Course Brief

The aim of this course is to provide the student with a clear understanding of the importance of IT auditing in the context of a modern networked environment.  This course will cover many aspects of IT security auditing based around recognised standards e.g. ISO27001/2. This course will prove useful to IT security professionals currently working in medium and large organisations.


  1. Understand the security risks in information systems.

  2. Analyse the risk exposures of particular assets to particular threats.

  3. Choose and justify the choice of appropriate controls to deal with risks.

  4. Critically appraise the use of audit techniques to ensure appropriate use of controls

  5. Implement a practical audit strategy to identify, analyse and manage security risks in an active IT environment.

Audit process: planning, fieldwork, solutions, reporting, tracking, gap, root cause;

Audit methods: checklist, observation, interview, CAAT’s, peer/self/full, internal v external;

Sample audit examples: hardware, software, BCP;

IT Governance: Standards, ISO27002;

Audit Frameworks : COBIT, PCIDSS;

Legal aspects: Sarbanes-Oxley, Data Protection, Public Interest Disclosure;

Professional qualifications: CISA, CISSP.

  • MSc Operational Cyber Security

    Students on the MSc Operational Cyber Security will learn a wide range of practical and theoretical skills. Students will develop a sound knowledge of cyber security and its application in real life situations, while extending their abilities to analyse and solve problems. 

    Applications would be welcomed from students with any numerate degree from a science background, a Law or a business degree. Mature applicants who demonstrate academic potential can also be assessed for eligibility.

     

    The programme provides opportunities for students to achieve a knowledge and understanding of:

    • Modern methods and techniques for cyber security, including penetration testing and IT auditing.
    • Basic concepts of networking, developing web applications, cyber security and risk management.
    • Techniques in cyber security, cyber physical security and forensics investigations.
    • The modern computing environment and software tools for a cyber security professional.
    • Specialised advanced topics in the area of security and its applications.
    • Research tools and techniques appropriate to the cyber security domain.