Subscribe for NewsLetters
Email: *
First Name: *
Last Name:
Enter Captcha:*
Mktg 87124 Audit Net 468x60
Iia Sept 2021 728x90
Auditnet 728x90 Arbutus Banner 1[1]
Ad (728x90) Orange No.Thumb Headline2

AuditNet® Training::Auditnet-cybersecurity-for-internal-auditors-on-a-flash-drive



Data Analytics for Internal Auditors - 6 Recordings

Since the spread of IT systems has made it a pre-requisite that auditors as well as management have the ability to examine high volumes of data and transaction in order to determine patterns and trends. In addition, the increasing need to continuously monitor and audit IT systems has created an imperative for the effective use of appropriate data mining tools. 

While a variety of powerful tools are readily available today, the skills required to utilize such tools are not. Not only must the correct testing techniques be selected but the effective interpretation of outcomes presented by the software is essential in the drawing of appropriate conclusions based on the data analysis. This webinar series, based on Richard Cascarino’s book “Data Analytics for Internal Auditors” covers these skills and techniques.

1 Understanding Sampling

  • Judgmental vs Statistical Sampling
  • Probability theory in Data Analysis
  • Types of Evidence
  • Population Analysis
  • Correlations and Regressions

2 Analytics in the Audit 

  • Conducting the Audit
  • Obtaining Information from IT Systems for Analysis
  • Use of Computer Assisted Audit Techniques
  • 3 Analytics Techniques

    • Analysis of Big Data
    • Results Analysis and Validation
    • Fraud Detection using Data Analysis
    • Root Cause Analysis

    4 Analysis and Monitoring 

    • Data analysis and Continuous Monitoring
    • Continuous Auditing
    • Financial Analysis

    5 Data Analytics Software

    • Excel and Data Analysis
    • ACL and Data Analysis
    • IDEA and Data Analysis
    • SAS and Data Analysis
    6 Using the Analysis
    • Analysis Reporting
    • Data Visualization and Presentation
    Cyber-Security for Internal Auditors
    Mailing Address
    City State Zip


    Internal audit has a critical role in helping organizations in the ongoing battle of managing cyber threats, both by providing an independent assessment of existing and needed controls, and helping the audit committee and board understand and address the diverse risks of the digital world.

    AuditNet® has joined forces with Richard Cascarino and Associates to bring you a structured learning curriculum for Cyber-security. The series of 10 recorded webinars is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks.

    AuditNet® is pleased to offer the Cyber-security for Internal Auditors on a USB Flash drive. The flash drive will include all 10 2 hour webinars and the slides. Auditors also have the option of adding a subscription to AuditNet® at a reduced fee. You must provide a correct postal address so that we can mail you the flash drive. 

    Cyber-security for Internal Auditors

    The Cyber-security for Internal Auditors Series includes 10 2-hour recorded webinars and the related slides.

    The webinars are presented by Richard E. Cascarino, MBA, CIA, CFE, CISA

    CPE is not offered for viewing the recordings. If you would like to earn CPE then register and pay for the live sessions.

    Who Should Watch?

    The series is aimed primarily at auditors, both internal and external, who are beginning their career in Computer Auditing or who wish to understand the complexities and vulnerabilities of computer systems. The series builds rapidly to shorten the time period to productivity and effectiveness.

    Cyber-Security for Internal Auditors
    Mailing Address
    City State Zip


    1. Cyber Defense

    2. SANS SEC440: Critical Security Controls

    3. Malware Defense

    4. Boundary Defense Mechanisms

    5. Controlling Ports and Network Devices

    6. Application Security

    7. SEIM Log Analysis

    8. Administrative Control Breaches

    9. Vulnerability Assessment

    10. Advanced Persistent Threats and targeted cyber-attacks

    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 1
    • Cyber Defense
    • Threats/Threat actors/Common Cyber Attack methods
    • Attacks and vulnerabilities exposed 
    • Layered protection measures against Cyber threats
    • Firewalls and levels of protection they provide
    • Traffic profiling and monitoring for inbound and outbound traffic
    • Intrusion Detection 
    • Incidences of Compromises
    • Penetration testing regimes and vulnerability testing
    • NIST Vulnerability Checklist
    • The Security Content Automation Protocol (SCAP)
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 2

    • SANS SEC440: Critical Security Controls
    • Inventory of Authorized and Unauthorized Devices
    • Inventory of Authorized and Unauthorized Software
    • Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
    • Continuous Vulnerability Assessment and Remediation
    • Controlled Use of Administrative Privileges
    • Maintenance, Monitoring, and Analysis of Audit Logs
    • Email and Web Browser Protections
    • Malware Defenses
    • Limitation and Control of Network Ports, Protocols, and Services
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 3

