Cyber security essentials for internal auditors

  • 9 September 2025 12:00 am - 12:00 am
  • Training course

This course will equip you with the essential knowledge and practical insights needed to identify, assess, and mitigate cyber risks.


In today's interconnected business landscape, the threat of cybercrime is not a distant possibility, but a persistent reality. For internal auditors in the UK, this means navigating an environment where financial records, sensitive customer data, and critical operational systems are constantly under potential attack.

With the ever-evolving nature of cyber threats, coupled with stringent UK regulations like the GDPR and the increasing reliance on digital technologies, it's crucial for auditors to possess a foundational understanding of cybersecurity.

This course is designed to equip you with the essential knowledge and practical insights needed to identify, assess, and mitigate cyber risks, ensuring your organisation's resilience and compliance in the face of a dynamic cyber threat landscape.


Course overview

  • Internal auditors

Upon completion you will be able to:

  • Understand core cybercrime and cybersecurity concepts
  • Recognise key cyber threats and vulnerabilities
  • Identify essential security controls and best practices
  • Understand the auditor's role in assessing basic cyber risks within the UK regulatory
    context.

Module 1: Cybercrime and Security Fundamentals
• What is Cybercrime? (Concise definition, key examples: phishing, ransomware, data
breaches)
• Why Cybersecurity Matters for Auditors:
o Impact on financial/operational integrity.
o Regulatory focus (UK GDPR).
o Reputational risk.
• Core Security Concepts: CIA triad 

Module 2: Key Cyber Threats and Vulnerabilities
• Phishing and Social Engineering:
o Recognition, impact, and the human element.
• Ransomware:
o Basic understanding and impact.
• Data Breaches:
o Common causes, focusing on internal risks.
• Brief overview of cloud and mobile risks.
• AI & Deepfakes – social engineering & bypassing controls.
• Remote working and public Wi-Fi

Module 3: Essential Security Controls and the Auditor's Role
• Key Controls:
o Password management and MFA (emphasise importance).
o Access control (principle of least privilege).
o Remote working securely (including Wi-Fi).
o AI considerations & controls.
o Endpoint Security.
o Data backup (brief overview).
o Software Patching.
The Auditor's Role:
o Assessing control effectiveness (practical examples).
o Understanding UK GDPR and NCSC guidance.
o Reporting considerations.
o How to ask the correct questions.

Q&A

  • Environment (Information technology)

3 CPE points

Member
  • £310.00
Non member
  • £410.00

*Please note that the price for this training course is excluding VAT*