Course Unit / Security Auditing

Security Auditing

Year
1
Academic year
2025-2026
Code
02033313
Subject Area
Cybersecurity
Language of Instruction
Portuguese
Other Languages of Instruction
English
Mode of Delivery
Face-to-face
Duration
SEMESTRIAL
ECTS Credits
6.0
Type
Elective
Level
2nd Cycle Studies - Mestrado

Recommended Prerequisites

Portuguese or english if there are any foreign students.

Teaching Methods

Lecture classes (T): presentation and discussion around the topics of the course.

Lab classes (PL): application of theoretical concepts in projects.

The MSI theoretical classes will take place, preferably, Friday afternoon and Saturday morning. Theoretical classes will also be broadcast by teleconference and will be recorded to allow the students to follow the classes remotely.

The practical classes can also be focused on the practical assignments which may also be developed by the students in remote and asynchronous mode with remote support of teachers.

Learning Outcomes

This curricular unit aims to integrate the knowledge obtained in the various MSI disciplines in an audit context, in a case study to be defined
for each group of students and taking into account the methodologies, procedures, standards and tools for carrying out an audit. security in
organizations. Students are expected to acquire/develop the following key skills:
- Skills in cybersecurity assessment and management, IT security risk analysis and management, security risk assessment and
management, within IT systems and the organizations in which they are located.
- Practical application of theoretical knowledge in security assessment and management, analysis and synthesis skills, and self-learning
capacity in new contexts in the field of IT security.
And the following skills:
- Problem solving, oral and written communication, interpersonal relationships and teamwork skills.

Work Placement(s)

No

Syllabus

Introduction to Security Auditing

Certification on information security

Rules and procedures for auditing and certification on security

Tools for Security Auditing

Ethics on Security Auditing.

Head Lecturer(s)

Paulo Alexandre Ferreira Simões

Assessment Methods

Assessment
Other: 15.0%
Exam: 30.0%
Project: 55.0%

Bibliography

ISO/IEC 27007:2020 Information security, cybersecurity and privacy protection — Guidelines for information security management systems auditing, 2020

ISO/IEC 27001:2022 Information security, cybersecurity and privacy protection – Information security management systems, 2022

NIS2 Directive, 2022, https://eur-lex.europa.eu/eli/dir/2022/2555

NIST Cybersecurity Framework 2.0, National Institute of Standards and Technology, 2024

Hughes, C., Robinson N., Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystem, Wiley, 1ª Edição, Abril 2024

Martin Weiss & Michael Solomon, Auditing IT Infrastructures for Compliance, Third Edition, Jones &

Bartlett Learning, 2022.

Kegerreis, M., Schiller M., IT Auditing Using Controls to Protect Information Assets, Third Edtion, 2019.