Skip to main content

ISLA Santarém 13157

Auditing and Computer Security

Information Technology Management (ISLA Santarém)
  • ApresentaçãoPresentation
    The Audit and Information Security course aims to equip students with essential skills to identify, analyze, and mitigate risks in technological infrastructures, with a strong focus on network security. Positioned within the domain of cybersecurity and system auditing, this course covers methodologies, regulations, and best practices for information protection, integrating a significant practical component. The configuration of firewalls plays a key role, allowing students to gain hands-on experience in implementing and managing security policies, intrusion detection, and incident response. This applied approach enhances the course’s relevance within the study program, preparing students for real-world challenges in securing IT systems.
  • ProgramaProgramme
    1.Introduction to IT Auditing and Security. 2. Threats: Types of threats. Sources of threats. 3. Security Policies: Development and implementation. Security standards. 4. Risk Management: Identification and assessment of risks. Risk mitigation strategies. 5. Security Technologies: Firewalls and intrusion detection/prevention systems. Cryptography. Authentication and access control. 6. Auditing: Objectives, Principles and Auditing Techniques. 7. Audit and Security Standards and Frameworks: COBIT. NIST. ISACA. 8. Incident Management: Planning and response. 9. Human Aspects of Security: Awareness and training. Social engineering and its techniques. 10. GDPR – General Data Protection Regulation.
  • ObjectivosObjectives
    Objectives: O1. Present the fundamental concepts of auditing and IT security. O2. Identify the main threats and risks that affect information systems, as well as the main controls to nullify them. O3. Discuss the fundamentals of computer security policies. O4. Present security audit standards and frameworks. O5. Identify the fundamental principles of the GDPR. Competences: C1. Demonstrate knowledge of the main risks that affect information systems, as well as the main controls to eliminate them. C2. Specify and apply security policies. C3. Use encryption mechanisms. C4. Use auditing, vulnerability testing and intrusion detection software. C5. Discuss the human aspects related to computer security.
  • BibliografiaBibliography
    Easttom, C. (2023). Computer security fundamentals. Pearson IT Certification. Stallings, W., Brown, L., & Bauer, M. D. (2023). Computer security: principles and practice. USA: Pearson Education. Koflr, M, et. al, (2023). Hacking and Security, The Comprehensive Guide to Penetration Testing and Cybersecurity. SAP PRESS. van Oorschot, Paul C.(2021). Computer Security and the Internet, Tools and Jewels from Malware to Bitcoin. Springer Nature.
  • MetodologiaMethodology
    Face-to-face:  1. Demonstrative method: presentation and analysis of case studies aimed at consolidating knowledge. 2. Practical exercises: solving application problems on the topics under study. Independent:  3. Guided research proposed by the teacher and case studies to deepen understanding of the content. The teacher provides feedback on students' conclusions/questions as well as on the exercises solved in class and/or through the Moodle teaching/learning support platform.
  • LínguaLanguage
    Português
  • TipoType
    Semestral
  • ECTS
    4
  • NaturezaNature
    Mandatory
  • EstágioInternship
    Não
  • AvaliaçãoEvaluation

    A avaliação curricular inclui três componentes:

    - A1. Exercícios resolvidos em sala de aula.

    - A2. Trabalho teórico-prático (grupo).

    - A3. Teste final teórico-prático (individual).

    A classificação final é calculada através da fórmula Classificação Final =A1*0,2+A2*0,4+A3*0,4.

    O estudante é aprovado se obtiver classificação igual ou superior a 9,5 valores.

    Avaliação Final ou em Época de Recurso ou Época Especial (A):

    Hipótese 1:

    A1. Portfólio de trabalhos/exercícios de aula. O estudante realizou os exercícios e obteve classificação positiva: mantêm a nota que será considerada nestas épocas de avaliação.

    A2. Trabalho prático (grupo). O estudante participou no trabalho de grupo e obteve classificação positiva na componente individual:

    mantém a nota que será considerada nestas épocas de avaliação.

    A3. Teste teórico/prático (individual). O estudante realiza este Teste em qualquer das épocas em que se submeta a avaliação.

    A classificação final é calculada através da formula prevista na avaliação Curricular (contínua).

    Hipótese 2:

    O estudante não realizou trabalhos/exercícios de aula ou realizando obteve classificação negativa e/ou não participou no trabalho de grupo ou participando obteve classificação negativa na componente de avaliação individual.

    Avaliação Final, Avaliação em Época de Recurso/Especial (A): O estudante realiza o exame teórico-prático (A=100%) e é aprovado se obtiver uma classificação igual ou superior a 9,5 valores em 20.