Building Your 2026 Cybersecurity Audit Plan

As organizations prepare for 2026, security leaders face a challenging audit environment shaped by new regulations, updated standards, and an evolving threat landscape. Audit programs are expected to do more than simply check compliance boxes—they must provide meaningful assurance that cybersecurity safeguards are operating effectively and aligned with business priorities. Too often, audit plans are built reactively, repeating last year’s scope or relying on external checklists, rather than taking a forward-looking approach tied to risk and governance. In this webcast, SANS Senior Instructor James Tarala will provide a practical framework for designing a cybersecurity audit plan that is both strategic and actionable. He will highlight the latest changes in regulatory expectations and standards requirements, examine how those shifts influence auditor focus areas, and explain how organizations can prepare for new areas of scrutiny. The discussion will also connect audit activities to the broader governance and risk roadmap, ensuring that audit plans support—not distract from—the organization’s overall security strategy. Attendees will learn how to build an audit roadmap that reflects organizational risk priorities, maximizes the use of available resources, and ensures coverage across the most important safeguards. The webcast will emphasize how a well-constructed audit plan can provide real value beyond compliance, strengthening assurance, identifying gaps before adversaries do, and reinforcing confidence with executives and stakeholders. Learning Objectives: - Identify the regulatory, standards, and threat-driven factors that should shape a 2026 audit plan - Build an audit roadmap that aligns with organizational risk priorities and available resources - Apply practical techniques to ensure audits provide real value beyond compliance checkboxes Learn more about James, https://www.sans.org/profiles/james-tarala This session supports concepts from LDR519: Cybersec