Course Unit / Security Auditing

Security Auditing

Year
1
Academic year
2021-2022
Code
02033313
Subject Area
Informatics Security
Language of Instruction
Portuguese
Other Languages of Instruction
English
Mode of Delivery
Face-to-face
Duration
SEMESTRIAL
ECTS Credits
6.0
Type
Compulsory
Level
2nd Cycle Studies - Mestrado

Recommended Prerequisites

BSc in Informatics Engineering or equivalent.

Teaching Methods

Lecture classes (T): presentation and discussion around the topics of the course.

Lab classes (PL): application of theoretical concepts in projects.

The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.

The practical classes will be preferably booked Friday morning. The practical assignments may also be developed by the students in remote and asynchronous mode with remote support of teachers.

Learning Outcomes

This curricular unit aims to integrate the knowledge obtained in the various disciplines of MSI in the audit context , a case study to be defined for each group of students, taking into account the methodologies, procedures, standards and tools for conducting security auditing in  organizations. It is also intended that the students acquire/develop the following core competencies:

- Skills on cyber security assessment and management, security risk analysis, security risk assessment and management at organization and system level.

- Practical application of the theoretical knowledge on security assessment and management, competences in analysis and synthesis, critical reasoning, and self-learning and the following secondary competencies:

- Problem solving, oral and written communication, interpersonal relations, and team work.

Work Placement(s)

No

Syllabus

• Introduction to IT security auditing.

• Information security certification.

• Standards and certification procedures and security audit.

• Tools of communications and information security auditing .

• Ethics and deontology in computer audit.

• Study cases.

Head Lecturer(s)

Edmundo Heitor da Silva Monteiro

Assessment Methods

Assessment
Exam: 25.0%
Project: 75.0%

Bibliography

ISO/IEC 27007:2011 Information technology — Security techniques — Guidelines for information security management systems auditing, 2011.

Chris Jackson, Network Security Auditing Tools and Techniques, 2010.

Kvong, Javier F., Computer Auditing, Security, and Internal Control Manual, 2015.

Hassan A. Afyouni, Database Security and Auditing: Protecting Data Integrity and Accessibility, 2013.

Richard E. Cascarino, Auditor's Guide to Information Systems Auditing, 2007.

Robert E. Davis, Auditing Information Security Management, 2008.