Cybersecurity - A Guide for Accountants

Course Description:

The ease of access to and rapid flow of information makes cybercrime different from real-world crimes. For example, the transformation of crime with the establishment of the computer and networked technologies leads to the shift of target from more tangible to less tangible forms in values of wealth; from things to ideas expressed in informational sources. Cybersecurity is a complex and ever-changing phenomenon. This course is designed to help you navigate the complexities of this field. It is divided into 4 parts:

Part I: Adopt A Security Mindset - Cybersecurity is not just about techniques, it is also about a mindset, which is critical to crime prevention efforts. Part I introduces the concepts and understanding of the field of cybersecurity. It discusses some common cybersecurity myths and explains how to address them, and identifies cybersecurity frameworks for managing risk and reducing vulnerabilities. It also describes different types of cyberattacks and threat sources.

Part II: Create A Security-Conscious Culture - Cybersecurity is only important to an organization if the board and management make it so. A successful cybersecurity program requires ongoing governance. Part II explains how to design and implementation of a holistic IT governance. It also provides guidance on how to develop an effective security policy.

Part III: Apply Security Countermeasures - Cybercriminals are constantly evolving their capability to exploit vulnerabilities inherent in the global business ecosystem.  Organizations need an innovative approach; allocating and prioritizing resources to effectively protect critical assets.  Part III discusses various strategies to help an organization advance to a high level of performance in its security ecosystem. It also includes recommended steps that organizations can take to address cloud privacy and security concern. Finally, it identifies key controls designed to protect data on portable devices and the network connected to the devices.

Part IV: Meet Regulatory Compliance - Compliance is challenging for many organizations, especially in heavily regulated industries such as healthcare and financial services. Understanding significant implications in the disclosure and governance of personal information reduces the risks of non-compliance, which may result in civil and criminal penalties, loss of public trust and reputation, and unnecessary down time. Part IV highlights key federal laws that concern cybersecurity and privacy and discusses examples of states that have enacted comprehensive consumer data privacy laws. It also describes some legal challenges in the cross-border data flow. It also reviews the major laws for regulating the healthcare and financial services industries.

Learning Objectives:

Upon successful completion of this course, participants will be able to:

• Recognize common cybersecurity misconceptions
• Identify the five functions of the NIST Cybersecurity framework
• Recognize the five states of the ITIL Framework
• Identify the main causes of the rise of cyber attacks
• Identify the objectives of IT governance
• Recognize the role of the board in cybersecurity
• Identify management activities associated with IT governance
• Recognize the key principles of the COBIT Framework
• Identify must-have security policies for every organization
• Identify the essential physical security measures
• Recognize the essential information technology security measures
• Identify cloud computing security measures
• Recognize mobile device security best practices
• Identify the significant federal regulations of data privacy and protection
• Recognize the key provisions of state privacy laws
• Identify the key provisions of the HIPAA
• Recognize the key requirements of the GLBA