Cyber Security Auditor
A security role responsible for conducting a cyber security audit, which may be performed by a person who is trained in this activity and demonstrates professional competence in conducting cyber security audits or information security management system audits. The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll.
Virtual Training or e-Learning?
We offer flexibility. You can choose from our selection of in-class courses as well as online courses.
Try a live virtual courseTarget audience
The Role of the Cyber Security Auditor
The cyber security auditor performs his role impartially and the performance of his role is separate from the performance of the role of Cyber Security Manager, Architect and Guarantor. The auditor's independence from the subject of the audit is a matter of course!
The role of the cyber security auditor is incompatible with the performance of the roles of cyber security manager, cyber security architect, operator of communication and information systems or the role of asset guarantor.
Functions and tasks of the cyber security auditor:
- In cooperation with the Cyber Security Manager he participates in audit planning;
- Evaluates the compliance of implemented security measures with the requirements;
- Provides independent feedback on the effectiveness of the information security system;
- Based on the findings during the audit, it draws conclusions and documents the results.
Course Objectives
- Plan and prepare an audit
- Evaluate the obtained outputs and implement measures
- Prepare an audit report and implement corrective actions
- Prepare a differential analysis of IS against the requirements of the Act on Cyber Security
Key responsibilities
This course contains the recommended requirements for cyber security management and security roles listed in § 6 and 7. You will learn the key activities required to perform the role of Cyber Security Auditor, which defines:
Decree on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on cyber security)
a) Methodology and frameworks of information security audit.
b) Internal audit processes and procedures.
c) The role and function of internal audit.
d) ICT security audit process.
e) Strategic and tactical management of ICT.
f) Acquisition, development and deployment of ICT.
g) Management of ICT operation, maintenance and services.
h) Asset protection.
i) Cyber security assessment, testing and sampling methods.
j) Relevant legislation.
k) ICT security.
Agenda
09:00 - 10:30
ISMS
- Cyber security audit
- Evaluation of the effectiveness of the measures taken
- Assessment of controls, audits and impacts of incidents on the system
- Update of risk assessment report, security policy and other plans
Risk management
- Identification and evaluation of assets
- Establish criteria for threat assessment
- Declaration of applicability, risk management plan, benefits of measures
Safety requirements
- Politics
- Organizational security
- Terms and conditions and recommendations
- The role of suppliers in the development, operation and management of IS
Asset management
- Asset protection audit
- Dependence of primary and ancillary assets
10:30 - 10:45
Coffee Break
10:45 - 12:15
Human resources security
- Role audit
- Rights and obligations
- Policy control by users, administrators
Traffic and communication management
- Analysis of the rights and obligations of persons
- Audit and evaluation of the information obtained
- Assessment of the impacts of reactive measures on IS
Access control and secure user behavior (A)
- Audit of access to systems
- Results of vulnerabilities and potential exploits
Analysis, development and maintenance
- Identification, assessment and management of risks
- Risk assessment and management procedures, methodology
- Safety testing of changes before commissioning
12:15 - 13:15
Lunch | Lunch menu
13:15 - 15:00
Cyber Events and Incidents Management
- Investigation and causes of incidents
- Classification of incidents and events
Business continuity management
- Investigation and causes of incidents
Cyber Security Audit
- Documentation, policies and results
- Audit by a professionally qualified person
- Vulnerability control and evaluation
15:00 - 15:15
Coffee Break
15:15 - 16:00
Conclusion
- Summary
- Additional questions
16:00 - 17:00
Certification
- Exam
The basis of the Cyber Security Act is the ISMS (Information Security Management System).
- Block duration 90 minutes
- Hours 8 hours
- Refreshments Yes
- Exam Yes
Prerequisites
Basic knowledge of ISMS (Information Security Management System) according to ISO / IEC 2700
Trainers
Jan Cuřín
Graduate of ČVUT FEL, subsequently a consultant with an international dimension in the field of implementation and optimization of the information management system (ITSM) and cyber (ISMS) security. He applies the acquired experience from the position of an accredited Lead Auditor in the areas of IT Service Management, ISMS and GDPR.
