Image by Adeolu Eletu

Cyber Security Audit and Assurance

Image by Adeolu Eletu

Cyber Security Audit & Assurance

Cyber Security Audit & Assurance is the verification that systems and processes meet the specified security requirements and that processes to verify on-going compliance are in place and are effective.

Only large organisations have Cyber Security Audit & Assurance specialists; most companies will bring in an external company to deliver the audit. If you work in a small organisation, you may audit the cyber security controls as part of a broader role - perhaps in Internal Audit, or within a finance team. But, wherever in the organisation you work, the requirements of auditing cyber security controls are the same.

It's important work, since even the most sophisticated cyber security controls will be ineffective if they're improperly installed or maintained. Errors are bound to be made; audit and assurance, when carried out professionally, is the last line of defence against such errors. You plan your own work in detail and are rigorous in following the plan.

Your core work focuses on verifying that the specified cyber security controls have been implemented in accordance with the risk management plan, the assessment of threats and vulnerabilities, and the value of the information and systems to be protected. Your attention to detail helps you spot potential

On the program learners will receive knowledge and skills relating to the following areas:

  • Cyber Security Management

  • Legal and Regulatory Environment

  • GDPR

  • Privacy and Online Rights

  • Data Protection Act 2018

  • Internal and Statutory Audit

  • Governance

  • Common Standards and Frameworks

  • NIST Cyber Security Framework

  • ISO/IEC 27001

  • Risk Management

  • Asset Management

  • Authentication, Authorisation and Accountability

  • Human Factors

  • Physical Security

  • Network Security

  • Secure Development Lifecycle

  • Supply Chain Security

  • Incident Management and Forensics

  • Monitoring System Performance

  • Security Policy and Procedure

inconsistencies in processes and policies. You follow formal methods to do this, but you're also imaginative in identifying likely points of failure and the most effective areas to investigate as exemplars of the controls. You work with other cyber security specialists to understand what controls they've designed and plan to implement, so that you know what you are going to audit.

It's very common for you to interview staff members, to learn of risks or issues present within the company.  You manage relationships carefully; you need to be both trusted and respected for your expertise and detached so that you maintain an independent view. When you've carried out an audit, you present the results clearly so that both technical staff and general management understand the key points. 

You understand legal and regulatory standards on data protection and privacy; in some organisations, there are other formal rules to follow, such as national security requirements or financial regulations. You understand these standards and rules, taking them into account when assessing the compliance of a system. You may work on projects involving complex issues such as advanced data analytics and IT governance. You may also play a role in delivering an organisation’s education and awareness programmes to target areas of non-compliance and embed security in business practices.

In some cases, you recommend system upgrades or decommissions, and provide the company with the cost/benefit analysis of your recommendation.

Depending on the size and services provided by the organisation for which you work, you may focus solely on the organisation’s own internal audit and assurance programme, or you may provide subject matter expert advice and guidance both internally and for external clients.

In a senior practitioner role, you provide leadership, direction and guidance on all cyber security and assurance issues, with the aim of improving the organisation’s control environments, reducing risk and optimising operational efficiency.

Entry Level Program
£4,250.00 (ex VAT)

Learners will receive...

  • British Computer Society (BCS) Certificate in Information Security Management Principles (CISMP) – 4-days Instructor led with exam voucher**

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Foundation Certificate – 2 days Instructor led with exam voucher

  • PECB Certified ISO/IEC 27002 Foundation Certificate – 2 days Instructor led with exam voucher

  • NIST Cyber Security Professional (NCSP®) Foundation Certificate – self-paced, eLearning with exam voucher**

** - NCSC Certified Training

Practitioner Level Program
£11,750.00 (ex VAT)

Learners will receive...

  • British Computer Society (BCS) Certificate in Information Security Management Principles (CISMP) – 4-days Instructor led with exam voucher**

  • PECB Certified ISO 31000 Risk Manager – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Implementer – self-paced, eLearning with exam voucher

  • PECB Certified ISO/IEC 27001 Lead Auditor – self-paced, eLearning with exam voucher

  • NIST Cyber Security Professional (NCSP®) 800-53 Practitioner Certificate – 5-days Instructor led with exam voucher**

  • Cyber Incident Planning and Response (CIPR) Certificate – self-paced, eLearning with exam voucher**

  • NIST Cyber Security Professional (NCSP®) ISO 27001 Specialist (Auditor) Certificate – 2-days Instructor led with exam voucher**

  • NIST Cyber Security Professional (NCSP®) 800-171 Specialist (Auditor) Certificate – 2-days Instructor led with exam voucher**

** - NCSC Certified Training