Cyber Security Series 02 - SANS SEC440: Critical Security Controls
Field: Auditing | Delivery Method: Self Study | CPE Hours: 2.0
As new information technologies and approaches emerge, associated business risks undergo minor to significant transformation, and, in many cases, have far-reaching consequences for the organizations adopting such technologies and its stakeholders. Organizations are increasingly looking up to their Internal Auditors to provide independent assurance whether risks to the enterprise are managed well and advise thereon. With information technology becoming an inherent critical success factor for every business and the emerging threat landscape, there is significant urgency on internal auditors to equip themselves on IT audit essentials.
This cyber security series is designed to help internal auditors looking to equip themselves with competencies and confidence to handle audit of IT controls and information security, and learn about the emerging technologies and their underlying risks
This series focuses on contemporary IT audit approaches relevant to Internal Auditors and the processes underlying risk-based IT audits.
Cyber Security Part 2 - SANS SEC440: Critical Security Controls
- Inventory of Authorized and Unauthorized Devices
- Inventory of Authorized and Unauthorized Software
- Secure Configurations for Hardware and Software on Laptops, Workstations, and Servers
- Continuous Vulnerability Assessment and Remediation
- Controlled Use of Administrative Privileges
- Maintenance, Monitoring, and Analysis of Audit Logs
- Email and Web Browser Protections
- Malware Defenses
- Limitation and Control of Network Ports, Protocols, and Services
Course Length = 2 Hours
Delivery Method: Self-Study
Richard is a principal of Richard Cascarino & Associates LLC based in Colorado, USA with over 32 years of experience in audit training and consultancy. http://www.rcascarino.com/
He is a regular speaker to National and International conferences and has presented courses and webinars throughout Africa, Europe, the Middle East and the USA.
He has assisted in the implementation and audit of IT and Operational systems as well as the training of Internal Auditors in the USA, UK, and Middle East and throughout Africa. He is a Past President of the IIA – South Africa and founded the African Region of the IIA Inc. He has also served as a member of the Board of Regents for Higher Education of the Association of Certified Fraud Examiners. He developed the BComm Internal Audit for the University of the Witwatersrand in Johannesburg and the Honors program in Governance and Risk at the same university.
He is a consultant and lecturer with experience in Large scale, Project Management, Risk, Audit, Governance, Forensic, Internal and IT auditing education and author of the books Internal Auditing-an Integrated Approach and Auditor’s Guide to IT Auditing and Corporate Fraud and Internal Control: A Framework for Prevention published by Wiley in 2013. Data Analytics for Internal Auditors published in 2017 He is also a contributing author to the Governance section of all 4 editions of QFinance: The Ultimate Resource and is a frequent speaker at IIA, ACFE and ISACA workshops and conferences. His latest book, Complete Guide for CISA Exam Preparation came out in October 2020.