- Cyber Security standard author
- Lead Auditor ITSM ISO 20000, ISMS ISO/IEC 27001
- Approved Trainer & Lead Auditor GDPR (EU 2016/679) dle ISO/IEC 17067
Lucie Balýová
ISO 27001 Auditor | NIS2 compliance | IT právo
Advokátka s více než desetiletou praxí IT práva, auditů kybernetické bezpečnosti, implementace EU Cyber Security nařízení jako NIS2, DORA, CRA a další. Vede pracovní skupinu pro standardizaci rolí dle ECSF (European Cybersecurity Skills Framework), EU regulace NIS2 a zákona č. 264/2025 Sb., vč. vyhlášek. Aktivně se podílí na vzdělávání organizací, které spadají do kategorie „povinných osob“. Lucie vám pomůže více než „splnit zákon“, ale budovat reálnou kybernetickou odolnost a právní jistotu v prostředí rostoucích hrozeb a nových evropských nařízení.
Certification
Cyber Security Auditor | ISO 17024 accreditation
Certification Exam
Preparatory course including certification, which is defined by Decree No. 82/2018 Coll.
The certificate proving the professional competence of security roles meets the requirements of ISO 17024, which is defined by Decree No. 82/2018 Coll. on security measures, cyber security incidents, reactive measures, filing requirements in the field of cyber security and data disposal (Decree on Cyber Security)
As part of the certification, they must demonstrate practical knowledge and skills to implement the ISMS (Information Security Management System) so that it meets legislative requirements and at the same time is in accordance with the ISO / IEC 27001 standard in the current valid version.
Test information
- Number of uestions: 30
- Pass mark: 60%
- Certificate validity: 3 years
- exam language Czech
Graduate ratings
Excellent review ☆☆☆☆☆ from 400 reviewers
What makes our references exceptional? They are not one-off events. Clients come back to us regularly.
- Jan B.
- 17.04.25
- ☆☆☆☆☆
Všechno proběhlo podle očekávání. Kurz byl srozumitelným měl jasný obsah a prezentaci. Dozvěděl jsem se pár nových věcí, což hodnotím také pozitivně. Lektorka mluvila jasně a srozumitelně, dobrý reakce na dotazy.
- Gabriel H.
- 10.03.25
- ☆☆☆☆☆
- PricewaterhouseCoopers Audit, s.r.o.
Zaujímavý a prínosný kurz.
- Jitka V.
- 07.02.25
- ☆☆☆☆☆
Lucka byla moc fajn a plno prikladu z praxe, to bylo super.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Lidské vysvětlení problematiky, předání praktických rad a zkušeností. Pauza, odlehčení, důraz na řízení lektorem přiměřeně dle reakcí. Opravdu výborný kurz.
- Kamila F:
- 27.03.24
- ☆☆☆☆☆
- AGORS plus a.s.
Kurz je praktický zaměřený, školený člověkem, který dobře rozumí problematice.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Rychlé, ale přínosné. Dobrý přehled.
- Matouš P.
- 27.03.24
- ☆☆☆☆☆
- Datacons s.r.o.
Velmi přátelský přístup školitele. Aktualizace vědomostí kybernetické bezpečnosti.
- Helena N.
- 27.03.24
- ☆☆☆☆☆
Kurz splnil moje očekávání.
- Petar S
- 27.03.24
- ☆☆☆☆☆
- Aplis Solutions s.r.o.
Excelentní výklad velmi obsáhlé problematiky s důrazem na praktičnost a aplikovatelnost.
- GDPR Anonymizováno
- 27.03.24
- ☆☆☆☆☆
Velmi dobrý vhled do problematiky auditu vztažený ke kybernetické bezpečnosti. Nemám co bych vytkl.
View the next 10 reviews of our graduates
View the full list of reference clients.
Not sure if this is the right courese for you? Get in touch!
For assistance please give us a call.
We are available at +420 222 553 101 Always Monday to Friday: 9am - 5pm.
Cannot call? Send us a message.
Would you like a gift for your birtday?
