Subscribe for NewsLetters
Email: *
First Name: *
Last Name:
Enter Captcha:*
An19026 468x60
Auditnet 468x60 Arbutus Dk
C Risk Academy Banner
Audit Net Ad   Trends Report

AuditNet® Training::Auditnet-cybersecurity-for-internal-auditors-on-a-flash-drive


Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls, and helping the audit committee and board understand and address the diverse risks of the digital world.

AuditNet® has joined forces with Richard Cascarino and Associates to bring you a structured learning curriculum for Cyber-security. The series of 10 recorded webinars is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks.

AuditNet® is pleased to offer the Cyber-security for Internal Auditors on a USB Flash drive. The flash drive will include all 10 2 hour webinars and the slides. Auditors also have the option of adding a subscription to AuditNet® at a reduced fee. You must provide a correct postal address so that we can mail you the flash drive. 

Cyber-security for Internal Auditors

The Cyber-security for Internal Auditors Series includes 10 2-hour recorded webinars and the related slides.

The webinars are presented by Richard E. Cascarino, MBA, CIA, CFE, CISA

CPE is not offered for viewing the recordings. If you would like to earn CPE then register and pay for the live sessions.

Who Should Watch?

The series is aimed primarily at auditors, both internal and external, who are beginning their career in Computer Auditing or who wish to understand the complexities and vulnerabilities of computer systems. The series builds rapidly to shorten the time period to productivity and effectiveness.

Cyber-Security for Internal Auditors
Mailing Address
City State Zip


1. Cyber Defense

2. SANS SEC440: Critical Security Controls

3. Malware Defense

4. Boundary Defense Mechanisms

5. Controlling Ports and Network Devices

6. Application Security

7. SEIM Log Analysis

8. Administrative Control Breaches

9. Vulnerability Assessment

10. Advanced Persistent Threats and targeted cyber-attacks

Basic Delivery Method:Video Recording

Webinar 1
  • Cyber Defense
  • Threats/Threat actors/Common Cyber Attack methods
  • Attacks and vulnerabilities exposed 
  • Layered protection measures against Cyber threats
  • Firewalls and levels of protection they provide
  • Traffic profiling and monitoring for inbound and outbound traffic
  • Intrusion Detection 
  • Incidences of Compromises
  • Penetration testing regimes and vulnerability testing
  • NIST Vulnerability Checklist
  • The Security Content Automation Protocol (SCAP)
Basic Delivery Method:Video Recording

Webinar 2

  • SANS SEC440: Critical Security Controls
  • Inventory of Authorized and Unauthorized Devices
  • Inventory of Authorized and Unauthorized Software
  • Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
  • Continuous Vulnerability Assessment and Remediation
  • Controlled Use of Administrative Privileges
  • Maintenance, Monitoring, and Analysis of Audit Logs
  • Email and Web Browser Protections
  • Malware Defenses
  • Limitation and Control of Network Ports, Protocols, and Services
Basic Delivery Method:Video Recording

Webinar 3

  • Malware Defense
  • Types of Malware
  • Blended Threats
  • Infection Mechanisms
  • Semantic, or Heuristics Based Malware Detection
  • Polymorphic Malware
  • Metamorphic Malware
  • Hiding techniques and Detection of Malware
Basic Delivery Method:Video Recording
Webinar 4
  • Boundary Defense Mechanisms
  • Denying communications with known malicious IP addresses
  • Rapidly deployment of filters on internal networks
  • Deploying network-based IDS sensors on Internet and extranet DMZ systems
  • Seeking unusual attack mechanisms
  • Implementing Network-based IPS devices
  • Implementing a secure Network Architecture
  • Implementing two-factor authentication
  • Designing internal network segmentation
  • Designing and implementing network perimeter proxy servers
  • Denying communications with known malicious IP addresses
Basic Delivery Method:Video Recording

Webinar 5

  • Controlling Ports and Network Devices
  • Ports and Protocols
  • Network Mappers
  • Protocol Attacks
  • Use of Firewalls
  • Identifying Network Boundaries
  • NIST 800 framework and CIS
  • Switches and Routers
  • Routing Protocols
  • Switch Security
  • Hardening the Network
  • Good Network Administration
  • Internet Control Message Protocol
  • Anti-spoofing and logging
  • Configuring a secure network perimeter 
  • Secure IOS-based Routers using automated features 
  • Securing Desktops, Notebooks, Servers and Mobile Devices
Basic Delivery Method:Video Recording

Webinar 6

  • Application Security
  • Application security logging and monitoring
  • Issues in current logging practices
  • Resources required by developers for security logging
  • Correlating and alerting from log sources
  • Logging in multi-tiered architectures and disparate systems
  • Application securit logging requirements
Basic Delivery Method:Video Recording

Webinar 7

  • SEIM Log Analysis
  • Logging Sources & Servers
  • What is a SIEM? 
  • Advantages of a SIEM?
  • Using SIEM
  • Detection of outbound sensitive information 
  • Data Collection
  • Aggrefation, Normalization and Enrichment
  • Reporting and Forensics
  • Challenges in log management
Basic Delivery Method:Video Recording

Webinar 8

  • Administrative Control Breaches
  • Security Administration
  • Purpose of Security Tools
  • Examples of Security Tools
  • Security Incident Manager (SIM)
  • Problems with Security Administration
  • Improving Administration
Basic Delivery Method:Video Recording

Webinar 9

  • Vulnerability Assessment
  • Ongoing identification of potential risks and areas of weakness
  • Hazard Assessment and Risk Identification
  • Problems in Vulnerability Assessment
  • Use of Penetration Testing
  • Network Vulnerability Testing
  • Web Vulnerability Testing
  • Wireless War Driving / Walking
  • Phone Network Testing
  • Social Engineering Testing
  • Walk-throughs and Dumpster Diving
  • Physical Security Auditing
Basic Delivery Method:Video Recording

Webinar 10

  • Advanced Persistent Threats and targeted cyber attacks:
  • Advanced Persistent Threats – the shifting paradigm to targeted attacks
  • Understanding Advanced Persistent threats 
  • Overview of popular types of APTs
  • Impact of APTs on sensitive data as well as organisation reputation
  • Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs
  • Assessing, Managing and Auditing APT Risks
  • Data loss and Cyber intrusions
Basic Delivery Method:Video Recording
Trainer’s bio
RichardExpert Trainer: Richard E. Cascarino, MBA, CRMA, CIA, CISM, CFE

Well known in international auditing circles as one of the most knowledgeable practitioners in the field, Richard is principal of Richard Cascarino & Associates, a highly successful audit training and consultancy company. He has worked extensively with banks across Africa, the USA, the Caribbean, the Middle East and the Indian Ocean Isles.

He is a regular speaker to National and International conferences and has presented webinar seriess throughout Africa, Europe, the Middle East and the USA.

Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc and is a member of ISACA and the Association of Certified Fraud Examiners.

Richard was is the chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa and served as chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health).

He is also a visiting Lecturer at the University of the Witwatersrand, author of the book “Internal Auditing - an Integrated Approach”, 3rd edition Jan 2015, published by Juta Publishing. This book is extensively used as a university textbook worldwide. In addition, he is the author of the "Auditor's Guide to IT Auditing" and “Data Analytics for Internal Auditors”

Books by Richard Cascarino