1. General information
Course:
AUDIT AND SECURITY MANAGEMENT
Code:
310608
Type:
CORE COURSE
ECTS credits:
6
Degree:
2359 - MASTERS DEGREE PROGRAMME IN COMPUTER ENGINEERING (CR-2019)
Academic year:
2021-22
Center:
108 - SCHOOL OF COMPUTER SCIENCE OF C. REAL
Group(s):
20
Year:
1
Duration:
First semester
Main language:
Spanish
Second language:
English
Use of additional languages:
English Friendly:
Y
Web site:
https://campusvirtual.uclm.es
Bilingual:
N
Lecturer:
MARIO GERARDO PIATTINI VELTHUIS
- Group(s):
20
Building/Office
Department
Phone number
Email
Office hours
Fermín Caballero / 3.29
TECNOLOGÍAS Y SISTEMAS DE INFORMACIÓN
3715
mario.piattini@uclm.es
Available at https://esi.uclm.es/categories/profesorado-y-tutorias
Lecturer:
LUIS ENRIQUE SANCHEZ CRESPO
- Group(s):
20
Building/Office
Department
Phone number
Email
Office hours
Fermin Caballero/2.19
TECNOLOGÍAS Y SISTEMAS DE INFORMACIÓN
3088
luise.sanchez@uclm.es
Available at https://esi.uclm.es/categories/profesorado-y-tutorias
2. Pre-Requisites
Not established
3. Justification in the curriculum, relation to other subjects and to the profession
This subject is part of the "Quality and Security" knowledge block and offers the student a wide vision of the concepts of audit and security, as well as the role these concepts play in the information systems of companies. This subject is intertwined with the subject "Management, Certification and Evaluation of Information Systems" to offer a complete vision of the competencies related to guarantee the quality and security (as an outstanding element of quality) of the information technologies.
Through Audit and Security Management, the aim is to make known the aspects related to the audit and security of information systems and technologies, considering both legislative and regulatory aspects, among other dimensions.
In the Software Engineering profession, skills related to audit and security management are among the most demanded and recognized, from the governance and management of information technologies, to the creation and management of Information Security Management Systems (ISMS), the performance of Information System Risk Analysis and Management (ISRAM), as well as analysis of their impact on companies. The implementation of audit and security management departments (Internal Control), as well as addressing other challenges in emerging issues of audit and security management in Smart Cities, coming to understand existing regulations relating to cyber security, critical infrastructure, contingency plans and disaster recovery, are also key activities for this profession.
4. Degree competences achieved in this course
| Course competences | |
|---|---|
| Code | Description |
| CE06 | Ability to secure, manage, audit and certify the quality of developments, processes, systems, services, applications and computing products. |
| INS03 | Ability to manage information and data. |
| INS05 | Argumentative skills to logically justify and explain decisions and opinions. |
| PER01 | Team work abilities. |
| PER04 | Interpersonal relationship skills. |
| PER05 | Acknowledgement of human diversity, equal rights and cultural variety. |
| SIS01 | Critical thinking. |
| SIS02 | Ethical commitments. |
| SIS03 | Autonomous learning. |
| SIS09 | Care for quality. |
| UCLM02 | Ability to use Information and Communication Technologies. |
| UCLM04 | Professional ethics. |
5. Objectives or Learning Outcomes
| Course learning outcomes | |
|---|---|
| Description | |
| Assess and certify the security of the system software based on the existing rules and standards, as well as the most appropriate security maturity models | |
| Plan, implement and operate departments responsible for the audit, safety and quality control tasks in companies | |
| Perform an IT management audit based on existing rules and standards | |
| Perform a system security audit based on the existing rules and standards | |
| Additional outcomes | |
| Not established. |
6. Units / Contents
-
Unit 1: Information Systems Audit
-
Unit 2: Business continuity
-
Unit 3: Information Technology and Systems Government
-
Unit 4: Risk management
-
Unit 5: Information Systems Security
-
Unit 6: IT Security in the Organization
-
Unit 7: Cybersecurity
ADDITIONAL COMMENTS, REMARKS
practices:
1. Business Continuity Plan.
2. Security Management and ICT Risk Analysis.
7. Activities, Units/Modules and Methodology
| Training Activity | Methodology | Related Competences (only degrees before RD 822/2021) | ECTS | Hours | As | Com | Description | |
| Class Attendance (theory) [ON-SITE] | Combination of methods | CE06 | 0.8 | 20 | N | N | Master classes for the development of the topics and theoretical and practical lessons in the laboratory | |
| Problem solving and/or case studies [ON-SITE] | Problem solving and exercises | INS05 PER01 PER04 SIS01 | 0.36 | 9 | Y | N | Case Study Discussion | |
| In-class Debates and forums [ON-SITE] | Debates | INS05 PER01 PER04 PER05 SIS01 UCLM02 | 0.16 | 4 | Y | N | Discussions on real cases or related current proposals | |
| Individual tutoring sessions [ON-SITE] | Other Methodologies | INS03 | 0.16 | 4 | N | N | Tutoring to follow up on individual work | |
| Group tutoring sessions [ON-SITE] | Group tutoring sessions | SIS03 | 0.08 | 2 | N | N | Tutoring to follow up on group work | |
| Study and Exam Preparation [OFF-SITE] | Self-study | CE06 INS03 SIS03 | 2.2 | 55 | N | N | Study to be devoted to the study of the subject for the written tests | |
| Project or Topic Presentations [ON-SITE] | Group Work | CE06 INS03 INS05 SIS01 SIS02 SIS09 UCLM02 | 0.16 | 4 | Y | N | Presentation of the work in class and question rounds by the other students. | |
| Practicum and practical activities report writing or preparation [OFF-SITE] | Group Work | CE06 INS03 INS05 SIS01 SIS02 SIS09 | 1 | 25 | Y | Y | Preparation of two reports covering theoretical and practical content. This activity will have a group character. | |
| Practicum and practical activities report writing or preparation [OFF-SITE] | Other Methodologies | CE06 | 0.4 | 10 | Y | Y | Elaboration of a report covering practical contents This activity will have an individual character. | |
| Laboratory practice or sessions [ON-SITE] | Practical or hands-on activities | INS03 INS05 PER04 SIS09 UCLM02 | 0.4 | 10 | N | N | Preparation of practices in the laboratory | |
| Progress test [ON-SITE] | Assessment tests | CE06 INS05 SIS01 UCLM04 | 0.12 | 3 | Y | Y | Progress test with approximately half of the subject content | |
| Final test [ON-SITE] | Assessment tests | CE06 INS05 SIS01 UCLM04 | 0.16 | 4 | Y | Y | Final test with all the contents of the subject. | |
| Total: | 6 | 150 | ||||||
| Total credits of in-class work: 2.4 | