Certified Cybersecurity Auditor (CCA) Jointly with
Glocert International Certifications (UK) Limited

Course Description:

In this course, students will learn the IT auditing life cycle, from information gathering, planning,
testing, reporting and issue tracking, etc. Students will also learn the overall IT audit framework
and methodology and how IT audit fits into the overall internal audit function. Students will also
learn how to develop and implement risk-based IT audit strategies and objectives in compliance
with generally accepted audit standards to ensure that the organization’s IT assets are adequately
controlled, monitored, and assessed, and are aligned with its business objectives. Students will be
introduced to basic audit techniques such as sampling methodology and approach, testing
procedure developing, evidence gathers, finding analysis and write-ups, communication and
escalation.

Course Objectives:

  1.   Develop and implement a risk-based approach in compliance with IT audit standards
    ensuring that key areas of IT / OT are included.
  2.   Design specific IT / OT audits to verify whether information systems are protected,
    controlled, and provide value to the organization.
  3.   Obtain and assess audit evidence in IT / OT audit that is sufficient, competent,
    relevant, and useful in achieving audit objectives.
  4.   Analyse the information gathered to identify reportable conditions.
  5.   Report the results of the audit to key stakeholders and make recommendations; effect
    change when necessary.
  6.   Conduct follow-ups and prepare status reports to ensure that appropriate and timely
    actions have been taken by management.

Course Reference.

  1.   NIST Standard / Framework collection
  2.   ISO27001 – ISO Standard – Available from ISO
  3.   Steve Watkins_ Alan Calder – IT governance _ an international guide to data security and
    ISO 27001_ISO 27002 (2020)
  4.   David Sutton – Information Risk Management, Second edition-BCS, The Chartered       Institute for IT (2021)
  5.   Abhishek Chopra, Mukund Chaudhary – Implementing An Information Security                         Management System_ Security Management Based On ISO 27001 Guidelines-Apress            (2020)
  6.   Gregory C. Rasner – Cybersecurity and Third-Party Risk_ Third Party Threat Hunting-            Wiley  (2021)

Duration of the Program

  1.   30 Hours of flexible learning spread over 3 weeks to facilitate the learners to apply the
    techniques and solve real life cases.
  2.   Work Reports and Contact classes.
      3. a.    2 Hr Session of online class – 5 Sessions
      b.    Minimum 4 -6 hours of case-based Audit work built around the session which is offline.         You are permitted to discuss with your peers. However, the interpretation of the case         and findings will be in your own words.
      c.     Number of sessions – 5 Sessions of 2 hr each spread over three (3) weeks

Participation between and during class

  • Student is expected to attend all classes for this course. It will be the students’
    responsibility to catch up in case he or she misses a class. To make up the missed class,
    students should reach out to co-participants.
  • Soft skill sets such as written and oral communication skill is imperative to auditors.
    Therefore, students are strongly encouraged to participate the classroom discussion and to
    post thoughts and comments on the class blog for related topics each week.
  • Reading materials, projects and assignments are selected by instructors to bring the realworld IT audit scenario into the classroom to facilitate the instruction and illustrate the core concepts.

Presentation(s)

  • Students will be asked to present specific topics either individually or in group during the
    class. Detail requirements will be provided during the class.

Code of Conduct Statement for Online Classes Online Behaviour

  • Students are expected to be respectful of one another and the instructor in online
    discussions. The goal is to foster a safe learning environment where students feel
    comfortable in discussing concepts and in applying them in class. If for any reason your
    behaviour is viewed as disruptive to the class, you will be asked to leave and you will be
    marked absent from that class.

Program Outline

  1. Introduction
  2. IS Risk Analysis
  3. Technology and Audit
  4. Audit Planning.
  5. Audit Management
  6. IT / IOT – Domain Areas

Program Certification

    Course End Test

      • A: Continuous Assessment:
        • 1. Information Security Continuous test: This is an Open Test with Unlimited
          Attempts for the duration of the course. The highest is considered for scoring
        • 2. Risk Management Continuous test: This is an Open Test with Unlimited Attempts
          for the duration of the course. The highest is considered for scoring
      • B: Case study – Work on the case shared as a part of the end test and share the
        audit report.
      • A Sample Certificate is enclosed for reference

mautic is open source marketing automation