Cyber Security Auditor
A security role responsible for conducting a cyber security audit, which may be performed by a person who is trained in this activity and demonstrates professional competence in conducting cyber security audits or information security management system audits. The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll.
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget audience
The Role of the Cyber Security Auditor
The cyber security auditor performs his role impartially and the performance of his role is separate from the performance of the role of Cyber Security Manager, Architect and Guarantor. The auditor's independence from the subject of the audit is a matter of course!
The role of the cyber security auditor is incompatible with the performance of the roles of cyber security manager, cyber security architect, operator of communication and information systems or the role of asset guarantor.
Functions and tasks of the cyber security auditor:
- In cooperation with the Cyber Security Manager he participates in audit planning;
- Evaluates the compliance of implemented security measures with the requirements;
- Provides independent feedback on the effectiveness of the information security system;
- Based on the findings during the audit, it draws conclusions and documents the results.
Course Objectives
- Plan and prepare an audit
- Evaluate the obtained outputs and implement measures
- Prepare an audit report and implement corrective actions
- Prepare a differential analysis of IS against the requirements of the Act on Cyber Security
Key responsibilities
This course contains the recommended requirements for cyber security management and security roles listed in § 6 and 7. You will learn the key activities required to perform the role of Cyber Security Auditor, which defines:
Decree on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on cyber security)
a) Methodology and frameworks of information security audit.
b) Internal audit processes and procedures.
c) The role and function of internal audit.
d) ICT security audit process.
e) Strategic and tactical management of ICT.
f) Acquisition, development and deployment of ICT.
g) Management of ICT operation, maintenance and services.
h) Asset protection.
i) Cyber security assessment, testing and sampling methods.
j) Relevant legislation.
k) ICT security.
Benefits for the organization
Today, more than 80% of the most important and up-to-date data is found by end users
The law is nothing more than a clear manual of proactive security. The biggest changes are in the approach to asset protection. Security must be seen as part of a comprehensive organization management system.
Meeting legislative requirements does not necessarily mean investing in new security products and technologies. The law requires the implementation and regular audits of the Information Security Management System. The key pillar is the correct setting of the security policy and its subsequent implementation / auditing across the organization.
Your security team
The roles listed below will save companies and organizations the time and costs associated with implementing Cyber Security requirements. Clear implementation of the requirements of the Cyber Security Act step by step. You can easily manage the whole project yourself.
Cyber Security Manager
You do not need to know where you come from, you need to know where you are going to adequately manage cyber protection.
Cyber Security Architect
Proactive security (implemented and functional) is less expensive than reactive. Learn to build architecture.
Cyber Security Auditor
Internal audits maintain better protection against cyber attacks. Gain the know-how of a Cyber Security Auditor.
Agenda
09:00 - 10:30
ISMS
- Cyber security audit
- Evaluation of the effectiveness of the measures taken
- Assessment of controls, audits and impacts of incidents on the system
- Update of risk assessment report, security policy and other plans
Risk management
- Identification and evaluation of assets
- Establish criteria for threat assessment
- Declaration of applicability, risk management plan, benefits of measures
Safety requirements
- Politics
- Organizational security
- Terms and conditions and recommendations
- The role of suppliers in the development, operation and management of IS
Asset management
- Asset protection audit
- Dependence of primary and ancillary assets
10:30 - 10:45
Coffee Break
10:45 - 12:15
Human resources security
- Role audit
- Rights and obligations
- Policy control by users, administrators
Traffic and communication management
- Analysis of the rights and obligations of persons
- Audit and evaluation of the information obtained
- Assessment of the impacts of reactive measures on IS
Access control and secure user behavior (A)
- Audit of access to systems
- Results of vulnerabilities and potential exploits
Analysis, development and maintenance
- Identification, assessment and management of risks
- Risk assessment and management procedures, methodology
- Safety testing of changes before commissioning
12:15 - 13:15
Lunch | Lunch menu
13:15 - 15:00
Cyber Events and Incidents Management
- Investigation and causes of incidents
- Classification of incidents and events
Business continuity management
- Investigation and causes of incidents
Cyber Security Audit
- Documentation, policies and results
- Audit by a professionally qualified person
- Vulnerability control and evaluation
15:00 - 15:15
Coffee Break
15:15 - 16:00
Conclusion
- Summary
- Additional questions
16:00 - 17:00
Certification
- Exam
The basis of the Cyber Security Act is the ISMS (Information Security Management System).
- Block duration 90 minutes
- Hours 8 hours
- Refreshments Yes
- Exam Yes
Prerequisites
Basic knowledge of ISMS (Information Security Management System) according to ISO / IEC 2700
Marek Mitáček
Accredited trainer, Workshop Leader, Coach, co-author of methodologies and TAYLLORCOX Toolkits (sets of templates and sample forms) for IT Service Management ITSM, Project Management PRINCE2 and cyber security according to ISMS ISO / IEC 27001 and ZoKB.
One of the very first IT auditors in the Czech Republic. His rich practice began in 1996 in the company. GiTyFurtherly spent almost 10 years as an ITIL implementer at Český Telekom and since 2007 he has been a key auditor, accredited trainer at the TAYLLORCOX certification body
- TAYLLORCOX
- Český Telekom
- GiTy - Interní Auditor / Consultant
Vít Lidinský
- Since 2012, he has been working as a forensic expert in the field of economics, prices and estimates, with a special specialization in information systems and personal data protection.
- For more than 5 years he was the head of the department. and Chief Executive Officer at the Ministry of Informatics, the Ministry of Foreign Affairs of the Czech Republic and the State Treasury Shared Services Center (ICT Departments).
- He graduated from the Faculty of Business and Economics, majoring in information management - CULS. Here he gradually obtained a master's (Ing.) And doctoral degree (Ph. D.)
Jan Cuřín
Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.
- Cyber Security standard author
- Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
- Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067
Certification
Cyber Security Auditor | ISO 17024 accreditation
Certification Exam
Preparatory course including certification, which is defined by Decree No. 82/2018 Coll.
The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll. on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on Cyber Security)
As part of the certification, they must demonstrate practical knowledge and skills to implement the ISMS (Information Security Management System) so that it meets legislative requirements and at the same time is in accordance with the ISO / IEC 27001 standard in the current valid version.
Test information
- Number of uestions: 30
- Pass mark: 60%
- Certificate validity: 3 years
- exam language Czech
VFN | Auditor ZoKB
Vaše hodnocení
Proč TAYLLORCOX
IPSOS | Manager
Graduate ratings
Excellent review ☆☆☆☆☆ from 332 reviewers
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
- Jan Klášterka
- 28.03.23
- ☆☆☆☆☆
- Všeobecná fakultní nemocnice
Skvělá praktická ukázka legislativy a perfektní zpětná vazba.
- Katarina S.
- 15.02.23
- ☆☆☆☆☆
Bylo to super.
- Richard S.
- 18.01.23
- ☆☆☆☆☆
S organizací a průběhem kurzu jsem spokojen. Kurz splnil mé očekávání. Dávám hodnocení "9" - vždy je co zlepšovat :-)
- Pavla N.
- 18.01.23
- ☆☆☆☆☆
- Bits4s s.r.o.
Výborné školení. Znalostně byl kurz na velice dobré úrovni.
- Pavel D.
- 14.12.22
- ☆☆☆☆☆
- mBank S.A.
Výborné a vyjasňujicí školení.
- GDPR Anonymizováno
- 14.12.22
- ☆☆☆☆☆
Vše bylo výborné, s kurzem jsem spokojen.
- Jan K.
- 19.10.22
- ☆☆☆☆☆
- Všeobecná fakultní nemocnice v Praze
Výborná úroveň, zkušený přednášející, získali jsme řadu praktických informací.
- Václav M.
- 19.10.22
- ☆☆☆☆☆
- Ministerstvo zdravotnictví
Výborné školení. Kladně hodnotím především uvedené odkazy na zdroje a praktické analogie do nonIT světa.
- GDPR Anonymizováno
- 19.10.22
- ☆☆☆☆☆
Výborný školitel s dlouholetou praxí vhodně prokládal své zkušenosti z praxe v průběhu výkladu, což vnímám za velmi přínosné.
- GDPR Anonymizováno
- 21.09.22
- ☆☆☆☆☆
Výborná organizace kurzu. Bohaté názorné příklady implementace.
View the next 10 reviews of our graduates
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
