MIS 5208 – Data Analy t ics fo r IT Aud itorsIn troduction &Course Overv iew

EdFerrara,MSIA,CISSPeferrara@forrester.com

Week1:Introductions,CourseOutline,Reading,ToolsandOtherAdministrationIssues

Agenda§ Introductions§ CourseDescription§ Tools

§ AuditControlLanguage(ACL)§ Splunk§ Excel

§ Schedule§ Syllabus§ ReadingList

§ GradesandGrading§ Labs§ Quizzes§ Mid-term§ Finalexam§ ClassParticipationBlog

Edward S . Fer rara§ ChiefInformationSecurityOfficer,CSLBehring

§ Cybersecurityservices§ Cloud§ Metrics§ Enterprisecybersecurityinformation architecture

§ CISSP#316968§ B.A.Franklin&MarshallCollege(Economics)§ M.A.UniversityofDelaware(EducationalStudies,

ComputerScience,Cognition)§ M.S.NorwichUniversity(Cybersecurity)§ Twitter:@eferrara§ LinkedIn:EdFerrara

In troductions§ WhoamI?

§ SharemyinterestinthistopicwithyouandhelpyouapplydataanalyticstoITauditingandcybersecurity

§ WestChester,Pennsylvania§ Ireallylikesailing

§ Whoareyou?§ Inyourfirstblog– pleasewritea

briefdescriptionofyourself.§ Pleasetellusyourgoalsand

objectivesfor thisclass§ Pleasetellusyourgoalsand

objectivesfor theprogram§ Pleasetelluswhereyouarefrom§ Pleasetellusonethingyouwant

usalltoknowabout

Course Descr ip t ion

§ Audit§ AuditControlLanguage(ACL)§ Excel

§ Cybersecurity§ BashShellCommands§ Splunk

§ MIS5208examinestheuseandpowerofdataforbothfrauddetectionbutalsoforcybersecurityincidentinvestigation

§ Yougetwhatyoumeasure.§ Thecoursepresents:

§ Basicdataanalysisconceptsandthenappliesthesetechniquestocybersecurityandfrauddetectionproblems.

§ Tools:

CourseSchedule

Course Schedu leWeek Meeting

DateTopic Comments WEBEX Reading Deliverables/Quizzes /

Tests Due

1

Tuesday01.12.2016

Introduction totheCourse

Introduction toFraudandForensicInvestigations

ACL ToolinstallationDemonstration

V9.0DesktopEDUCNon-Unicode (WindowsOnly). IfyouhaveaMacorLinuxmachine youwillneedtorunWindowsinaVMtousethissoftware.Templestudentsareentitledtoonecopyeachofthefollowingsoftware:

• Windows8.1

• MicrosoftOffice

SeethefollowingTempleWebsite: MicrosoftWorkAtHome

IfyouarenotusingWindowsasyourprimaryoperatingsystem(e.g.MacorLinux) youwillneedtoinstallavirtualwindowsmachineinordertorunwindows.ThereisnoversionofVMwarePlayerforOSX.VMwaresellsaMacversionoftheirproductcalled VMwareFusion.Youmayuseitastrialversion30daysforfree.Thereisafreeversionof VMWarePlayerforLinux.

WEBEX

2

Tuesday01.19.2016

FraudDetectionandPrevention Toolsneeded: ACLQuiz1AvailableLab1Available WEBEX

Coderre - 1,2,3Appendix C

ACLInPracticeTutorial- 1,2

Lab01:FraudsofNote

3

Tuesday01.26.2016

Introduction toACL- Toolsneeded: ACLNONE

PleaseworkonLabandQuiz.

Coderre - 4,5

ACLInPracticeTutorial- 3,4

Quiz1

4Tuesday02.02.2016

FraudinCyberspace SpecialGuestSpeaker: Mr.MikeGreen,HeadofITSecurity,Risk,andGovernance,MarsInc.- Quiz2Available WEBEX

None. Lab- 02- UsingACLtoExamine ExpensePatterns

5

Tuesday02.09.2016

OverviewoftheDataandWorkingwithData Toolsneeded: ACL

WEBEX

Coderre - 6,7

ACLInPracticeTutorial- 5,6

Quiz2

6Tuesday02.16.2016

AnalyzingTrendsintheDataandKnownSymptomsof Fraud

Toolsneeded: ACL/EXCELWEBEX

Coderre - 8,9 Lab- 03- UsingACLtoAnalyzeTransactions

7

Tuesday02.23.2016

UnknownSymptomsof Fraud,AutomatingtheDetectionProcess,VerifyingtheResults

Toolsneeded: ACL/EXCELMid-TermExam Available

Install SplunkCommunityEnterpriseorCommunityEdition tobereadyforthenexthalfof classoverSpringBreak.

WEBEX

Appendix A- FraudInvestigationPlans

MID-TERMEXAM

Course Schedu leSPRINGBREAK(February29– March6)

8Tuesday03.08.2016

IntroductiontoCybersecurityInvestigations-TheKillChain

Install SplunkCommunityEnterpriseorCommunityEditionWEBEX

9Tuesday03.15.2016

BigDataandSplunk Tools:SplunkWEBEX

ZadrozniandKodalli–1,2

10

Tuesday03.22.2016

GettingDataIntoSplunk Tools:Splunk

WEBEX

ZadrozniandKodalli–3

Lab04– GettingDataintoSplunkandProcessingtheData

Quiz3

11Tuesday03.29.2016

Processingand AnalyzingData Tools:SplunkWEBEX

ZadrozniandKodalli–4

12Tuesday04.05.2016

VisualizingTheResults Tools:SplunkWEBEX

ZadrozniandKodalli–5

Quiz4

13Tuesday04.12.2016

DefiningAlerts Tools:SplunkWEBEX

PrepareforFinalExam Lab05– VisualizingtheResultsandDefiningAlerts

14Tuesday04.19.2016

NONE.FINAL EXAM

Miss ion and Learn ingOb ject ives§ Understandhowtoorganizeand

analyzecontroldata§ Understand theprinciplesof

transaction-orienteddata,andhowtostoreandretrievedatafordatasources.

§ Understandmethods toidentifywaysinwhichperpetratorscompromisedatatoaffectfraud.

§ Identifyandcomparesourcesandmethodsofcapturingdatathroughoutabusinessprocess.

§ Usedatamining techniques toidentifyassociationsandtrendsamongdata.

§ Applydatamining techniques toexaminecontrolefficacy.

§ Integratedataacrossmultiplesources, transforming itintoasingleview.

§ Understandandselectappropriatedatavisualization techniquestoeffectivelycommunicate theresultsofananalysiseffort.

§ Communicateanalysisresultstostakeholders forongoing qualityassuranceandprocessimprovement.

Requ ired Texts

Optional Texts (Future Read ing)

Presentat ions and Lab 01§ Laterinthecourseyouwillbeaskedto

presentyourlabfindingsonaselectivebasis– eitherindividuallyorasagroup

§ Ideasandproposals inbusinessarenowtypicallycommunicatedvia“decks”.Oftenthesedecksarenotevenpresentedintheformalsense,theyjustgetemailedtotherecipient.Youneedto learnhowtocommunicateyourideasusingdecks.Thisisanimportantskill.Youcanbethebestanalystintheworldbut ifyoucannotgetyourideasacross…

§ Writingskillsareimportantbutwetendtooveremphasizecorrectgrammarandform– notnecessarilysimpleanddirectcommunication– theessenceofcreatinggooddecks.

§ Eachslideinyourdeckshouldbecraftedjust likeyouwouldcraftacanvasofapainting!

§ TheCognitiveStyleofPowerPoint byEdwardTufte (34Pages)

§ PresentationSkillsVideo:https://www.youtube.com/watch?v=ayxfblOyUBY (3:56)

§ PresentationSkillsVideo:https://www.youtube.com/watch?v=VVp8UGjECt4(5:20)

§ PresentationSkillsVideo:https://www.youtube.com/watch?v=whTwjG4ZIJg(7:18)

Thankyou.