Cyber Security Auditor
A security role responsible for conducting a cyber security audit, which may be performed by a person who is trained in this activity and demonstrates professional competence in conducting cyber security audits or information security management system audits. The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll.
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget audience
The Role of the Cyber Security Auditor
The cyber security auditor performs his role impartially and the performance of his role is separate from the performance of the role of Cyber Security Manager, Architect and Guarantor. The auditor's independence from the subject of the audit is a matter of course!
The role of the cyber security auditor is incompatible with the performance of the roles of cyber security manager, cyber security architect, operator of communication and information systems or the role of asset guarantor.
Functions and tasks of the cyber security auditor:
- In cooperation with the Cyber Security Manager he participates in audit planning;
- Evaluates the compliance of implemented security measures with the requirements;
- Provides independent feedback on the effectiveness of the information security system;
- Based on the findings during the audit, it draws conclusions and documents the results.
Course Objectives
- Plan and prepare an audit
- Evaluate the obtained outputs and implement measures
- Prepare an audit report and implement corrective actions
- Prepare a differential analysis of IS against the requirements of the Act on Cyber Security
Key responsibilities
This course contains the recommended requirements for cyber security management and security roles listed in § 6 and 7. You will learn the key activities required to perform the role of Cyber Security Auditor, which defines:
Decree on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on cyber security)
a) Methodology and frameworks of information security audit.
b) Internal audit processes and procedures.
c) The role and function of internal audit.
d) ICT security audit process.
e) Strategic and tactical management of ICT.
f) Acquisition, development and deployment of ICT.
g) Management of ICT operation, maintenance and services.
h) Asset protection.
i) Cyber security assessment, testing and sampling methods.
j) Relevant legislation.
k) ICT security.
Benefits for the organization
Today, more than 80% of the most important and up-to-date data is found by end users
The law is nothing more than a clear manual of proactive security. The biggest changes are in the approach to asset protection. Security must be seen as part of a comprehensive organization management system.
Meeting legislative requirements does not necessarily mean investing in new security products and technologies. The law requires the implementation and regular audits of the Information Security Management System. The key pillar is the correct setting of the security policy and its subsequent implementation / auditing across the organization.
Your security team
The roles listed below will save companies and organizations the time and costs associated with implementing Cyber Security requirements. Clear implementation of the requirements of the Cyber Security Act step by step. You can easily manage the whole project yourself.
Cyber Security Manager
You do not need to know where you come from, you need to know where you are going to adequately manage cyber protection.
Cyber Security Architect
Proactive security (implemented and functional) is less expensive than reactive. Learn to build architecture.
Cyber Security Auditor
Internal audits maintain better protection against cyber attacks. Gain the know-how of a Cyber Security Auditor.
Agenda
09:00 - 10:30
ISMS
- Cyber security audit
- Evaluation of the effectiveness of the measures taken
- Assessment of controls, audits and impacts of incidents on the system
- Update of risk assessment report, security policy and other plans
Risk management
- Identification and evaluation of assets
- Establish criteria for threat assessment
- Declaration of applicability, risk management plan, benefits of measures
Safety requirements
- Politics
- Organizational security
- Terms and conditions and recommendations
- The role of suppliers in the development, operation and management of IS
Asset management
- Asset protection audit
- Dependence of primary and ancillary assets
10:30 - 10:45
Coffee Break
10:45 - 12:15
Human resources security
- Role audit
- Rights and obligations
- Policy control by users, administrators
Traffic and communication management
- Analysis of the rights and obligations of persons
- Audit and evaluation of the information obtained
- Assessment of the impacts of reactive measures on IS
Access control and secure user behavior (A)
- Audit of access to systems
- Results of vulnerabilities and potential exploits
Analysis, development and maintenance
- Identification, assessment and management of risks
- Risk assessment and management procedures, methodology
- Safety testing of changes before commissioning
12:15 - 13:15
Lunch | Lunch menu
13:15 - 15:00
Cyber Events and Incidents Management
- Investigation and causes of incidents
- Classification of incidents and events
Business continuity management
- Investigation and causes of incidents
Cyber Security Audit
- Documentation, policies and results
- Audit by a professionally qualified person
- Vulnerability control and evaluation
15:00 - 15:15
Coffee Break
15:15 - 16:00
Conclusion
- Summary
- Additional questions
16:00 - 17:00
Certification
- Exam
The basis of the Cyber Security Act is the ISMS (Information Security Management System).
