5-Day Training on Information Security for Auditors

Course Outline:

Information Technology (IT) is an integral component of modern enterprises. To be effective, auditors need substantial knowledge of IT systems, IT operations and associated risks. This is essential to enable the auditor make effective assessments of the said risks and necessary controls to help mitigate those risks. Information security is a major risk to information in IT systems. It is essential for auditors to understand information security issues, the risks thereof and means of protecting the information.
This course introduces information security concepts and how they relate to audits. Participants will learn information security terminology; principles of information protection, risks associated with information on ICT systems and mitigation controls. This is in addition to learning to perform information security-related audits


Expose existing and emerging practices in information security and their application to Audits. Specifically, the course will:

  • Examine the “why, what, when, how and who” aspects of information security
  • Establish the relationship between information security risks, IT governance and enterprise risk management
  • Show the need for systematic approaches to information protection and associated controls
  • Illustrate practical steps towards sound information security management and information security auditing
  • Illustrate how to plan, develop and implement IT and cybersecurity audits in an organization
Why should you attend?
  • Understand the why, what, when and how of information security in today’s world
  • Appreciate the value of systematic approach to information security management and effective information security controls
  • Understand the information security as it relates to audits
  • Know how to audit information security processes, plans and programmes
Who should attend?
  • Managers & operations personnel responsible for risk management, technology, human resource, administration and facilities
  • Operations personnel responsible for BCP and DRP
  • Officials of public and private sectors, as well as agencies concerned with BCM and crisis management
  • Project managers
  • Public relations and corporate communications managers
Day One – 1
  • Overview of information security
  • The threat landscape and implication on cybersecurity
  • Information security in organizations
  • Information Security & cybercrime
  • Information Security & Risk Management
Day Two – 2
  • Information security governance & corporate governance?
  • Why IS governance? Illustrations of IS governance? IS governance frameworks?
  • IS Governance & Audit
  • IS Governance, Risk and Compliance
Day Three – 3
  • IS audit: definitions, scope & process
  • IS audit versus IT Audit
  • IT audit, including auditing automated systems
  • Information security audit process
Day Four – 4
  • Types of IS Audits: policy, application, infrastructure, processes, etc.
  • Vulnerability management, ethical hacking, change management, incident management
Day Five– 5
  • Change management
  • Reporting auditing outcomes and presenting results
  • Forming audit opinions; reporting and report overview
  • Report format and what forms a well presented audit report; Presenting results
Your Investment

1100 (KES 130,000) for in-class training; $500 (KES 65,000) for online classes (NB: these charges do not include taxes).

Phone No. :

+254 101 915 260


Previous Participant Comments
  • Great insights on information security and how to audit information security systems; informative with practical and relevant examples; good and well-executed; an eye opener to link between Audit and cybersecurity.
  • It clarifies us on IT risk management and related auditing; knowledgeable trainers. Well-presented and offers greater value than was advertised. Amiable instructors and great practicals for participants