Description
$275 (per person) includes an online webinar for 4 hours of CPE credit
This dynamic 4-hour webinar builds on basic cybersecurity concepts and provides a detailed, control-level review of how government organizations design, implement, and manage cybersecurity programs. This course focuses on areas most often examined during audits, including strategy and governance, training and policy management, identity and access management, secure system development and change management, data protection, asset and physical security, incident response, business continuity and disaster recovery, and third-party risk management.
Rather than treating cybersecurity as a single audit topic, the presentation guides auditors through a risk-based approach that aligns cybersecurity controls to mission-critical processes, regulatory expectations, and resilience objectives. Emphasis is placed on evaluating control design and operating effectiveness using recognized frameworks such as NIST CSF, NIST 800-53, and The IIA Cybersecurity Topical Requirement, while producing actionable audit results for government leadership and oversight bodies.
Learning objectives:
- Review cybersecurity governance structures, charters, reporting lines, and funding models to determine alignment with organizational mission and risk appetite
- Determine the effectiveness of security awareness, training programs, and policy management processes in reducing human-centric cyber risk
- Review identity and access management controls, including provisioning, deprovisioning, privileged access, and authentication mechanisms, to identify design and operating effectiveness gaps
- Review secure SDLC and change management controls to determine whether system changes are authorized, tested, approved, and deployed in a controlled manner
- Determine how to verify data protection and management controls, including classification, encryption, monitoring, and loss prevention, to ensure sensitive government data is adequately safeguarded
- Review asset management and physical security controls to confirm that hardware, software, facilities, and backups are protected throughout their lifecycle.
- Determine incident response planning and execution against NIST-aligned lifecycle expectations to determine readiness, coordination, and post-incident improvement
- Compare disaster recovery and business continuity controls, including RTO, RPO, and testing practices, to determine the organization’s operational resilience
- Identify third-party risk management practices, including due diligence, contractual safeguards, SOC report use, and ongoing monitoring, to identify downstream cybersecurity exposure
Program Level: Intermediate
Field of Study: Auditing (Governmental)
Who Should Attend: Governmental auditors who want a deeper understanding of cybersecurity programs in government organizations
Prerequisites: A basic understanding of cybersecurity practices in government organizations
Advanced Preparation Required: None
Instructional Method: Webinar (Group Internet Based)
CPE Credit Hours: 4
Date: Tuesday, June 23, 2026
Time: 12:00 p.m. – 4:00 p.m. Central
Webinar Leader:
Toby DeRoche, MBA CIA CCSA CRMA CFE CISA SA cAAP
Toby DeRoche, MBA CIA CCSA CRMA CFE CISA SA cAAP focuses his career on advising governance and assurance professionals on solutions to their audit, risk, and compliance needs. Toby assists organizations in improving their internal audit, risk management, and compliance functions. Toby’s professional background includes nearly 20 years in internal audit, fraud examination, and technology enablement consulting.
As the founder of Insight CPE, LLC, Toby is dedicated to continued education for audit, risk, and fraud professionals. In this role, he partnered with cRiskAcademy to create the Certified Agile Auditor Professional (cAAP) course, the first of its kind in the world. Toby has authored over 100 blogs and the books Agile Audit: Transformation and Beyond and Only Audit What Matters. Finally, as Senior Manager of IT Control at Agilon Health, Toby also puts theory into practice.
Questions? You can find our FAQ here and our policies here.
To see a breakdown of how many polls and minutes of attendance are required for this webinar, see this page.
Yellowbook-CPE.com is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: