Maritime

Internal Auditing of Cyber Risk Management

Training to support the internal audit team with this new requirement to manage cyber risks

Objectives

The participant will:

  • Review international maritime cyber risk management requirements
  • Understand IT (information technology) and OT (operational technology) risks relevant for maritime organizations 
  • Become familiar with ISO 27001:2017 standard
  • Be equipped to audit safety management system including cyber risks

Entrance requirements

Qualified or experienced ISO internal auditors with knowledge of ISM requirements

Who should attend:

Internal Auditors familiar with ISM and ISO, who will be conducting cyber risk management audits as per ISM Code.

Duration: 1 day


Since January 1st, 2021 DOCs audits will include cyber risk management on a global level. This course will support the internal audit team called upon to undertake this additional requirement. 

Please note: This training is not suitable for those without ISO auditor experience.

Participants will learn how to effectively audit a safety management system in terms of cyber risk management. The scope of the audit is aligned towards the ISM code and takes other best practices (ISO 27001) into consideration. This includes practical instructions and exercises to audit your own organization regarding:

  • roles and responsibilities through interviews with DPA, administrators or cyber security officers and users,
  • relevant documentation such as the cyber risk assessment, software change management, cyber incident response plan or cyber awareness training.    

This course will teach you how to roll out an effective cyber risk management audit of your organization and how to utilize the audit to contribute beyond regulatory compliance to improve continually over time.  It addresses the ISM Code, IMO Resolution MSC.428 (98) as well as MSC-FAL.1-Circ.3 and takes other best practices, such as ISO 27001, into consideration, as applicable to the maritime industry.  

This training was developed to further complement DNV’s Maritime Cyber Security Services


Focus Points:

  • Cyber and information security regulations and relevant management system standards (e.g. ISM code, ISO 27001) 
  • Cyber risk management defense-in-depth principles: Identify, Protect, Detect, Respond and Recover 
  • Auditing of safety management systems in terms of cyber risk management
  • Typical cyber and information security audit findings 
  • Continuous improvements and maturity finalization 
  • Benefit from DNV’s experience with other customer projects

Objectives

The participant will:

  • Review international maritime cyber risk management requirements
  • Understand IT (information technology) and OT (operational technology) risks relevant for maritime organizations 
  • Become familiar with ISO 27001:2017 standard
  • Be equipped to audit safety management system including cyber risks

Entrance requirements

Qualified or experienced ISO internal auditors with knowledge of ISM requirements

Who should attend:

Internal Auditors familiar with ISM and ISO, who will be conducting cyber risk management audits as per ISM Code.

Duration: 1 day


Since January 1st, 2021 DOCs audits will include cyber risk management on a global level. This course will support the internal audit team called upon to undertake this additional requirement. 

Please note: This training is not suitable for those without ISO auditor experience.

Participants will learn how to effectively audit a safety management system in terms of cyber risk management. The scope of the audit is aligned towards the ISM code and takes other best practices (ISO 27001) into consideration. This includes practical instructions and exercises to audit your own organization regarding:

  • roles and responsibilities through interviews with DPA, administrators or cyber security officers and users,
  • relevant documentation such as the cyber risk assessment, software change management, cyber incident response plan or cyber awareness training.    

This course will teach you how to roll out an effective cyber risk management audit of your organization and how to utilize the audit to contribute beyond regulatory compliance to improve continually over time.  It addresses the ISM Code, IMO Resolution MSC.428 (98) as well as MSC-FAL.1-Circ.3 and takes other best practices, such as ISO 27001, into consideration, as applicable to the maritime industry.  

This training was developed to further complement DNV’s Maritime Cyber Security Services


Focus Points:

  • Cyber and information security regulations and relevant management system standards (e.g. ISM code, ISO 27001) 
  • Cyber risk management defense-in-depth principles: Identify, Protect, Detect, Respond and Recover 
  • Auditing of safety management systems in terms of cyber risk management
  • Typical cyber and information security audit findings 
  • Continuous improvements and maturity finalization 
  • Benefit from DNV’s experience with other customer projects

Course finder

Find courses now