Special offers now — see discounted courses.
day
:
hour
:
min
:
sec
See special offers
Advanced SOC 2 Auditing: Proven Strategies for Auditing the Security, Availability and Confidentiality TSCs

Advanced SOC 2 Auditing: Proven Strategies for Auditing the Security, Availability and Confidentiality TSCs

1h 56mAdvanced2024-04-15

Authors

AJ Yawn

AJ Yawn

Cybersecurity Expert, Founder and CEO at ByteChek

Course details

If you’ve ever faced an SOC 2 audit, the complexity and rigorous standards can leave even experienced security and compliance professionals feeling overwhelmed and confused. In this course, learn advanced skills and tactical insights to conduct SOC 2 audits effectively. Instructor AJ Yawn covers topics such as auditing security, confidentiality, and availability trust services categories, as well as technical testing considerations and key auditing techniques for comprehensive evaluations. Also, learn about auditor perspectives and the evidence needed to prove compliance. Join AJ in this course for professional-level, advanced skills that can help you conquer your next SOC 2 audit with confidence.

Skills covered

Governance, Risk, and ComplianceCybersecurityDeep Dive (X:Y)

Concepts

0. Introduction

  • 01 - Be an advanced SOC 2 MVP

1. Auditing the Security Trust Services Category

  • 02 - Exploring CC1.1 - COSO Principle 1 - Upholding integrity and ethical values
  • 03 - Exploring CC1.2 - COSO Principle 2 - Ensuring board independence and oversight of internal control
  • 04 - Exploring CC1.3 - COSO Principle 3 - Establishing effective structures and reporting lines for objective pursuit
  • 05 - Exploring CC1.4 - COSO Principle 4 - Fostering a commitment to competent talent acquisition, development, and retention in alignment with objectives
  • 06 - Exploring CC1.5 - COSO Principle 5 - Ensuring accountability for internal control responsibilities in objective pursuit
  • 07 - Exploring CC2.1 - COSO Principle 13 - Leveraging relevant, quality information to enhance internal control functionality
  • 08 - Exploring CC2.2 - COSO Principle 14 - Enhancing internal control through effective internal communication of objectives and responsibilities
  • 09 - Exploring CC2.3 - COSO Principle 15 - Facilitating external communication for effective functioning of internal control
  • 10 - Exploring CC3.1 - COSO Principle 6 - Defining clear objectives to facilitate risk identification and assessment
  • 11 - Exploring CC3.2 - COSO Principle 7 - Identifying and analyzing risks for effective objective achievement and risk management
  • 12 - Exploring CC3.3 - COSO Principle 8 - Addressing fraud potential in risk assessment for objective achievement
  • 13 - Exploring CC3.4 - COSO Principle 9 - Evaluating changes that significantly impact the internal control system
  • 14 - Exploring CC4.1 - COSO Principle 16 - Evaluating component presence and functionality for effective internal control
  • 15 - Exploring CC4.2 - COSO Principle 17 - Timely evaluation and communication of internal control deficiencies for effective corrective action
  • 16 - Exploring CC5.1 - COSO Principle 10 - Selecting and developing control activities to mitigate risks to achieve acceptable levels
  • 17 - Exploring CC5.2 - COSO Principle 11 - Selecting and developing technology control activities for objective support
  • 18 - Exploring CC5.3 - COSO Principle 12 - Deploying control activities through policies and procedures for effective implementation
  • 19 - Exploring CC6.1 - Implementing logical access security for protected information assets to meet objectives
  • 20 - Exploring CC6.2 - Granting user access - Registering, authorizing, and administering system credentials
  • 21 - Exploring CC6.3 - Removing user access - Role-based authorization, segregation of duties, and access modification
  • 22 - Exploring CC6.4 - Securing physical access - Restricting facilities and protected information assets to authorized personnel
  • 23 - Exploring CC6.5 - Safeguarding physical assets - Discontinuing protections in alignment with objectives
  • 24 - Exploring CC6.6 - Strengthening logical access security - Safeguarding against external threats
  • 25 - Exploring CC6.7 - Safeguarding information - Restricting transmission, movement, and removal to achieve objectives
  • 26 - Exploring CC6.8 - Preventing and detecting unauthorized or malicious software - Controls for objective alignment
  • 27 - Exploring CC7.1 - Detecting and monitoring procedures - Identifying configuration changes and vulnerabilities for objective alignment
  • 28 - Exploring CC7.2 - Monitoring system components - Detecting anomalies and analyzing security events for objective fulfillment
  • 29 - Exploring CC7.3 - Evaluating security events - Preventing and addressing failures to achieve objectives
  • 30 - Exploring CC7.4 - Responding to security incidents - Executing an effective incident response program
  • 31 - Exploring CC7.5 - Recovering from security incidents - Identifying, developing, and implementing effective recovery activities
  • 32 - Exploring CC8.1 - Change management for objective alignment - Authorizing, designing, and implementing changes
  • 33 - Exploring CC9.1 - Mitigating business disruption risks - Identifying, selecting, and developing risk mitigation activities
  • 34 - Exploring CC9.2 - Managing vendor and business partner risks - Assessing and mitigating risks effectively

2. Auditing the Availability Trust Services Category

  • 35 - Exploring A1.1 - Managing processing capacity - Monitoring, evaluating, and enabling additional capacity for objective fulfillment
  • 36 - Exploring A1.2 - Protecting environment, software, and data - Authorization, design, implementation, and monitoring for objective achievement
  • 37 - Exploring A1.3 - Testing recovery plan procedures - Ensuring system recovery for objective fulfillment

3. Auditing the Confidentiality Trust Services Category

  • 38 - Exploring C1.1 - Safeguarding confidential information - Identification and maintenance for objective alignment
  • 39 - Exploring C1.2 - Confidential information disposal - Ensuring objective-driven confidentiality practices

4. Testing Considerations

  • 40 - Comprehensive guide to completeness and accuracy in SOC 2 auditing - Ensuring reliable and comprehensive evaluations
  • 41 - Applying sample testing and attribute testing in SOC 2 audits
  • 42 - Mastering comprehensive testing note documentation in SOC 2 audits - Enhancing clarity for effective review
  • 43 - Reviewing and aligning section 3 and section 4 in SOC 2 audits - Ensuring consistency and cohesion for reliable assurance
  • 44 - Exploring technical testing considerations in SOC 2 audits - Navigating cloud-based challenges and evaluating technical evidence

Conclusion

  • 45 - Next steps

Related courses

Related learn paths

About us

LyndaKade is a leading learning platform that helps people learn business, software, technology, and creative skills to achieve personal and professional goals.

Phone numberAparat ChannelTelegram SupportTelegram ChannelInstagram Page

All rights to this site belong to LyndaKade.

Terms of Service|Privacy Policy

نماد الکترونیک enamad در صورت اتصال با آی‌پی داخل کشور، نمایش داده خواهد شد.
logo-samandehi - لوگو ساماندهی
zarinpal
zibal