Back

Cursos

ENISA Profiles » Cybersecurity Auditor

Value: 1500 €

Timetable:

Monday, Wendsday and Thrusday from 18:00 H to 22:00 H

Format: Online

N. Hours: 30 H

During: 4 weeks

  • Alternative Title(s)
  • Information Security Auditor (IT or Legal Auditor)
  • Governance Risk Compliance (GRC) Auditor
  • Cybersecurity Audit Manager
  • Cybersecurity Procedures and Processes Auditor
  • Information Security Risk and Compliance Auditor
  • Data Protection Assessment Analyst
  • Summary Statement

Perform cybersecurity audits on the organisation’s ecosystem. Ensuring compliance with statutory, regulatory, policy information, security requirements, industry standards and best practices.

  • Mission

Conducts independent reviews to assess the effectiveness of processes and controls and the overall compliance with the organisation’s legal and regulatory frameworks policies. Evaluates, tests and verifies cybersecurity-related products (systems, hardware, software and services), functions and policies ensuring, compliance with guidelines, standards and regulations.

  • Deliverable(s)
  • Cybersecurity Audit Plan
  • Cybersecurity Audit Report
  • Main Task(s)
  • Develop the organisation’s auditing policy, procedures, standards and guidelines
  • Establish the methodologies and practices used for systems auditing
  • Establish the target environment and manage auditing activities
  • Define audit scope, objectives and criteria to audit against
  • Develop an audit plan describing the frameworks, standards, methodology, procedures and auditing tests
  • Review target of evaluation, security objectives and requirements based on the risk profile
  • Audit compliance with cybersecurity-related applicable laws and regulations
  • Audit conformity with cybersecurity-related applicable standards
  • Execute the audit plan and collect evidence and measurements
  • Maintain and protect the integrity of audit records
  • Develop and communicate conformity assessment, assurance, audit, certification and maintenance reports
  • Monitor risk remediation activities
  • Key Skill(s)
  • Organise and work in a systematic and deterministic way based on evidence
  • Follow and practice auditing frameworks, standards and methodologies
  • Apply auditing tools and techniques
  • Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls
  • Decompose and analyse systems to identify weaknesses and ineffective controls
  • Communicate, explain and adapt legal and regulatory requirements and business needs
  • Collect, evaluate, maintain and protect auditing information
  • Audit with integrity, being impartial and independent
  • Key Knowledge
  • Cybersecurity controls and solutions
  • Legal, regulatory and legislative compliance requirements, recommendations and best practices
  • Monitoring, testing and evaluating cybersecurity controls’ effectiveness
  • Conformity assessment standards, methodologies and frameworks
  • Auditing standards, methodologies and frameworks
  • Cybersecurity standards, methodologies and frameworks
  • Auditing-related certification
  • Cybersecurity-related certifications
  • e-Competences (from e-CF)

B.3. Testing (Level 4)
B.5. Documentation Production (Level 3)
E.3. Risk Management (Level 4)
E.6. ICT Quality Management (Level 4)
E.8. Information Security Management (Level 4)

Documentação

Para mais informação, contacte-nos:

    * Campo obrigatório