Accueil > Auditing the Cybersecurity Program Certificate
/ 5
(
notes,
)
Strengthen your role in managing cyber risks: audit cybersecurity programs, assess your knowledge with quizzes after each module, and earn certification through a final exam with multiple attempts allowed.
Recognize what drives cyber risk and how internal audit can assess control effectiveness
Identify how to assess data storage solutions
Define digital transformation, digitalization risks, and associated controls
Recognize characteristics of a typical, timely patch management process
Explain key concepts relating to the vulnerability management program, including commonly applied vulnerability management maturity models
Identify how automation of business impacts the methods used in audit testing
Investigate méthodes to reduce risk exposure from common API and web services vulnerabilities
Determine how to mitigate risk exposure from common privileged access management vulnerabilities
Identify methods to adjust audit approches for DevSecOps
Review how to mitigate risk exposure from common SoD vulnerabilities in DevSecOps Applications
Understand internal audit’s role in continuous monitoring and continuous auditing
Recall objectives and methods deployed in red team exercises
Recall important factors relating Security Operations Centers (SOC) and incident management, monitoring, detection, and response frameworks
Identify controls, and associated assessments, needed to operate a SOC
This program is intended for operational internal auditors and audit leaders who want to deepen their understanding and gain recognition of their cybersecurity knowledge.
Fundamentals of Cybersecurity or equivalent knowledge
A certified professional
⚠️ Veuillez vous référer à la fiche formation de la session choisie pour obtenir le contenu exact de la formation
Unit 1 : Auditing the Cybersecurity Program :
– Importance of the cybersecurity Program
– Drivers of cybersecurity risk
– Manage cybersecurity risk
– The cybersecurity program audit plan
Unit 2 : Auditing Storage Management Solution and Containers :
– Overview of storage management solutions and containers
– Data storage compliance landscape
– Auditing ephemeral and micro-services
– Cloud provider data storage tools and their benefits
– Adopting continuous auditing for data protection, retention, and destruction
Unit 3 : Auditing Digital Transformation and Digitization Programs :
– Key concepts of digital transformation and digitization
– Digital technologies and risks
– Internal audit’s role in digital initiatives
– Auditing digitization programs
– Auditing digital transformation programs
Unit 4 : Auditing the Vulnerability Management Program
– Vulnerability management program overview
– Understand common vulnerability management maturity models used to assess organizational cybersecurity vulnerabilities
– Review key metrics for auditing the vulnerability program
– How to implement appropriate actions when auditing vulnerabilities
Unit 5 : Auditing the Patch Management Program
– Key concepts of patch management
– Understand typical, timely patch management process
– How the patch management program reduces cybersecurity risk and organizational vulnerabilities
– How the patch management program reduces data breach risk and loss
Unit 6 : Auditing automation
– Automation impact on audit testing
– Effective audit automation
– Visualize the risks of automation when establishing the internal audit scope
– Auditing automation
Unit 7 : Auditing API and Web Services
– API and web services overview
– Audit and test API and web services security
– Reduce API-bases web services risk
Unit 8 : Auditing privileged Access Management
– Key concepts of privileged access management
– Types and purposes of privileged access management
– Inventory and audit privileged access management
– Mitigate risk exposure from common privileged access management cyberattacks
Unit 9 : Auditing DevSecOps
– DevSecOps overview
– The DevSecOps development process
– Issues and controls
– Auditing DevSecOps
Unit 10 : Auditing Continuous Monitoring
– Auditing continuous monitoring process components
– Internal audit’s role in incorporating data analytics and continuous monitoring into the organization
– Develop a simplified yet high-impact reporting mechanism to meet a variety of stakeholders needs
– Continuous monitoring, high impact reporting, agile audit approach and dynamic risk assessment methodologies
Unit 11 : Auditing Red, Blue, and Purple Team Testing
– Overview of the kill chain and types of attacks
– Points of vulnerability as it relates to people, technologies and systems
– Identify areas of improvement in defensive incident response processes across every phase of the kill chain
– Establish the organization’s first-hand experience to detect and contain a targeted attack
Unit 12 : Auditing the Security Operations Center (SOC)
– Key concepts of the SOC
– SOC processes and checklists
– Controls needed to operate a SOC
Cybersecurity- Intermediate
Date : 17/11/2025
Durée : 2,5 jours
Horaires : 5*9h-13h
Tarifs : Adhérents : 1900 € / Non adhérents : 2400 € / Déjeûner(s) inclus
Lieu :
Places disponibles :
Crédits CPE : 20
Date : 20/04/2026
Durée : 2,5 jours
Horaires : 5*9h-13h (CET)
Tarifs : Adhérents : 1900 € / Non adhérents : 2400 €
Lieu :
Places disponibles :
Crédits CPE : 20
Date : 15/06/2026
Durée : 2,5 jours
Horaires : 5*9h-13h (CET)
Tarifs : Adhérents : 1900 € / Non adhérents : 2400 €
Lieu :
Places disponibles :
Crédits CPE : 20
Session garantie
Date : 19/10/2026
Durée : 2,5 jours
Horaires : 5*9h-13h (CET)
Tarifs : Adhérents : 1900 € / Non adhérents : 2400 €
Lieu :
Places disponibles :
Crédits CPE : 20
Date : 07/12/2026
Durée : 2,5 jours
Horaires : 5*9h-13h (CET)
Tarifs : Adhérents : 1900 € / Non adhérents : 2400 €
Lieu :
Places disponibles :
Crédits CPE : 20
Afin de maximiser les chances d’ouverture, nous transmettons les convocations 14 jours avant la date de formation pour les formations en présentiel ou présentiel augmenté (hybride) et 7 jours avant la date de formation pour celles en classe virtuelle ou Digital Learning.
Toutes nos formations en présentiel ou présentiel augmenté (hybride) se déroulent à Paris intra-muros. Notre partenariat avec le Groupe Formeret nous permet de vous proposer des lieux de formation adaptés et de grande qualité. La formation se déroulera sur l’un de leurs trois sites (https://www.formeret.fr/). L’adresse du site de formation vous sera précisée dans votre convocation.
Une formation est éligible au CPF dès lors qu’elle se conclue par une certification professionnelle enregistrée au RNCP ou au répertoire spécifique et qu’elle est portée par un organisme français. L’IFACI vous propose des certifications individuelles portées par l’IIA, reconnues par la profession, mais qui ne sont pas enregistrées auprès de l’Etat Français. C’est pourquoi nos formations ne sont pas éligibles au CPF. D’autres solutions de financement peuvent toutefois être mobilisées selon votre situation (employeur, France Travail, région…).