Computing, IT Systems, and Emerging Technologies Indonesia

Cybersecurity Audit and Control Testing Training Course

Cybersecurity audit and control testing has become a board-level discipline as organizations face expanding cloud footprints, identity sprawl, and AI-assisted attack techniques that expose weak access, change, and logging controls faster than many teams can respond. Cybersecurity audit and control testing is the structured evaluation of security controls, evidence, and control effectiveness against agreed requirements and risk expectations. It enables professionals to test design and operating effectiveness, document defensible findings, and support remediation planning. In practice, that means working with frameworks such as ISO/IEC 27001:2022 and CIS Controls v8, while using evidence from tickets, logs, configurations, and vendor records to verify whether controls actually work. This course is built for cybersecurity auditors, IT auditors, GRC analysts, internal audit professionals, and security compliance leads who need to turn fragmented control information into audit programs, test scripts, and clear recommendations. You will leave with practical outputs such as a control test plan, evidence request list, risk-rated findings, and a concise audit report that supports executive decision-making and compliance readiness.

Duration
5 Days
Duration
Certificate
Certificate
Included
Delivery
Instructor-Led
Delivery
Level
Intermediate
Level
Download Brochure

Choose Your Preferred Training Format

Training Options

Reserve Your Spot Today — Pay When You're Ready!

Classroom Training

In-person sessions at premier locations

Nairobi Kenya
Mon - Fri
5 Days
USD 1,600
View Sessions
Kigali Rwanda
Mon - Fri
5 Days
USD 1,900
View Sessions
Dubai United Arab Emirates (UAE)
Mon - Fri
5 Days
USD 4,100
View Sessions
Zanzibar Tanzania
Mon - Fri
5 Days
USD 2,400
View Sessions
Customized Content
Team Training
Flexible Dates

In-person training at our premier venues — pick a city and date that works for you.

Location Duration Fee Language
Nairobi, Kenya Mon - Fri (5 Days) USD 1,600 English See dates & reserve →
Kigali, Rwanda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Dubai, United Arab Emirates (UAE) Mon - Fri (5 Days) USD 4,100 English See dates & reserve →
Zanzibar, Tanzania Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Abuja, Nigeria Mon - Fri (5 Days) USD 2,800 English See dates & reserve →
Addis Ababa, Ethiopia Mon - Fri (5 Days) USD 2,400 English See dates & reserve →
Mombasa, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →
Cape Town, South Africa Mon - Fri (5 Days) USD 3,900 English See dates & reserve →
Johannesburg, South Africa Mon - Fri (5 Days) USD 3,500 English See dates & reserve →
Kampala, Uganda Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Pretoria, South Africa Mon - Fri (5 Days) USD 3,300 English See dates & reserve →
Lagos, Nigeria Mon - Fri (5 Days) USD 2,500 English See dates & reserve →
Arusha, Tanzania Mon - Fri (5 Days) USD 2,000 English See dates & reserve →
Dar es Salaam, Tanzania Mon - Fri (5 Days) USD 1,900 English See dates & reserve →
Accra, Ghana Mon - Fri (5 Days) USD 3,800 English See dates & reserve →
Bangalore, India Mon - Fri (5 Days) USD 4,200 English See dates & reserve →
Muscat, Oman Mon - Fri (5 Days) USD 4,300 English See dates & reserve →
Naivasha, Kenya Mon - Fri (5 Days) USD 1,700 English See dates & reserve →

Live, instructor-led sessions you can join from anywhere — pick the next start date below.

Code Start Date End Date Duration Fee
No Data

Our instructor comes to your office — same curriculum and accredited certificate, with case studies built around the work your team actually does.

Team Training

Train your entire team together in a familiar environment for better collaboration

Fully Customized

Content tailored to your industry, tools, and specific business challenges

Cost Effective

Save on travel & accommodation costs when training multiple employees

Flexible Scheduling

Choose dates that work best for your team's availability and projects

How It Works
1
Request a Quote

Tell us about your team size, preferred dates, and training goals

2
Get a Custom Proposal

Receive a tailored training plan and competitive pricing within 24 hours

3
We Come to You

Our certified trainer arrives ready to deliver impactful, hands-on training

Ready to upskill your team on Cybersecurity Audit and Control Testing Training?

No commitment required · Response within 24 hours

What You'll Master in This Training

Built by industry pros — practical insights, real-world examples, and strategies you can apply immediately.

