Cybersecurity Lead Auditor Course prepares professionals to plan and conduct audits of cybersecurity programmes and capabilities, assessing compliance, effectiveness and control maturity. The training addresses the audit process with focus on evidence, consistency and professional judgement.
Quick Access: Introduction· Why this course exists· What this course enables· Frameworks and standards· Value· Objectives· Target audience· Programme· Exam & Certification· Other information· Benefits· Logistics· Registration
Upcoming dates
Confirmed dates.
Synchronous, live training. Interaction with the trainer and the group.
Live Online • next edition
Live Online • base price
Language: available in Portuguese or English
Training: practical and case-study based
Exam: 4h
SPECIALIST LEVEL – Advanced competences to address critical challenges in the field.
Why this course exists
To translate cybersecurity frameworks and requirements into real, evidence-based auditing aligned with international best practices.
Organisations with cybersecurity programmes face increasing pressure to demonstrate governance, compliance and auditable evidence over practices, controls and results. This course prepares professionals to structure an Audit Programme, lead teams and conduct audits of a cybersecurity programme and framework, with method, consistency and results orientation.
What this course enables you to do
Structure
Design and maintain an audit programme aligned with cybersecurity frameworks and audit best practices.
Plan
Prepare and plan audits (objectives, criteria, scope, team, plan and approach), including audits of governance, risk and controls.
Conduct
Conduct audits using appropriate methods for collecting and verifying evidence, interviews, tests and control validation, with effective communication and team management.
Conclude
Record findings and nonconformities, build conclusions, produce reports and manage follow-up, supporting continuous improvement and compliance evidence.
Frameworks, standards and best practices addressed throughout the course
ISO/IEC 27001
ISO/IEC 27032
ISO/IEC 27103
CIS Controls
ENISA / EU (NIS vs. NIS 2)
DORA
ISO 19011
ISO/IEC 17021-1
ISO/IEC 17024
Audit Programme
BEHAVIOUR methodology (step-by-step)
Value for the organisation
- Greater governance and control capability over the cybersecurity programme, with structured internal audits and consistent evidence.
- Reduced risk of critical gaps and nonconformities in external assessments and audits, through preparation and method.
- Continuous improvement based on findings, corrective actions and auditable follow-up.
- Teams better prepared to support audits of cybersecurity frameworks and regulatory requirements.
Introduction
The Cybersecurity Lead Auditor course is a practical course on auditing a cybersecurity programme within an organisation. Through a case study and role-plays, participants learn how to audit based on the practical methodology proposed by BEHAVIOUR.
The course prepares participants to plan, conduct, report and follow up audits of a cybersecurity programme and framework, integrating governance, risk, controls and compliance, in alignment with internationally recognised frameworks and best practices.
This Training Plan and all associated documents are protected by Copyright and registered as a literary work with IGAC.
General Objectives
At the end of this course, participants will be able to:
- Understand fundamental cybersecurity concepts and principles and how they are framed within organisational programmes and frameworks.
- Know and correlate relevant frameworks and best practices (e.g., NIST CSF, ISO/IEC 27001, ISO/IEC 27032, CIS Controls) and their role in auditable evidence.
- Understand fundamental audit concepts and principles based on ISO 19011.
- Establish and improve an internal audit programme for cybersecurity, including criteria, scope, objectives, team, plan and approach.
- Prepare and plan audits of cybersecurity governance, risk and controls; conduct audits and conclude with report and follow-up.
- Understand communication, team management and evidence requirements for successful audits.
- Acquire the knowledge required to succeed in the “BEHAVIOUR Certified Cybersecurity Lead Auditor” exam.
Target Audience
- Internal auditors who participate in or lead audits of cybersecurity programmes and frameworks.
- Information Security/Cybersecurity consultants and professionals who need to conduct internal or third-party audits.
- GRC, risk, compliance and IT professionals with responsibilities in evidence, control and continuous improvement in cybersecurity.
- Project managers and those responsible for audit functions/departments who wish to consolidate a compliant audit programme.
Prerequisites
There are no mandatory formal prerequisites. However, previous experience or exposure to cybersecurity, risk management, controls and/or audits is recommended.
In addition, other specific requirements may apply, where relevant, depending on the quotation or proposal presented (please consult the proposal).
