mis 5208 – data analytics for it auditors introduction & course...
TRANSCRIPT
MIS 5208 – Data Analy t ics fo r IT Aud itorsIn troduction &Course Overv iew
EdFerrara,MSIA,[email protected]
Week1:Introductions,CourseOutline,Reading,ToolsandOtherAdministrationIssues
Agenda§ Introductions§ CourseDescription§ Tools
§ AuditControlLanguage(ACL)§ Splunk§ Excel
§ Schedule§ Syllabus§ ReadingList
§ GradesandGrading§ Labs§ Quizzes§ Mid-term§ Finalexam§ ClassParticipationBlog
Edward S . Fer rara§ ChiefInformationSecurityOfficer,CSLBehring
§ Cybersecurityservices§ Cloud§ Metrics§ Enterprisecybersecurityinformation architecture
§ CISSP#316968§ B.A.Franklin&MarshallCollege(Economics)§ M.A.UniversityofDelaware(EducationalStudies,
ComputerScience,Cognition)§ M.S.NorwichUniversity(Cybersecurity)§ Twitter:@eferrara§ LinkedIn:EdFerrara
In troductions§ WhoamI?
§ SharemyinterestinthistopicwithyouandhelpyouapplydataanalyticstoITauditingandcybersecurity
§ WestChester,Pennsylvania§ Ireallylikesailing
§ Whoareyou?§ Inyourfirstblog– pleasewritea
briefdescriptionofyourself.§ Pleasetellusyourgoalsand
objectivesfor thisclass§ Pleasetellusyourgoalsand
objectivesfor theprogram§ Pleasetelluswhereyouarefrom§ Pleasetellusonethingyouwant
usalltoknowabout
Course Descr ip t ion
§ Audit§ AuditControlLanguage(ACL)§ Excel
§ Cybersecurity§ BashShellCommands§ Splunk
§ MIS5208examinestheuseandpowerofdataforbothfrauddetectionbutalsoforcybersecurityincidentinvestigation
§ Yougetwhatyoumeasure.§ Thecoursepresents:
§ Basicdataanalysisconceptsandthenappliesthesetechniquestocybersecurityandfrauddetectionproblems.
§ Tools:
Course Schedu leWeek Meeting
DateTopic Comments WEBEX Reading Deliverables/Quizzes /
Tests Due
1
Tuesday01.12.2016
Introduction totheCourse
Introduction toFraudandForensicInvestigations
ACL ToolinstallationDemonstration
V9.0DesktopEDUCNon-Unicode (WindowsOnly). IfyouhaveaMacorLinuxmachine youwillneedtorunWindowsinaVMtousethissoftware.Templestudentsareentitledtoonecopyeachofthefollowingsoftware:
• Windows8.1
• MicrosoftOffice
SeethefollowingTempleWebsite: MicrosoftWorkAtHome
IfyouarenotusingWindowsasyourprimaryoperatingsystem(e.g.MacorLinux) youwillneedtoinstallavirtualwindowsmachineinordertorunwindows.ThereisnoversionofVMwarePlayerforOSX.VMwaresellsaMacversionoftheirproductcalled VMwareFusion.Youmayuseitastrialversion30daysforfree.Thereisafreeversionof VMWarePlayerforLinux.
WEBEX
2
Tuesday01.19.2016
FraudDetectionandPrevention Toolsneeded: ACLQuiz1AvailableLab1Available WEBEX
Coderre - 1,2,3Appendix C
ACLInPracticeTutorial- 1,2
Lab01:FraudsofNote
3
Tuesday01.26.2016
Introduction toACL- Toolsneeded: ACLNONE
PleaseworkonLabandQuiz.
