Class Security and Auditing

The course focuses on security in computer systems and provides a brief introduction to encryption. Threats against systems are covered, as well as methods, technologies, and standards that are enforced to protect against such threats. A study is made of the auditing methods to be applied, addressing audits of information systems and security audits.

Not applicable

1. Basic safety concepts: security properties, policies and principles. Threats: risks and vulnerabilities, attacks, security infrastructure. Layers of a system and its security mechanisms. Distribution of security mechanisms. Defenses at the network and machine level. 2. Fundamentals of Cryptography: symmetric and asymmetric encryption, digital signature, public key infrastructure. Hash Functions. 3. Authentication and access control. Message integrity and confidentiality. 4. Audit. Internal and external audits. Types of auditing. Security Audit. Standards and standardization: safety standards, information security certification, control. Audit of information systems. Information technology audit tools and techniques. Application of the computer-aided audit technique (TAAC). Documentation. Standards and code of ethics for auditing information systems. Evaluation of procedures and risk analysis.

Exposure to guest seminars from companies listed in the PSI 20 where they address the practice of the subjects taught in a work environment. CTF will be held at specific events for this purpose. An academic conference will be called to assess the quality of students in relation to the production of scientific content in computer security.

Garfinkel, S., Spafford, G., & Schwartz, A. (2003). Practical UNIX and Internet security. "Reilly Media, Inc." Sriram, R. S. (2015). Auditing Information Systems. Wiley Encyclopedia of Management, 1-6. Peltier, T. R.(2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. Auerbach Publications. Ford, W., & Baum, M. S. (2000). Secure electronic commerce:building the infrastructure for digital signatures and encryption. Prentice Hall PTR.