Programme
Cybersecurity, context and frameworks
- Introduction to the course
- Fundamental cybersecurity concepts and principles
- Cybersecurity structures and best practices (e.g., NIST CSF; ISO/IEC 27001; ISO/IEC 27032; CIS Controls)
- Relevant legislation and regulation (EU/ENISA overview: NIS vs. NIS 2; DORA, among others)
Audit: foundations, programme and planning
- Introduction to audit concepts and principles based on ISO 19011
- Internal audit programme: design, maintenance and improvement
- Audit preparation and planning (objectives, criteria, scope, team, plan and approach)
- Communication during the audit and conducting interviews
Execution: evidence, testing and control validation
- Collection and verification of evidence (documentary and operational)
- Audit methods and tests applied to cybersecurity controls
- Recording findings and nonconformities; classification and prioritisation
- Role-plays and simulations with case study
Conclusion, report and follow-up
- Preparing conclusions and closing
- Audit report: structure, evidence and recommendations
- Follow-up activities and verification of corrective actions
- Training closure
Exam(s) and Certification
Exam “Certified Cybersecurity Lead Auditor”
The exam covers the following competence domains:
- Domain 1: Cybersecurity foundations and applicable frameworks
- Domain 2: Fundamental audit concepts and principles based on ISO 19011
- Domain 3: Establishing and maintaining an internal audit programme for cybersecurity
- Domain 4: Preparing and planning audit activities
- Domain 5: Conducting audit activities (evidence, tests, interviews)
- Domain 6: Completing and closing audit activities (report and follow-up)
Language(s): Portuguese and English (consult BEHAVIOUR for availability in other languages).
Duration: 4 hours (240 minutes).
Format: Multiple-choice questions and open questions, based on a main case study and related to the competence domains.
Number of questions: 48 questions.
Pass mark: 700/1000 points.
Results: Pass or Fail.
Issuing entity: Behaviour (legal entity), through its certification service Behaviour Certification Services.
Retake: 1 free retake within a maximum period of 2 months after the exam result is made available.
Certification (levels and requirements)
After successfully completing the exam and accepting/signing the applicable agreement and Code of Ethics, the candidate may apply for one of three levels, according to experience:
- Certified Cybersecurity Associate Auditor: no previous experience required
- Certified Cybersecurity Auditor: 2 years of experience in cybersecurity and audits
- Certified Cybersecurity Lead Auditor: 5 years of experience in cybersecurity and audits
A Certificate and a Digital Certification Badge will be issued to participants who successfully complete the certification exam and satisfy all requirements of the certification for which they are applying. The certification is issued by Behaviour (legal entity), through its certification service Behaviour Certification Services.
The personal certification programme “Certified Cybersecurity Lead Auditor” is designed and maintained in accordance with ISO/IEC 17024.
Certification programmes are valid only for individuals (not companies), and the award and maintenance of certification depend on the exam result, professional experience and compliance with the applicable agreement/Code of Ethics.
If the professional does not comply with the agreement/Code of Ethics, the certification is not granted or is revoked.
Other Information
General Information
- Training available in Portuguese or English.
- Training materials available online (documentation in Portuguese or English), with online access, in accordance with the awarded conditions.
- Practical step-by-step audit methodology, with case study and role-plays.
- Behaviour digital Training Attendance Certificate with 40 CPD/CPE credits.
- Online Certification Exam; it may be taken up to 2 months after the course start date.
- Free retake according to scheme rules.
- Digital Diploma and Digital Badge after passing and applying for certification (no additional cost).
Trainer(s)
Benefits
View benefits
- Audit-oriented course, with a practical step-by-step methodology and case study.
- Improves governance, control and auditable evidence capability over the cybersecurity programme.
- Objective preparation for the certification exam (4h; case study; mixed questions).
- Free retake within the period defined in the scheme.
Logistics
Useful information
- Live Online (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
- Classroom (synchronous time): 09h30–17h30 (Lisbon time), with lunch break and short breaks
- 28 hours of synchronous training, distributed across 4 consecutive days
- Estimated 12 hours of guided autonomous work, intended for content consolidation and exam preparation, carried out flexibly outside synchronous sessions
- Requirements: computer with stable internet, browser, PDF reader and audio/video
Hotels in Lisbon
Frequently Asked Questions
Objective answers to common questions about the Cybersecurity Lead Auditor course (coming soon).
For general questions about registration, delivery modes, exams, certification and recertification, please consult the BEHAVIOUR® FAQs.
Registration
Complete the form to request your registration for the preferred edition. Check the upcoming dates.
Request more information
If you would like help to frame the course within your professional or organisational context, contact us and we will indicate the most suitable path.
Request Information
Companies: request a proposal
For team registrations, we provide volume conditions and a proposal tailored to the organisational need.
Request Proposal
This course may be attended by individual professionals. It may also be integrated into capability-building pathways for audit, cybersecurity, compliance and risk teams that need to assess cybersecurity capabilities with rigour and consistency.