The cybersecurity auditor reviews the functioning of information security management systems in organisations under requirements set in compliance with the valid legislation or, where applicable, with the organisation’s policies, standards, and guidelines. Based on their findings, they prepare an audit report and present their suggestions for improvement.
It is a security role responsible for conducting cybersecurity audits. This role may be performed by a person who has been trained for this activity and who demonstrates professional competence through experience in conducting cybersecurity audits or information security management system audits. The certificate proving professional competence of security roles complies with ISO 17024 requirements which are defined by Decree No. 82/2018 Coll.
The course will present to you the elements of implementation and operation of the information security management system under the Act on Cyber Security (Act No. 181/2014 Coll.) and Decree No. 82/2018 Coll., on Cyber Security. In the course, you will also familiarise yourself with the following tasks:
- Audit planning depending on the specific criteria of the audited organisation;
- Conducting the audit and keeping documentation on its progress according to established methodologies;
- Evaluation of the findings collected in the audit and their comparison with audit criteria;
- Communicating the audit findings and suggestions for improvement;
- Preparation of final audit reports;
- Reviewing the effectiveness of the adopted measures – follow-up audit; and
- Preparation and execution of repeated audits.
The course concludes with a certification exam (test) and complies with all the requirements of the Act on Cyber Security; the graduates of the course will, therefore, meet the relevant legislative requirements. The course is fully compliant with ISO 17024.
- The information security management system under the Act on Cyber Security (system and asset scope, security documentation, organisational and technical measures);
- ISMS security policies and their impact on technical measures;
- Asset and risk management (risk management plan, design and implementation of risk management measures, risk and vulnerability criteria);
- Mandatory and recommended documentation and its content;
- Organisational security (role determination);
- ISMS operation; and
- Audit principles (ISO 19011 standard)
Vladimír Karas began working in cybersecurity in the mid-1990s. Currently, he is a certified ISMS lead auditor, a lecturer and auditor under the Act on Cyber Security, an ITSM lecturer in accordance with ISO 2000-1 and ITIL-4, a lecturer and auditor under ISO 22301, and a certified GDPR DPO lecturer.
Date and time: 21. and 22. 4. 2022, from 9 am to 5 pm. Certification exam (test): 22. 4. 2022, from 5 pm to 7 pm.
Venue: Deloitte, Churchill I, Italská 2581/67, Prague 2
Registration fee: CZK 13 000 + 21 % VAT, CZK 15 730,00 incl. VAT