Coderre - 4,5
ACLInPracticeTutorial- 3,4
Quiz1
4Tuesday02.02.2016
FraudinCyberspace SpecialGuestSpeaker: Mr.MikeGreen,HeadofITSecurity,Risk,andGovernance,MarsInc.- Quiz2Available WEBEX
None. Lab- 02- UsingACLtoExamine ExpensePatterns
5
Tuesday02.09.2016
OverviewoftheDataandWorkingwithData Toolsneeded: ACL
WEBEX
Coderre - 6,7
ACLInPracticeTutorial- 5,6
Quiz2
6Tuesday02.16.2016
AnalyzingTrendsintheDataandKnownSymptomsof Fraud
Toolsneeded: ACL/EXCELWEBEX
Coderre - 8,9 Lab- 03- UsingACLtoAnalyzeTransactions
7
Tuesday02.23.2016
UnknownSymptomsof Fraud,AutomatingtheDetectionProcess,VerifyingtheResults
Toolsneeded: ACL/EXCELMid-TermExam Available
Install SplunkCommunityEnterpriseorCommunityEdition tobereadyforthenexthalfof classoverSpringBreak.
WEBEX
Appendix A- FraudInvestigationPlans
MID-TERMEXAM
Course Schedu leSPRINGBREAK(February29– March6)
8Tuesday03.08.2016
IntroductiontoCybersecurityInvestigations-TheKillChain
Install SplunkCommunityEnterpriseorCommunityEditionWEBEX
9Tuesday03.15.2016
BigDataandSplunk Tools:SplunkWEBEX
ZadrozniandKodalli–1,2
10
Tuesday03.22.2016
GettingDataIntoSplunk Tools:Splunk
WEBEX
ZadrozniandKodalli–3
Lab04– GettingDataintoSplunkandProcessingtheData
Quiz3
11Tuesday03.29.2016
Processingand AnalyzingData Tools:SplunkWEBEX
ZadrozniandKodalli–4
12Tuesday04.05.2016
VisualizingTheResults Tools:SplunkWEBEX
ZadrozniandKodalli–5
Quiz4
13Tuesday04.12.2016
DefiningAlerts Tools:SplunkWEBEX
PrepareforFinalExam Lab05– VisualizingtheResultsandDefiningAlerts
14Tuesday04.19.2016
NONE.FINAL EXAM
Miss ion and Learn ingOb ject ives§ Understandhowtoorganizeand
analyzecontroldata§ Understand theprinciplesof
transaction-orienteddata,andhowtostoreandretrievedatafordatasources.
§ Understandmethods toidentifywaysinwhichperpetratorscompromisedatatoaffectfraud.
§ Identifyandcomparesourcesandmethodsofcapturingdatathroughoutabusinessprocess.
§ Usedatamining techniques toidentifyassociationsandtrendsamongdata.
§ Applydatamining techniques toexaminecontrolefficacy.
§ Integratedataacrossmultiplesources, transforming itintoasingleview.
§ Understandandselectappropriatedatavisualization techniquestoeffectivelycommunicate theresultsofananalysiseffort.
§ Communicateanalysisresultstostakeholders forongoing qualityassuranceandprocessimprovement.
Presentat ions and Lab 01§ Laterinthecourseyouwillbeaskedto
presentyourlabfindingsonaselectivebasis– eitherindividuallyorasagroup
§ Ideasandproposals inbusinessarenowtypicallycommunicatedvia“decks”.Oftenthesedecksarenotevenpresentedintheformalsense,theyjustgetemailedtotherecipient.Youneedto learnhowtocommunicateyourideasusingdecks.Thisisanimportantskill.Youcanbethebestanalystintheworldbut ifyoucannotgetyourideasacross…
§ Writingskillsareimportantbutwetendtooveremphasizecorrectgrammarandform– notnecessarilysimpleanddirectcommunication– theessenceofcreatinggooddecks.
§ Eachslideinyourdeckshouldbecraftedjust likeyouwouldcraftacanvasofapainting!
§ TheCognitiveStyleofPowerPoint byEdwardTufte (34Pages)
§ PresentationSkillsVideo:https://www.youtube.com/watch?v=ayxfblOyUBY (3:56)
§ PresentationSkillsVideo:https://www.youtube.com/watch?v=VVp8UGjECt4(5:20)
§ PresentationSkillsVideo:https://www.youtube.com/watch?v=whTwjG4ZIJg(7:18)