Auditing your Organization’s Cyber Security Posture in a Rapidly Changing World
Auditing an Organization’s Cyber Security Posture will be jointly presented by an internal audit (IA) specialist, an IT security professional and the City of Ottawa’s Deputy Auditor General (DAG). The presentation is designed to provide participants with practical insight and tools to address the increasing sophistication of cyber-attacks. The presentation walks through the City’s highly successful Audit of IT Security Incident Handling and Response so that participants can learn about the real-life application of audit techniques and tools including active testing.
The presentation will begin with Ottawa’s DAG describing the November 2014 hacker attack attributed to Anonymous. Our internal audit specialist will walk through the Office of the Auditor General’s strategy to address fundamental questions around the City’s cyber-protection and response posture. Building on this foundation, our internal audit specialist and IT security expert will explore the roles of IA and present strategies and approaches for assessing the maturity of an organization’s cybersecurity posture, including tactics to identify gaps and weaknesses in the PDRR regime, IT security governance, and processes. We explore the themes of Prevention, Detection, Response and Recovery (PDRR) and introduce how they apply to an effective security program. Our IT security expert will also deconstruct the threat landscape; participants will hear first-hand stories of security incidents & vulnerabilities impacting Canadian organizations. Participants will be provided with pragmatic tools and offered techniques for providing assurance over technical/sensitive areas and learn how active testing techniques can be a viable & economical source of audit evidence. The presenters will close by reviewing variety of practical challenges and lessons learned.