Assessing Cybersecurity Risks in SaaS Applications

Course Description

8 Hours of NASBA-Certified Auditing CPE

1 CPE hour = 50 minutes

Delivery Method: QAS Self Study

Software as a Service (SaaS) constitutes an increasing risk to enterprises as organizations transition from on-premise business applications to cloud based applications. SaaS applications can contain sensitive enterprise information that can be accessed from any device connected to the Internet.

Due to this significant enterprise risk, SaaS applications need to be assessed for effective security and controls. Unfortunately, this is not easily achieved in SaaS environments.

This on-demand seminar is designed to provide an understanding of foundational SaaS concepts, key risks and associated controls. Throughout the seminar the focus is development of a risk-based approach to protect enterprise information in SaaS applications.

A wide range of globally recognized security and control resources will be highlighted during the seminar that can be used for planning and executing SaaS cybersecurity audits.

The intended audience for this seminar is all auditors (IT Auditors, business auditors, internal and external auditors) and audit management with the responsibility to provide effective assessments of enterprise risk.

Course Objectives:

• Recognize foundational SaaS concepts, key risks and associated controls.
• Define an audit strategy to assess important SaaS risks and controls.
• Evaluate cybersecurity and operational aspects of SaaS applications including API, encryption, incident response management, business continuity, etc.
• Assess SaaS governance controls and procedures over 3rd Party SaaS relationships. 
  

Agenda:

• SaaS Key Risks
  ERP / SaaS Applications
  
• Cloud Security Resources
  
• Cloud / SaaS Governance
  
• Access Management
  
• Configuration & Change Management
• End Point Security / Zero Trust
  
• Encryption Key Management
  
• API - Application Programming Interface
  
• Incident Response Management
  
• SaaS Business Continuity
  
• Cloud Security Awareness Training
  
• Assessing Cloud Vendor Controls
  

Policies:

Refund Policy

ERP Risk Advisors provides refunds in accordance with the refund policy of Teachable, our learning platform host. Refunds must go through the support funnel found at https://support.teachable.com/hc/en-us/articles/360004215372-Request-a-Refund. Teachable’s terms of use, including the refund policy, can be found at: https://teachable.com/terms-of-use.

Program Cancellation Policy

If a participant cancels a paid ERP Armor: Learning subscription plan, the cancellation will become effective at the end of the then-current billing cycle. When a participant cancels a paid plan, their account will revert to a free account and Teachable may disable access to features available only to paid plan users.

Complaint Resolution Policy

Participant(s) should email support@erpra.net and provide as much detail as possible about the complaint, including any relevant screenshots, account information, or transaction details. Upon receiving the complaint, ERP Risk Advisors’ support team will acknowledge it within 24 hours during business days. ERP Risk Advisors’ support team will investigate the complaint thoroughly. This may involve reviewing relevant records, consulting with appropriate personnel, and gathering additional information as necessary. ERP Risk Advisors aims to resolve all complaints as quickly as possible. Depending on the complexity of the issue, resolution may take up to 5 business days or more. During this time, ERP Risk Advisors will keep the participant(s) informed of the progress and any steps being taken to address their concerns. Once a resolution has been proposed, ERP Risk Advisors will contact the participant(s) to discuss the outcome. If participant(s) are dissatisfied with the initial resolution provided by ERP Risk Advisors’ support team, they may request that their complaint be escalated. Escalations will be reviewed by a senior manager to ensure a fair and impartial review of concerns. ERP Risk Advisors treats all complaints with the utmost confidentiality. Information provided will only be used for the purposes of investigating and resolving a complaint, in accordance with our Privacy Policy. For more information regarding administrative policies such as complaints and feedback, please contact our support desk at support@erpra.net.

*****

For all other Administrative and Course Development Policies, please visit ERP Armor: Learning FAQ and click on the first Frequently Asked Question dropdown.

*****

ERP Risk Advisors is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org