Elevating Your Audit Strategy: Insights from the CRF Audit Framework

  • Tuesday, 13 Aug 2024 1:00PM EDT (13 Aug 2024 17:00 UTC)
  • Speaker: James Tarala

In an age where cybersecurity threats are ever-present and the regulatory environment is constantly shifting, establishing robust and strategic audit practices is crucial for safeguarding organizational integrity. The SANS Institute is proud to present "Elevating Your Audit Strategy: Insights from the CRF Audit Framework," a webcast designed for individuals committed to enhancing their organization's cybersecurity through effective audit strategies.

In this webcast, James Tarala, Senior Faculty at the SANS Institute and Managing Partner at Cyverity, will offer an in-depth exploration of the Cybersecurity Risk Foundation's Audit Framework (AF), providing participants with a structured approach to cybersecurity audits that not only meet compliance requirements but are also intricately aligned with their organization's cybersecurity goals. Attendees will gain comprehensive insights into formulating an audit program that bridges the technical aspects of cybersecurity with overarching business objectives, ensuring a balanced and effective strategy.

The webcast will cover the significance of the CRF Audit Framework in improving security postures, along with practical strategies for executing cybersecurity audits tailored to an organization's unique risk landscape and business aims. It will also touch upon the utilization of the Institute of Internal Auditors' (IIA) Three Lines Model for streamlined risk management and control and offer guidance on choosing audit types that best suit organizational needs for enhanced cybersecurity and regulatory adherence.

Moreover, participants will receive expert advice on crafting and sustaining a flexible, prioritized audit plan that evolves in response to new cyber threats and business dynamics. This session is poised to equip CISOs, IT professionals, and executive leaders with the essential strategies and insights required to refine their audit approaches, turning them into a pivotal element of their cybersecurity defense and organizational resilience strategy.

This webcast supports concepts from LDR419: Performing a Cybersecurity Risk Assessment.