Unit 1 : Auditing the Cybersecurity Program :
– Importance of the cybersecurity Program
– Drivers of cybersecurity risk
– Manage cybersecurity risk
– The cybersecurity program audit plan

Unit 2 : Auditing Storage Management Solution and Containers :
– Overview of storage management solutions and containers
– Data storage compliance landscape
– Auditing ephemeral and micro-services
– Cloud provider data storage tools and their benefits
– Adopting continuous auditing for data protection, retention, and destruction

Unit 3 : Auditing Digital Transformation and Digitization Programs :
– Key concepts of digital transformation and digitization
– Digital technologies and risks
– Internal audit’s role in digital initiatives
– Auditing digitization programs
– Auditing digital transformation programs 

Unit 4 : Auditing the Vulnerability Management Program  
– Vulnerability management program overview
– Understand common vulnerability management maturity models used to assess organizational cybersecurity vulnerabilities
– Review key metrics for auditing the vulnerability program
– How to implement appropriate actions when auditing vulnerabilities

Unit 5 : Auditing the Patch Management Program 
– Key concepts of patch management
– Understand typical, timely patch management process
– How the patch management program reduces cybersecurity risk and organizational vulnerabilities
– How the patch management program reduces data breach risk and loss

Unit 6 : Auditing automation
– Automation impact on audit testing
– Effective audit automation
– Visualize the risks of automation when establishing the internal audit scope
– Auditing automation

Unit 7 : Auditing API and Web Services
– API and web services overview
– Audit and test API and web services security
– Reduce API-bases web services risk

Unit 8 : Auditing privileged Access Management
– Key concepts of privileged access management
– Types and purposes of privileged access management
– Inventory and audit privileged access management
– Mitigate risk exposure from common privileged access management cyberattacks

Unit 9 : Auditing DevSecOps
– DevSecOps overview
– The DevSecOps development process
– Issues and controls
– Auditing DevSecOps

Unit 10 : Auditing Continuous Monitoring
– Auditing continuous monitoring process components
– Internal audit’s role in incorporating data analytics and continuous monitoring into the organization
– Develop a simplified yet high-impact reporting mechanism to meet a variety of stakeholders needs
– Continuous monitoring, high impact reporting, agile audit approach and dynamic risk assessment methodologies

Unit 11 : Auditing Red, Blue, and Purple Team Testing
– Overview of the kill chain and types of attacks
– Points of vulnerability as it relates to people, technologies and systems
– Identify areas of improvement in defensive incident response processes across every phase of the kill chain
– Establish the organization’s first-hand experience to detect and contain a targeted attack

Unit 12 : Auditing the Security Operations Center (SOC)
– Key concepts of the SOC
– SOC processes and checklists
– Controls needed to operate a SOC