Cybersecurity Audit School - ITG250


This course covers cybersecurity risks, control design and protection measures, cybersecurity program execution, warning signs, audit, and investigative techniques.

Learning Options

Below are the available learning options for this course:


Online On-Demand

This course is available through AuditPro — a subscription-based, on-demand learning platform. As a subscriber, you will have access to an ‘all you can watch’ library of courses that are built in alignment with the National Association of State Boards of Accountancy (NASBA) standards.

Learn more & subscribe

Enterprise Solutions

Tailored Experience

Bring this course to your organization at your convenience. ACI Learning can deliver this instructor-led course for your team at a chosen location or virtually. Alternatively, choose the topic(s) you need and ACI will craft a training solution to keep your team future-proof.

Customize your training

NASBA Certified CPE

32 Credits


Why you should take this course

For users with an introductory knowledge of this topic, and are searching for additional information and its application.

Who should take this course

Auditors and IT professionals seeking a foundational understanding of cybersecurity.


  • Introduction to Information Security
  • or equivalent experience

1.    Cybersecurity Overview

    Cybersecurity key concepts

    Cybersecurity history and breaches

    Types of cyber-attacks - human

    Types of cyber-attacks – technical

    Cybersecurity frameworks, standards, and regulations

    NIST framework and standards

    Industry frameworks (PCI, HIPAA, CIS CSC, ISO/IEC)

    Cybersecurity oversight, governance, and compliance

    Security policies

    Security risk management overview

    Threat analysis

    Security risk management in practice

2.    Asset Management

    Asset Identification and Inventory

    Third-party/service provider management

    Business impact assessment

    Configuration management and change control

3.    Cybersecurity Protection Techniques

    Defending business assets overview

    Identity and access management

    Authentication and authorization

    Vulnerability and patch management

    Security awareness

    Physical security

    Personnel security

    Computer networking fundamentals

    Network defenses

    Network security access controls

    Endpoint and system security configuration

    Endpoint and system security protection

    Application security

    Cloud and virtualization security

4.    Encryption, Digital Signatures, and Data Protection

    Encryption concepts

    Cryptographic algorithms

    Encryption – public key infrastructure

    Data protection techniques

    Data privacy controls

5.    Event Detection, Incident Response, and Recovery

    Logging, monitoring, and alerting

    Incident response (IR) planning

    Incident response (IR) testing

    Digital forensics

    Recovering data and systems

    Business continuity and contingency planning

6.    Auditing Cybersecurity

    The auditor’s role

    CISO’s role

    Establishing audit scope

    Building the audit plan

    Cybersecurity evaluation methods

    Vulnerability assessments, scanning and testing

    Penetration testing

    Security maturity models (CMMI)

    Auditing using NIST frameworks

    Auditing with other security frameworks and standards

    Auditing cybersecurity using the payment card industry (PCI)

    Cybersecurity auditing examples

7.    Audit Evidence and Reporting

    Collecting and organizing cybersecurity evidence

    NIST reporting requirements

    Prioritizing risks and influencing decisions

8.    Course Wrap-up

    Course summary and conclusion

  • Understand security fundamentals, including core security principles, critical security controls, and best practices for securing information technologies, operations, and data. 
  • Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. Assess common cybersecurity risks, threats, and vulnerabilities in the management of cybersecurity and IT audit programs. 
  • Evaluate an organization’s technical, operational, and management infrastructure against common security principles and compliance controls 

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: