Educational guide
IDENTIFYING DATA 2019_20
Subject SYSTEMS AUDITING AND FORENSICS II Code 01733119
Study programme
1732 - MASTER UNIVERSITARIO EN INVESTIGACION EN CIBERSEGURIDAD (OL)
Descriptors Credit. Type Year Period
6 Optional Second First
Language
Castellano
Prerequisites
Department ING.MECANICA,INFORMAT.AEROESP.
Coordinador
SÁNCHEZ GONZÁLEZ , LIDIA
E-mail lsang@unileon.es
jpela@unileon.es
Lecturers
SÁNCHEZ GONZÁLEZ , LIDIA
PELAEZ ALVAREZ , JUAN DELFIN
Web http://agora.unileon.es
General description In this subject, audit and forensics techniques are studied. It includes fundamentals as well as risk management, digital evidence collection and evidence processing and reporting
Tribunales de Revisión
Tribunal titular
Cargo Departamento Profesor
Presidente ING.MECANICA,INFORMAT.AEROESP. MATELLAN OLIVERA , VICENTE
Secretario ING.MECANICA,INFORMAT.AEROESP. PANIZO ALONSO , LUIS
Vocal ING.MECANICA,INFORMAT.AEROESP. RODRIGUEZ DE SOTO , ADOLFO
Tribunal suplente
Cargo Departamento Profesor
Presidente ING.MECANICA,INFORMAT.AEROESP. FERNANDEZ LLAMAS , CAMINO
Secretario ING.MECANICA,INFORMAT.AEROESP. ALIJA PEREZ , JOSE MANUEL
Vocal ING.MECANICA,INFORMAT.AEROESP. CUERVO FERNANDEZ , EVA MARIA

Competencies
Type A Code Competences Specific
  A17098
  A17099
Type B Code Competences Transversal
  B5220
  B5221
  B5222
  B5223
  B5224
  B5225
Type C Code Competences Nuclear
  C1
  C2
  C3
  C4
  C5

Learning aims
Competences
Student knows the fundamentals about audit of input-level controls, data centers, enterprise projects, disaster recovery and know the frameworks, standards and regulations applicable to security audits. A17098
Students knows how the main techniques of forensics are applied to network and mobile environments A17099
Students know how to elaborate and solve problems about computer security and communications B5220
Students know how to collect and understand data about computer security and communications B5221
Students know how to judge relevant social, scientific and ethical issues regarding cybersecurity B5222
Students know how to provide solutions to the industry in the cybersecurity field B5223
Students knows how to learn on their own B5224
C4
Students know how to develop a project of both computer and communication security. B5225
Students are able to hold and understand issues that provide a chance to be original for developing or applying ideas, mainly in a research context C5
Students know how to apply the acquired knowledge and how to solve problems in new environments or not well known in widespread contexts (as multidisciplinary) related to their study field C1
Students can integrate knowledge and face the complexity of framing judgments from information, that might be incomplete or limited, but includes thoughts about social and ethical responsibilities involved with the application of their knowledge and judgment C2
Students can communicate their conclusions and their knowledge as well as their reasons that support them to specialized and not specialized public in a clear way without ambiguities. C3

Contents
Topic Sub-topic
1. Entity-Level Controls Auditing 2. Data Centers Auditing and Disaster Recovery 3. Company Projects Auditing 4. Frameworks, Standards, and Regulations 5. Computer Forensics 6. Network and Mobile Forensics 1. Entity-Level Controls Auditing
2. Data Centers Auditing and Disaster Recovery
3. Company Projects Auditing
4. Frameworks, Standards, and Regulations
5. Computer Forensics
6. Network and Mobile Forensics

Planning
Methodologies  ::  Tests
  Class hours Hours outside the classroom Total hours
Assignments 13 32 45
 
Practicals using information and communication technologies (ICTs) in computer rooms 20 30 50
 
Lecture 10 20 30
 
Practical tests 5 20 25
 
(*)The information in the planning table is for guidance only and does not take into account the heterogeneity of the students.

Methodologies
Methodologies   ::  
  Description
Assignments Writing reports that includes the concepts treated in both theoretical and practical lessons.
Practicals using information and communication technologies (ICTs) in computer rooms Learning activities using computer tools in order to understand the practice of the theoretical concepts
Lecture Learning activities to introduce the main concepts of the subject that can be individuals or in groups.

Personalized attention
 
Lecture
Assignments
Practicals using information and communication technologies (ICTs) in computer rooms
Practical tests
Description
Doubts can be solved by email or asking the lecturer

Assessment
  Description Qualification
Lecture Assessment of the acquired competences (Summative assessment) 10%
Assignments Assessment of the acquired competences (Continuous assessment) 40%
Practicals using information and communication technologies (ICTs) in computer rooms Assessment of the acquired competences (Summative assessment) 10%
Practical tests Assessment of the acquired competences (Summative assessment) 40%
 
Other comments and second call
<p>Second call will consist in an assessment of the acquired competences</p>

Sources of information
Access to Recommended Bibliography in the Catalog ULE

Basic Piattini Veltius, M. y otros, Calidad de Sistemas de Información, RA-MA, 2011
Hervada Vidal, F. y Piattini Veltius, M., Gobierno de las Tecnologías y los Sistemas de Información, RA-MA, 2007
Bill Nelson, Amelia Philips, Christopher Steuart, Guide to computer forensics and investigations. Processing Digital Evidence, Cengage Learning, 5ª Edición
Patrick Engebretson, The basics of hacking and penetration testing, Syngress, Elsevier, 2ª Edición
Peter Kim, The hacker playbook 2, Secure Planet LLC, 2014

Complementary Sara Baase, A gift of fire, Pearson, 4ª Edición
Ben Clark, Red Team Field Manual, , 2013


Recommendations


Subjects that it is recommended to have taken before
SYSTEMS AUDITING AND FORENSICS I / 01733008