Educational guide | ||||||||||||||||||||||||||||||||||||||||
IDENTIFYING DATA | 2024_25 | |||||||||||||||||||||||||||||||||||||||
Subject | SYSTEMS AUDITING | Code | 01747010 | |||||||||||||||||||||||||||||||||||||
Study programme |
|
|||||||||||||||||||||||||||||||||||||||
Descriptors | Credit. | Type | Year | Period | ||||||||||||||||||||||||||||||||||||
4 | Compulsory | First | Second |
|||||||||||||||||||||||||||||||||||||
Language |
|
|||||||||||||||||||||||||||||||||||||||
Prerequisites | ||||||||||||||||||||||||||||||||||||||||
Department | ING.MECANICA,INFORMAT.AEROESP. |
|||||||||||||||||||||||||||||||||||||||
Coordinador |
|
acamv@unileon.es agueh@unileon.es |
||||||||||||||||||||||||||||||||||||||
Lecturers |
|
|||||||||||||||||||||||||||||||||||||||
Web | http://agora.unileon.es | |||||||||||||||||||||||||||||||||||||||
General description | In this subject, audit and forensics techniques are studied. It includes fundamentals as well as risk management, digital evidence collection and evidence processing and reporting | |||||||||||||||||||||||||||||||||||||||
Tribunales de Revisión |
|
|||||||||||||||||||||||||||||||||||||||
Competencies |
Type A | Code | Competences Specific |
A18795 | ||
A18811 | ||
A18812 | ||
Type B | Code | Competences Transversal |
B5729 | ||
B5730 | ||
B5731 | ||
B5732 | ||
B5733 | ||
B5734 | ||
B5735 | ||
B5736 | ||
B5737 | ||
B5738 | ||
B5739 | ||
B5740 | ||
Type C | Code | Competences Nuclear |
C1 | ||
C2 | ||
C3 | ||
C4 | ||
C5 |
Learning aims |
Competences | |||
Student knows the fundamentals about audit of security systems | A18811 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Fraud prevention in e-commerce | A18812 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Knowledge of the main concepts of security systems auditing. | A18795 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Knowledge of the basic concepts of social engineering and psychology. | A18812 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Knowledge and implementation of auditing techniques for entry level controls, data centers and enterprise projects. Disaster recovery. Knowledge of frameworks, standards and regulations applicable to security audits. | A18795 |
B5729 B5730 B5731 B5732 B5733 B5734 B5735 B5736 B5737 B5738 B5739 B5740 |
C1 C2 C3 C4 C5 |
Contents |
Topic | Sub-topic |
1. Audit and Forensics Overview 2. Auditing Techniques 3. Risk Management 4. Forensic Technologies 5. Digital Evidence Collection 6. Evidentiary Processing and Reporting | |
Planning |
Methodologies :: Tests | |||||||||
Class hours | Hours outside the classroom | Total hours | |||||||
Practicals using information and communication technologies (ICTs) in computer rooms | 15 | 45 | 60 | ||||||
Lecture | 20 | 15 | 35 | ||||||
Mixed tests | 5 | 0 | 5 | ||||||
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students. |
Methodologies |
Description | |
Practicals using information and communication technologies (ICTs) in computer rooms | Learning activities using computer tools in order to understand the practice of the theoretical concepts |
Lecture | Learning activities to introduce the main concepts of the subject that can be individuals or in groups. |
Personalized attention |
|
|
Assessment |
Description | Qualification | ||
Practicals using information and communication technologies (ICTs) in computer rooms | Assessment of the acquired competences (Summative assessment) | 30-70% | |
Lecture | Assessment of the acquired competences (Summative assessment) | 30-70% | |
Other comments and second call | |||
To pass the course it will be necessary to obtain a grade of at least 50% of the maximum both in the exam and in the practical tests. The work and practicals submitted may be reviewed with an anti-plagiarism software that can perform checks between the work of the students of the current and previous call and against external sources. If plagiarism is detected, the work will be graded as failed. During the evaluation tests it will not be possible to use electronic resources (calculators, tablets, phones, computers, etc.), except for those tests that under express indication of the teacher require the use of any of these resources. In case of any irregularity during the celebration of the corresponding exam or evaluation test, the student will be immediately withdrawn from the exam, expelled and graded as failed. In any case, what is established in the internal regulations of the ULe included in the document "Guidelines for action in cases of plagiarism, copying or fraud in exams or evaluation tests" (Approved Standing Committee of the Governing Council 29/01/2015) will be taken into account. The evaluation of the practicals will follow one of the following criteria (optionally both). The first will be an individual test that will consist of either a modification of the practice presented, or a presentation of the same. The second will be the evaluation of the practice itself by the professor. In the second call, there will be an evaluation test of theoretical and practical contents. The grade of the practical tests will be kept if they have been passed with at least 50% of the maximum grade in the first call and the delivery of the practices not passed will be required for their subsequent evaluation in the same terms as in the first call (individual test and/or evaluation of the practice). In the evaluation tests carried out by telematic means, the use of proctoring tools (e.g. SMOWL) may be required. In reference to the proctoring programs used during the exams of the official exams, the navigation in pages external to the exam itself, unless expressly indicated, may result in the failure of such activity, at the discretion of the faculty. In case of problems in the identification of the students, the faculty may require additional evaluation activities by videoconference. The conditions of these tests may be conditioned by connectivity, lighting, etc. being the responsibility of the students to follow the indications received in this regard, as well as to follow the instructions given by the teacher. |
Sources of information |
Access to Recommended Bibliography in the Catalog ULE |
Basic |
Patrick Engebretson, The basics of hacking and penetration testing, Syngress, Elsevier, 2ª Edición Peter Kim, The hacker playbook 2, Secure Planet LLC, 2014 |
Complementary |
Sara Baase, A gift of fire, Pearson, 4ª Edición Ben Clark, Red Team Field Manual, , 2013 |
Recommendations |