Module 1: Cybersecurity Audit Foundations

  • Cybersecurity audit purpose and assurance boundaries
  • Internal audit lifecycle for security reviews
  • ISO/IEC 27001:2022 control context
  • CIS Controls v8 as audit reference
  • Exercise: Draft a cybersecurity audit scope statement
  • Risk assessment inputs for control testing
  • Asset criticality and threat prioritization
  • Control universe and audit universe alignment
  • MITRE ATT&CK threat mapping for audit focus
  • Exercise: Build a risk-based audit plan
  • Control objectives and expected outcomes
  • Preventive, detective, and corrective control types
  • Access control design review
  • Change management design review
  • Exercise: Create a control design assessment matrix
  • Evidence quality, completeness, and traceability
  • Sampling approaches for audit testing
  • Logs, tickets, screenshots, and configuration exports
  • Chain of custody for digital evidence
  • Exercise: Produce an evidence request and sample log
  • Joiner, mover, leaver control checks
  • Privileged access review procedures
  • Multi-factor authentication verification
  • Service account and credential controls
  • Exercise: Build access control test scripts
  • Log management and retention controls
  • SIEM alert validation at an operational level
  • Incident response evidence and escalation paths
  • Endpoint and vulnerability management evidence
  • Exercise: Design a security operations test workbook
  • Shared responsibility model in cloud audits
  • Cloud configuration evidence and baseline checks
  • Third-party assurance reports and control attestations
  • Vendor risk and remediation follow-up
  • Exercise: Map cloud and vendor control dependencies
  • Risk ratings and finding narratives
  • Root cause and corrective action drafting
  • Remediation tracking and issue ownership
  • Continuous control monitoring dashboards at an operational level
  • Exercise: Write an audit report and remediation tracker

Drop Us a Query

Fill out the form below and we'll get back to you.

About the Course

Organizations do not need more generic security awareness. They need cybersecurity audit and control testing capability that can prove whether access controls, change controls, monitoring controls, and vendor safeguards are operating as intended. In this field, you must demonstrate evidence handling, control mapping, risk rating, audit scoping, testing rigor, and remediation tracking, all while working within ISO/IEC 27001:2022 expectations, CIS Controls v8 priorities, and internal audit standards. This course speaks directly to that need by focusing on the work products and decisions that make findings credible.

The course turns scattered audit knowledge into a practical system for planning, testing, and reporting on cybersecurity controls. You will practice building an audit scope, mapping risks to controls, designing test steps, collecting evidence, and drafting findings that decision-makers can act on. You will also be introduced to how AI-assisted log review, automated evidence collection, and continuous control monitoring shape modern control assurance, while the hands-on work stays grounded in realistic audit artefacts. What you will learn: how to plan a cybersecurity audit, test control design and operating effectiveness, evaluate evidence against security requirements, and write defensible findings with clear remediation actions. You will practice control matrices, test scripts, evidence logs, and issue registers, and you will be introduced to continuous monitoring and automation at an operational level rather than full implementation depth.

Delivery constraints matter in this domain because many teams work with limited tool access, mixed documentation quality, and competing compliance deadlines. This course is designed for professionals who must deliver accurate control testing under time, budget, and stakeholder pressure while keeping the audit trail clean and usable. It reflects the reality of remote evidence collection, cloud service dependencies, and security teams that need concise reporting for both technical and executive audiences.

Target Audience

This course is designed for professionals who already work with security controls, audit evidence, or compliance reporting and need a more structured way to test and document cybersecurity control effectiveness.

  • Cybersecurity Auditor reviewing access, logging, and endpoint controls
  • IT Auditor testing configuration, change, and privileged access controls
  • GRC Analyst mapping risks to cybersecurity control requirements
  • Internal Audit Manager overseeing audit scope and issue tracking
  • Information Security Compliance Lead preparing evidence for assurance reviews
  • SOC Analyst supporting log evidence and monitoring control validation
  • Identity and Access Management Specialist testing authentication and provisioning controls
  • Cloud Security Analyst checking cloud configuration and shared responsibility controls
  • Risk and Control Analyst rating findings and remediation priorities
  • Third-Party Risk Analyst reviewing vendor security evidence and control attestations

Course Objectives

This course equips you to plan, execute, and report cybersecurity audit and control testing initiatives that strengthen assurance, support compliance, and improve control accountability.

  • Assess the current control environment using ISO/IEC 27001:2022 and CIS Controls v8.
  • Apply risk-based audit scoping to access, change, logging, and vendor controls.
  • Build a cybersecurity control matrix with evidence sources, test steps, and owners.
  • Create control test scripts for design and operating effectiveness testing.
  • Evaluate evidence against audit criteria using sampling, logs, tickets, and configuration exports.
  • Navigate stakeholder and compliance requirements across security, IT operations, and third parties.
  • Implement measurable control-testing KPIs using issue aging, exception rates, and remediation status dashboards.
  • Synthesize audit results into a risk-rated report and action-oriented findings memo.

Requirements & Prerequisites

Participants should have a working understanding of IT systems, cybersecurity basics, and risk or compliance concepts. Familiarity with access management, logging, change management, and security operations is helpful. No coding is required, but you should be comfortable reading control evidence such as screenshots, tickets, configuration exports, and policy documents. The course introduces AI-assisted review and automated monitoring concepts at an operational level, so no advanced data science background is needed.

Professional and Organizational Impact

When you lead cybersecurity audit and control testing with credible evidence and structured methods, you become a trusted driver of assurance and control maturity.

