Cyber Security Audit Certification Course

The Cybersecurity Audit Course provides audit/assurance professionals with the skills and knowledge needed to excel in audit cybersecurity processes, policies and tools, helping to ensure their organization has the infrastructure needed to prevent cyberthreats. This certificate also provides IT risk professionals with an understanding of cyber-related risk and mitigation controls.

Contents:

Day 1: Foundations & Governance

9:30 AM – 10:00 AM
Introduction & Workshop Objectives

Importance of cybersecurity: recent breaches and business impacts
10:00 AM – 11:00 AM
Session 1: Security Frameworks & Best Practices

Overview of major frameworks: NIST, ISO 27001, CIS Controls, COBIT
Mapping frameworks to organizational roles
Interactive case study: Matching controls to frameworks

11:00 AM – 11:15 AM
Break

11:15 AM – 12:15 PM
Session 2: Threat Assessment & Management

Understanding threat landscape: malware, phishing, APTs, insider threats
Methods of threat identification & profiling
Risk assessment methodologies (qualitative & quantitative)
Activity: Simulated threat modeling exercise

12:15 PM – 1:15 PM
Session 3: Authorization Processes & Governance

Principles of least privilege & need-to-know
Role-Based Access Control (RBAC); Attribute-Based Access Control (ABAC)
Policies & governance processes
Activity: Create an access policy template for a sample company

1:15 PM – 2:00 PM
Lunch Break

2:00 PM – 3:00 PM
Session 4: Asset, Configuration, Change & Patch Management Practices

Asset discovery & inventorying
Configuration management: baselining, secure configurations
Change management workflow: approvals, testing, rollout
Patch management: prioritization, testing, timely deployment

3:00 PM – 3:15 PM
Break

3:15 PM – 4:30 PM
Session 5: Enterprise Identity & Information Access Management (IAM)

IAM principles: Authentication, authorization, accounting
MFA, SSO, privileged account management
IAM lifecycle (onboarding, offboarding, audits)
Activity: Draft an IAM checklist for an onboarding process

4:30 PM – 5:00 PM
Q&A / Wrap-up and Day 1 Recap

Day 2: Audit, Compliance & Advanced Topics

9:30 AM – 10:00 AM
Recap & Day 2 Agenda Overview

10:00 AM – 11:15 AM
Session 6: Cybersecurity Audit

Audit types: internal, external, third-party, technical
Audit planning: scope, objectives, checklists
Gathering evidence & evaluating controls
Common audit findings and remediation approaches

11:15 AM – 11:30 AM
Break

11:30 AM – 12:30 PM
Session 7: Cyber & Legal Regulatory Requirements

Indian requirements: ITA 2000, DPDPA 2023, CERT-In guidelines
Global regulations: GDPR, HIPAA, PCI DSS, SOX
Data breach notification obligations
Mapping compliance to controls and documentation
Activity: Role-play on handling a regulatory inspection

12:30 PM – 1:30 PM

Lunch Break

1:30 PM – 2:45 PM

Session 8: Incident Response & Business Continuity Planning (additional core topic)

Incident detection, triage, communication, evidence preservation
Steps of incident response lifecycle (NIST model)
Planning and testing business continuity and disaster recovery
Activity: Simulated tabletop incident response exercise

2:45 PM – 3:30 PM

Session 9: Emerging Threats, Security Awareness & Human Factor (additional topic)

Social engineering, phishing, ransomware trends
Security culture and awareness programs
Mobile, IoT, and cloud-specific risks

3:30 PM – 3:45 PM

Break

3:45 PM – 4:30 PM

Session 10: Security Operations & Continuous Improvement (additional topic)

Security Operations Center (SOC) functions
Continuous monitoring: SIEM, alerts, logging
Vulnerability management and penetration testing
Metrics, KPIs, and reporting to management

4:30 PM – 5:00 PM

Final Q&A, Close

Speaker Profile:

· AI & ML Engineers

· Data Scientists & AI Enthusiasts

· Developers & Software Engineers

· Entrepreneurs & Product Managers

· Business Leaders Exploring AI Automation

Speaker Profile:

Shrikrishna Kulkarni possess more than 26+ years of diverse experience in Banking, Pharma, Manufacturing, Telecom(M&E), and consulting experience in Infrastructure, Cloud, Managed Security Services (MSS), IT Audit, SAP, HANA, technologies supporting infrastructure and applications domain.

Complex IT projects and issues that encompass a wide range of internal and external systems, components, and processes

· Cloud – Private, Public & Hybrid

· Application & infrastructure security

· Business continuity

· Project Management

· Pre-Sales

· Audit & Compliance

Experience in BCP, IT DR solutions (Sanovi, Perpetuity) and Implementation, Crisis Management.

Designing “DRAAS” as Service, BCMS/ ISMS, IT Service Continuity.

Implementation Experience includes BCP/DR Planning, Impact Analysis on Business, Database Replications Solutions, DR automation solutions, Infrastructure and Applications DR for Complex projects in Pharma, Banking, Manufacturing, M&E

Delivery: ZOOM Meeting

Contact Details :

Revati Khare || Deputy  Director
Email : revati.khare@bombaychamber.com
Mobile No : 9892029473