Module 1: Introduction
- Digital Asset Protection
- Lines of Defense
- Role of Audit
- Audit Objectives
- Audit Scope
Module 2: Cybersecurity Governance
- Cybersecurity Roles and Responsibilities
- Security Frameworks
- Security Organization Goals & Objectives
- Cybersecurity Policy and Standards
- Cyber and Legal/ Regulatory Requirements
- Information Asset Classification
- Cybersecurity Insurance
- Cybersecurity Risk Assessment
- Cybersecurity Awareness Training & Education
- Social Media – Risk and Control
- Third-Party Assessment
- Service Providers
- Supply Chain Risk Management
- Performance Measurement
Module 3: Cybersecurity Operations
- Concepts and Definitions
- Threat and Vulnerability Management
- Enterprise Identity and Access Management
- Configuration Management / Asset management
- Change Management
- Patch Management
- Network Security
- Build and Deploy/Secure Authorization Process for Information Technology
- Incident Management
- Client Endpoint Protection
- Application Security
- Data Backup and Recovery
- Security Compliance
- Cryptography
Module 4: Cybersecurity Technology Topics
- Firewall and Network Security technologies
- Security Incident & Event Management (SIEM)
- Wireless Technology
- Cloud Computing
- Mobile Security
- Internet of Things (IoT)
- Virtualization Security
- Industrial Control Systems (ICS)
The Cybersecurity Audit Certificate Exam is an online, closed-book, remotely proctored exam. The exam covers four domains and includes a total of 75 questions. The number of questions in each domain is based upon the domain’s assigned weight. The chart on the right displays the domains and the weights assigned to them.
Cybersecurity Governance - 20%
Cybersecurity Operations - 45%
Cybersecurity Technology Topics - 30%
Cybersecurity and the audit role - 5%
