Course Brief

The aim of this course is to show the need to consider information security threats and their subsequent audit and control at management level within an organisation. Students will be expected to utilise professional skills learnt in other parts of the programme and apply them to practical audit and reporting tasks. The main taught element will focus on how to identify security issues and apply principles of audit and control to management reporting. As part of the taught programme the course will aim to: Provide students with an understanding of the threats to information and information systems. Provide students with awareness of controls that may be applied to reduce risk from threats. Make students aware of the importance of good security policy at management level.

  • This course is offered in 60 hours

On completion of this course the students should be able to:

A. Understand the common security threats that threaten information systems in organisations.

B. Analyse and Assess the risk exposures of particular assets to particular threats.

C. Justify the choice of appropriate controls to deal with risks.

D. Critically appraise the use of audit techniques to ensure appropriate use of controls.

E. Implement a practical audit strategy to identify, analyse and manage security risks in an active IT environment.

Risk Management: ALE, Life-Cycle, Outsourcing, CRAMM.
Audit Process: Planning, Fieldwork, Solution-development, Reporting.
Audit Methods: Checklists, Observation, Interview, CAAT’s, Peer/self/full, Internal/external.
Asset security audits: Hardware, Software, Data, Network Audits.
Systems security audits: HR, BCP, SDLC.
IT Governance – Frameworks & Standards: ITIL, CoBIT, COSO, ISO27001, NSA INFOSEC.
IT Governance – Regulations: Sarbanes-Oxley, HIPAA, Basel II, PCIDSS, Data Protection.
Professional Issues: ISACA Code of Conduct; CISA, QiCA, CISM, CISSP Qualifications.

Concepts will be introduced in lectures and practical exercises and problem solving will be done through tutorials.

Student time will be: Lecture – 2/3, Tutorial – 1/3.

Coursework – 50%
Perform individual practical audit and write up.
Learning Outcomes: E.

Examination – 50%
2 hours. Closed book.
Learning Outcomes: A, B, C, D.

Level: Masters
Credits: 15