcome to separate security Audit Overview
00:04
Episode seven
00:07
Auto Completion The last episode in this course
00:13
I think I'm gonna miss you guys.
00:16
Yeah, okay. I'm not All right. Let's get moving.
00:21
Learning objectives. In his video, you will learn how to compile all the results to present audit results
00:28
and how audit results help an organization.
00:31
All right, compiling water results
00:34
after the orders have done their control. Validation, verification,
00:39
they take all the information that they collected
00:42
and they compile it
00:44
into their auditor results.
00:47
Now, the results free charter is gonna be different based on the areas that they looked at. So each order is expected to review their results for content as well as accuracy. And they're also expect to provide a submarine.
01:00
Now, the summer you can just think of as an executive summary to three paragraphs.
01:06
Nothing too technical or detailed. Just an overall view of what the auditor thought about the programs that looked at.
01:14
Now the orders then provide the results of a team leader.
01:18
The team leader collects all of the results from all different orders,
01:23
and it starts to create the audit report. Now, once the auto report has been completed.
01:30
It is then reviewed.
01:32
Now, there you congee, either by the team Lear,
01:36
a team or third party.
01:38
And this review is important because it is the final review prior to presentation. Alright, Compiling water results Now. This whole entire slide is a knowledge bomb.
01:51
Let's get into the details. Your cyber security audit results and reports should be considered classified information. No. Why is that?
02:00
Well, you just took a look at your cybersecurity program.
02:04
You validate it, its strengths and you identified its weaknesses.
02:08
You know what single document
02:12
would be more beneficial to a hacker than that
02:15
identified the controls which are designed to mitigate risks.
02:19
You identify whether they're working or not.
02:23
All that information should be considered classified
02:27
and should be controlled and protected.
02:30
The only people that really need to see this audit result
02:34
are those with a need to know
02:37
those within the organization.
02:38
You know, those within cyber security
02:43
encryption? Well, that's up to you, but it should be filed and she on Lee be kept for a certain amount of years. According your policy.
02:52
All right,
02:53
Munch are The results have been collated
02:55
and collected into a single report,
03:00
it's time to present their report.
03:02
No formal presentation normally involves a meeting.
03:06
Normally, it's the audit teen employees that were audited and senior leadership
03:12
that participates in the meeting.
03:15
During the meeting,
03:16
there's gonna be a briefing, daughter reports when we reviewed
03:21
and the team members gonna provide summaries of the results.
03:24
Now it's important to understand that once the report has been submitted that completes the audit.
03:32
Now the opposite of a formal presentation is an informal presentation,
03:38
and that's usually based on organizations, protocol or desires.
03:42
Now it may involve a meeting between leadership, the program manager, and you ought it leader.
03:49
Or it can involve the auto report simply being submitted to either a leadership for review and then Todt
03:59
or B
04:00
first, the oddity for review and then to leadership.
04:03
And once again,
04:06
once the report has been submitted
04:10
formally or informally, that complete seal on it.
04:15
All right, several security audit benefits
04:17
and you talk to warn you
04:19
throughout the course, we've been talking about situational awareness for management, but there's also other benefits.
04:26
It identifies good and bad results.
04:29
Now this gives management the opportunity to reward the good
04:33
or unfortunately, is often happens. Ignore the good
04:38
and focus on investigating the bad
04:42
down. The auto report also provides a basis for corrective actions.
04:46
Well, that's the program manager. Know what is wrong. The one needs to be corrected,
04:50
and then he can use That Oughta Report
04:54
is a checklist
04:58
now the slide believer not. It's actually another knowledge bomb,
05:00
and it comes from personal experiences that I've had
05:04
no feeling. An audit
05:06
is never a good thing,
05:10
but the results, on the other hand, can prove to be beneficial to you. Is a program manager,
05:17
for example, in order, failure may identify a need for funding.
05:23
For example, you need new or upgraded hardware software to comply with the control.
05:29
What better way of showing management
05:32
that you need that extra money?
05:35
Upgrade your hardware or software
05:39
in a lot of failure?
05:42
No, not a failure may also show a need for training.
05:46
For example, you have new employees, high turnover rate or give new equipment,
05:53
and unfortunately,
05:55
another failure
05:57
may identify the need to terminate employees. You,
06:00
but you have to make sure that you consult Human resource is first, you know, before you decide to terminate employees based on the results.
06:10
All right, a quiz.
06:12
The last one.
06:14
It's like the right answer or answers.
06:16
A completed Oughta report is
06:19
available to anyone who requests it
06:23
a baseline for corrective action
06:26
or presented to management and the program manager.
06:30
All right. The correct answers are B N. C. A Complete Oughta Report is a baseline for corrective action for the program manager.
06:41
We identified what was wrong. It's up to the program manager to define how he's gonna fix it as well as presented to management in the program manager.
06:51
Remember, the audio is not complete until the report has been presented to management and the program manager.
07:00
All right. In this last video, we discussed compiling auto results, presenting auto results and other results benefit.
07:08
I hope this course was beneficial to you
07:12
and on behalf of everyone from Sai Berry and myself.
07:16
Best of luck to you.
07:18
Let's try to work together to make sure that I t
07:24
secure for everyone.
07:26
Thanks

Cybersecurity Audit Overview

This cybersecurity audit training is a beginner level course for anyone interested in cybersecurity audits or a career as an auditor. Upon completion of the course, the student will be familiar with the concept and purpose of auditing along with control frameworks focused on cybersecurity.

Instructed By

Instructor Profile Image
Darcy Kempa
Instructor