    • Malware Defense
    • Types of Malware
    • Blended Threats
    • Infection Mechanisms
    • Semantic, or Heuristics Based Malware Detection
    • Polymorphic Malware
    • Metamorphic Malware
    • Hiding techniques and Detection of Malware
    CPE: N/A
    Basic Delivery Method:Video Recording
    Webinar 4
    • Boundary Defense Mechanisms
    • Denying communications with known malicious IP addresses
    • Rapidly deployment of filters on internal networks
    • Deploying network-based IDS sensors on Internet and extranet DMZ systems
    • Seeking unusual attack mechanisms
    • Implementing Network-based IPS devices
    • Implementing a secure Network Architecture
    • Implementing two-factor authentication
    • Designing internal network segmentation
    • Designing and implementing network perimeter proxy servers
    • Denying communications with known malicious IP addresses
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 5

    • Controlling Ports and Network Devices
    • Ports and Protocols
    • Network Mappers
    • Protocol Attacks
    • Use of Firewalls
    • Identifying Network Boundaries
    • NIST 800 framework and CIS
    • Switches and Routers
    • Routing Protocols
    • Switch Security
    • Hardening the Network
    • Good Network Administration
    • Internet Control Message Protocol
    • Anti-spoofing and logging
    • Configuring a secure network perimeter 
    • Secure IOS-based Routers using automated features 
    • Securing Desktops, Notebooks, Servers and Mobile Devices
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 6

    • Application Security
    • Application security logging and monitoring
    • Issues in current logging practices
    • Resources required by developers for security logging
    • Correlating and alerting from log sources
    • Logging in multi-tiered architectures and disparate systems
    • Application securit logging requirements
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 7

    • SEIM Log Analysis
    • Logging Sources & Servers
    • What is a SIEM? 
    • Advantages of a SIEM?
    • Using SIEM
    • Detection of outbound sensitive information 
    • Data Collection
    • Aggrefation, Normalization and Enrichment
    • Reporting and Forensics
    • Challenges in log management
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 8

    • Administrative Control Breaches
    • Security Administration
    • Purpose of Security Tools
    • Examples of Security Tools
    • Security Incident Manager (SIM)
    • Problems with Security Administration
    • Improving Administration
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 9

    • Vulnerability Assessment
    • Ongoing identification of potential risks and areas of weakness
    • Hazard Assessment and Risk Identification
    • Problems in Vulnerability Assessment
    • Use of Penetration Testing
    • Network Vulnerability Testing
    • Web Vulnerability Testing
    • Wireless War Driving / Walking
    • Phone Network Testing
    • Social Engineering Testing
    • Walk-throughs and Dumpster Diving
    • Physical Security Auditing
    CPE: N/A
    Basic Delivery Method:Video Recording

    Webinar 10

    • Advanced Persistent Threats and targeted cyber attacks:
    • Advanced Persistent Threats – the shifting paradigm to targeted attacks
    • Understanding Advanced Persistent threats 
    • Overview of popular types of APTs
    • Impact of APTs on sensitive data as well as organisation reputation
    • Characteristics and Attack sequence of APT attacks and the challenges in detecting APTs
    • Assessing, Managing and Auditing APT Risks
    • Data loss and Cyber intrusions
    CPE: N/A
    Basic Delivery Method:Video Recording
    Trainer’s bio
    RichardExpert Trainer: Richard E. Cascarino, MBA, CRMA, CIA, CISM, CFE

    Well known in international auditing circles as one of the most knowledgeable practitioners in the field, Richard is principal of Richard Cascarino & Associates, a highly successful audit training and consultancy company. He has worked extensively with banks across Africa, the USA, the Caribbean, the Middle East and the Indian Ocean Isles.

    He is a regular speaker to National and International conferences and has presented webinar seriess throughout Africa, Europe, the Middle East and the USA.

    Richard is a Past President of the Institute of Internal Auditors in South Africa, was the founding Regional Director of the Southern African Region of the IIA-Inc and is a member of ISACA and the Association of Certified Fraud Examiners.

    Richard was is the chairman of the Audit and Risk Committee of the Department of Public Enterprises in South Africa and served as chairman of the Audit Committee of Gauteng cluster 2 (Premier's office, Shared Services and Health).

    He is also a visiting Lecturer at the University of the Witwatersrand, author of the book “Internal Auditing - an Integrated Approach”, 3rd edition Jan 2015, published by Juta Publishing. This book is extensively used as a university textbook worldwide. In addition, he is the author of the "Auditor's Guide to IT Auditing" and “Data Analytics for Internal Auditors”

    Books by Richard Cascarino