Skip Ribbon Commands
Skip to main content
The Institute of Internal Auditors North AmericaBreadcrumb SeparatorLearning and EventsBreadcrumb SeparatorCoursesBreadcrumb SeparatorAssessing Cybersecurity Risks: The Three Lines Model
Course Description Course Outline Bring Us On Site  

Assessing Cybersecurity Risk: Roles of the Three Lines of Defense

Course Description
With the frequency and severity of cyberattacks on the rise, there is a significant need for improved cybersecurity risk management. Cybersecurity concerns have a tremendous impact on overall organizational strategy, and must be considered holistically and systemically. The effects of cybersecurity failure can range from an inability to conduct basic transactions to a loss of intellectual property and reputational damage; therefore, it is imperative that internal auditors understand their role in support of an organization’s cyber-related initiatives. Learners will gain an understanding about cybersecurity and the controls required to mitigate threats, distinguish the roles of the three lines of defense in cybersecurity, and increase their knowledge about audit approaches to cybersecurity. The course elaborates on planning and performing an engagement by addressing key risks.
Learning Objective(s):
  • Define cybersecurity.
  • List the various types of cyber threats and controls.
  • Describe the cybersecurity risk assessment framework.
  • Describe the roles of the three lines of defense in cybersecurity.
  • Identify the different audit approaches to cybersecurity.
  • Describe the impact of the chief audit executive’s (CAE’s) role and the board of directors’ role in cybersecurity. 
Course Duration: 1 day(s)
CPEs Available: 1.5
Knowledge Level: Basic
Field of Study: Auditing
Advance Preparation: 
Delivery Method: QAS Self-Study