  • Build stronger control-testing discipline across access, change, and monitoring reviews.
  • Gain confidence in documenting evidence, exceptions, and audit trails clearly.
  • Strengthen your ability to test design and operating effectiveness separately.
  • Enhance reporting quality with concise findings, ratings, and remediation steps.
  • Develop practical skill with control matrices, test scripts, and issue logs.
  • Position yourself as a credible partner to security, audit, and compliance teams.
  • Expand your readiness for cloud, vendor, and continuous-control environments.

Organizations that embed cybersecurity audit and control testing into governance and operations reduce costs, mitigate risk, and build lasting assurance value.

  • Reduce control failures through earlier detection of access and change gaps.
  • Lower remediation cost by prioritizing high-risk findings and root causes.
  • Improve audit readiness through cleaner evidence trails and documented control ownership.
  • Strengthen compliance posture against ISO/IEC 27001:2022-aligned expectations.
  • Support better executive oversight with risk-rated findings and dashboards.
  • Limit third-party exposure by testing vendor control evidence consistently.
  • Improve response speed when exceptions are tracked, assigned, and monitored.

Training Methodology

This is a practical, outcome-driven course designed to turn cybersecurity audit and control testing aspiration into measurable action and credible reporting.

Methodology includes:

  • Hands-on calculation using a control effectiveness scorecard and issue-aging dataset.
  • Scenario simulation for a privileged-access failure during an audit fieldwork window.
  • Assessment using an ISO/IEC 27001:2022 control checklist and CIS Controls v8 mapping.
  • Stakeholder mapping of audit evidence flow across IT, security, compliance, and vendors.
  • Case study analysis from banking, healthcare, cloud services, and public-sector security teams.
  • Group workshop to produce a control test plan and risk-rated findings log.
  • Reflection exercise comparing current testing practice against benchmarked audit evidence standards.

Upcoming Sessions

Next available dates worldwide

No international sessions scheduled

Certification

Recognized credentials that advance your career

Participants who complete the Cybersecurity Audit and Control Testing Training Program earn a Trainingcred Certificate of Achievement, demonstrating professional competence and alignment with global standards in learning and development.

NITA Accredited

Accredited by the National Industrial Training Authority, ensuring programs meet nationally recognized standards of quality and relevance.

CPD Certified

Recognized by the CPD Certification Service, ensuring every program meets internationally benchmarked standards of professional excellence.

Each certification reflects practical expertise, strategic insight, and readiness to excel in today's competitive, fast-evolving workplace.

Why this course earns its place on your CV

Accredited training, practitioner trainers, and peers on the same career track — the three things real expertise is built on.

Effective Learning & Skill Development

  • Build expertise with structured, outcome-driven learning.
  • Equip individuals and teams with skills that grow with industry needs.
  • Reinforce learning through real-world scenarios, case studies and practical exercises.

Career Growth & Professional Advancement

  • Apply what you learn with a proven methodology that ensures lasting impact.
  • Develop immediately usable skills that translate directly into workplace success.
  • Gain the expertise needed for career advancement and leadership roles.

Training Optimization & Learning Excellence

  • Tailor training to industry-specific challenges and organizational goals.
  • Use data-driven insights and automation to enhance training effectiveness.
  • Evaluate progress and ensure long-term learning success.

Real Results from Real Professionals

Thousands of professionals have transformed their careers through our training programs. Now, it's your turn.

View All Reviews

Frequently Asked Questions

Got questions? We've gathered the answers to common queries to help you feel confident and informed.

You will gain practical skill in audit scoping, control matrices, evidence logs, test scripts, and risk-rated findings. The course also introduces ISO/IEC 27001:2022, CIS Controls v8, and operational use of logs, tickets, screenshots, and dashboard-style tracking for control testing.
This course is designed for cybersecurity auditors, IT auditors, GRC analysts, internal audit managers, and security compliance leads. It fits intermediate professionals who already understand IT or security basics and want to strengthen control testing, evidence handling, and audit reporting.
The course is delivered as a practical five-day program with hands-on exercises, scenario simulations, and structured workshop outputs. You will spend time on control matrices, evidence packs, and report drafting, with conceptual input used to support fieldwork rather than replace it.
You receive practical working materials such as a control matrix template, evidence request list, test script structure, finding log, and remediation tracker. These artefacts are designed for direct reuse in cybersecurity audit and control testing work, subject to local process adaptation.
You should arrive with working knowledge of IT systems, basic cybersecurity controls, and simple risk or compliance concepts. If possible, bring examples of access reviews, change tickets, or security logs from your own environment so you can apply the exercises to realistic evidence.

Trusted by 100+ organizations across 40+ countries

Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Premier Bank
Amnesty International
UNDT SACCO
UNFPA
USAID
AMREF Health Africa
KENTRADE
CPF
UFIA
UNICEF
Central Bank of Kenya
UNDP
GIZ
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University
Barbours
Bank of Rwanda
RFA
Dahabshil Bank
Dorcas Aid
Finn Church Aid
KCB Foundation
Ministry of Education Saudi Arabia
NSSF Uganda
RBA
Reserve Bank of Malawi
WASREB Kenya
Virginia Commonwealth University