- Block duration 90 minutes
- Hours 8 hours
- Refreshments Yes
- Exam Yes
Prerequisites
Basic knowledge of ISMS (Information Security Management System) according to ISO / IEC 2700
Jiří Diepolt
Komplexní zkušenosti v IT a informační bezpečnosti získal v manažerských rolích ve společnostech ICL, IBM a KPMG. Následně působil druhé straně "barikády" působil v NEY spořitelním družstvu v roli CIO. Držitel certifikátů ISO27001 auditor, PRINCE2, ITIL, CIA a CISA, má rozsáhlé praktické zkušenosti v oblasti ISO 27001, DORA a NIS2. Konzultant a auditor v oblasti IT a bezpečnosti, virtuální CISO.
Jiří upřednostňuje interaktivní přístup ke školení, který zahrnuje praktické workshopy, případové studie a simulace. Dokáže jasně a stručně komunikovat složité koncepty, což umožňuje snadnou aplikaci EU nařízení DORA, NIS2, GDPR a další. Jeho pragmatický přístup a důraz na praktické znalosti z něj činí vyhledávaného auditora a trenéra.
Lucie Balýová
Problematice ochrany osobních osobních údajů se věnuje již více než 10 let, a to zejména s ohledem denní užívání v praktické aplikaci, provádění auditů ochrany osobních údajů, lektorské a poradenské činnosti. V advokátní praxi se zaměřuje nejen na ochranu osobních údajů, ale také na IT právo a kybernetickou bezpečnost, kdy se jednotlivé specializace zásadně doplňují pro řešení konkrétních případů.
Lucie hojně publikuje v odborných periodikách, je členkou odborného spolku gdpr.cz a autorkou několika odborných knih, a často se vyjadřuje k dotazům problematiky osobních údajů, IT práva či kybernetické bezpečnosti a vyučuje i na několika vysokých školách.
Jan Cuřín
Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.
- Cyber Security standard author
- Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
- Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067
Certification
Cyber Security Auditor | ISO 17024 accreditation
Certification Exam
Preparatory course including certification, which is defined by Decree No. 82/2018 Coll.
The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll. on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on Cyber Security)
As part of the certification, they must demonstrate practical knowledge and skills to implement the ISMS (Information Security Management System) so that it meets legislative requirements and at the same time is in accordance with the ISO / IEC 27001 standard in the current valid version.
Test information
- Number of uestions: 30
- Pass mark: 60%
- Certificate validity: 3 years
- exam language Czech
VFN | Auditor ZoKB
Vaše hodnocení
Proč TAYLLORCOX
IPSOS | Manager
Graduate ratings
Excellent review ☆☆☆☆☆ from 379 reviewers
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
- Jan B.
- 17.04.25
- ☆☆☆☆☆
Všechno proběhlo podle očekávání. Kurz byl srozumitelným měl jasný obsah a prezentaci. Dozvěděl jsem se pár nových věcí, což hodnotím také pozitivně. Lektorka mluvila jasně a srozumitelně, dobrý reakce na dotazy.
- Gabriel H.
- 10.03.25
- ☆☆☆☆☆
- PricewaterhouseCoopers Audit, s.r.o.
Zaujímavý a prínosný kurz.
- Jitka V.
- 07.02.25
- ☆☆☆☆☆
Lucka byla moc fajn a plno prikladu z praxe, to bylo super.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Lidské vysvětlení problematiky, předání praktických rad a zkušeností. Pauza, odlehčení, důraz na řízení lektorem přiměřeně dle reakcí. Opravdu výborný kurz.
- Kamila F:
- 27.03.24
- ☆☆☆☆☆
- AGORS plus a.s.
Kurz je praktický zaměřený, školený člověkem, který dobře rozumí problematice.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Rychlé, ale přínosné. Dobrý přehled.
- Matouš P.
- 27.03.24
- ☆☆☆☆☆
- Datacons s.r.o.
Velmi přátelský přístup školitele. Aktualizace vědomostí kybernetické bezpečnosti.
- Helena N.
- 27.03.24
- ☆☆☆☆☆
Kurz splnil moje očekávání.
- Petar S
- 27.03.24
- ☆☆☆☆☆
- Aplis Solutions s.r.o.
Excelentní výklad velmi obsáhlé problematiky s důrazem na praktičnost a aplikovatelnost.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Velmi dobrý vhled do problematiky auditu vztažený ke kybernetické bezpečnosti. Nemám co bych vytkl.
View the next 10 reviews of our graduates
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
