MSC 5708 IT/IS and Cybersecurity Auditing

Determining whether information systems are protected, controlled, and provide value to the organization is an essential part of the auditing process. This course focuses on the standards, principles, methods, guidelines, practices, and techniques that an auditor uses to plan, execute, assess, and review business or information systems and related processes also impacting cybersecurity. Various forms and levels of assurance such as assessments, certifications, continuous monitoring, and audits will be covered in this course. Students will learn the distinct roles of entities like internal audit, cybersecurity management and external third parties, how to conduct an audit in accordance with IS audit standards and a risk based IS audit strategy, communicate progress, findings, results, and recommendations, and conduct an internal & external audit follow-up to evaluate whether risks have been sufficiently addressed. Identifying opportunities for process improvement in the organization's policies and practices is also covered during this course.