Security Auditing
1
2018-2019
02033313
Informatics Security
Portuguese
English
Face-to-face
SEMESTRIAL
6.0
Compulsory
2nd Cycle Studies - Mestrado
Recommended Prerequisites
BSc in Informatics Engineering or equivalent.
Teaching Methods
Lecture classes (T): presentation and discussion around the topics of the course.
Lab classes (PL): application of theoretical concepts in projects.
The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.
The practical classes will be preferably booked Friday morning. The practical assignments may also be developed by the students in remote and asynchronous mode with remote support of teachers.
Learning Outcomes
This curricular unit aims to integrate the knowledge obtained in the various disciplines of MSI in the audit context , a case study to be defined for each group of students, taking into account the methodologies, procedures, standards and tools for conducting security auditing in organizations. It is also intended that the students acquire/develop the following core competencies:
- Skills on cyber security assessment and management, security risk analysis, security risk assessment and management at organization and system level.
- Practical application of the theoretical knowledge on security assessment and management, competences in analysis and synthesis, critical reasoning, and self-learning.
and the following secondary competencies:
- Problem solving, oral and written communication, interpersonal relations, and team work.
Work Placement(s)
NoSyllabus
- Introduction to IT security auditing.
- Information security certification.
- Standards and certification procedures and security audit.
- Tools of communications and information security auditing .
- Ethics and deontology in computer audit.
- Study cases.
Head Lecturer(s)
Edmundo Heitor da Silva Monteiro
Assessment Methods
Assessment
Exam: 25.0%
Project: 75.0%
Bibliography
ISO/IEC 27007:2011 Information technology — Security techniques — Guidelines for information security management systems auditing, 2011.
Chris Jackson, Network Security Auditing Tools and Techniques, 2010.
Kvong, Javier F., Computer Auditing, Security, and Internal Control Manual, 2015.
Hassan A. Afyouni, Database Security and Auditing: Protecting Data Integrity and Accessibility, 2013.
Richard E. Cascarino, Auditor's Guide to Information Systems Auditing, 2007.
Robert E. Davis, Auditing Information Security Management, 2008.