-
Presentation
Presentation
Study of the fundamentals of auditing and IT security are studied from a theoretical and practical point of view, to provide students with the necessary skills to be able to specify a security policy, implement it using the appropriate mechanisms, verify the compliance of that implementation and monitor the its operation through tests and auditing, guaranteeing the pillars of computer security: Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation.
-
Class from course
Class from course
-
Degree | Semesters | ECTS
Degree | Semesters | ECTS
Doctorate | Semestral | 5
-
Year | Nature | Language
Year | Nature | Language
1 | Optional | Português
-
Code
Code
ULHT1504-21942
-
Prerequisites and corequisites
Prerequisites and corequisites
Not applicable
-
Professional Internship
Professional Internship
Não
-
Syllabus
Syllabus
1. Computer Audit Concepts, origins and historical evolution; COBIT Framework; Internal and external computer auditors; Auditing tools; Main analysis and control techniques. ¿ 1.1 The components of a computer audit Organization of the computer function; Contingency measures; Networks and telecommunications; System servers and software; Applications and databases; Logical and physical security; Development and testing; Security management 2. Computer Security 27k security policies; Cryptography: theory and applications; Pillars of security: Confidentiality, Integrity, Availability, Authenticity and Non-Repudiation; Public Key Infrastructure, Digital Signatures, Digital Certificates; Implementation of encryption algorithms; PGP: Pretty Good Privacy, OpenPGP; MD5, MD5 hash, RSA, SSL, openSSL; Risk, control, control and security objectives; ISO 17799 and ISO 27001 standards; Tests - Parrot OS & Kali; Secure Software Life Cycle
-
Objectives
Objectives
Provide the fundamental and advanced concepts in information security; Provide the concepts and put into practice actions to implement and evaluate safety policies; Know the main risks that affect information systems, as well as controls and mechanisms to cancel them; ISO 27K security policy audit; Cryptography: Concepts and practice in Safe Development Lifecycle, E-mail; Certificates and Keys Infrastructure, Algorithms; Perform a computer audit and the respective means of reporting and control; Perform intrusion tests; Mastering security platforms: OWASP, WebGoat, and CEH - Certified Ethical Hacker; Use audit software, vulnerability testing, and intrusion detection, for example, Parrot OS and Kali Linux OS; Development and forensic analysis of Viruses, Worms, Ransomware, and Trojans; Use systems to guarantee the pillars of computer security.
-
Teaching methodologies and assessment
Teaching methodologies and assessment
Laboratory-based teaching with exposure and demonstration of each aspect of the curricular unit (in tutorial mode with examples). Seminars and study visits to business entities to see the practical application of the taught content on-site
-
References
References
CORREIA, Miguel / SOUSA, Paulo, Segurança no Software , FCA, 2017 CARNEIRO, A. Auditoria e Controlo de Sistemas de Informação , FCA 2009 CARNEIRO, A. Introdução à Segurança dos Sistemas de Informação , FCA, 2004 MAMEDE, H. Segurança Informática nas Organizações. FCA, 2006 OLIVEIRA, José, Método de Auditoria a Sistemas de Informação , Porto Editora, 2006 ZÚQUETE, A., Segurança em Redes Informáticas , 4ª Edição, FCA, 2014 MATEUS-COELHO, N / CRUS-CUNHA M. Handbook of Research on Cyber Criminals and Data Privacy Measures, 2020, IGI-Global
-
Office Hours
Office Hours
-
Mobility
Mobility
No
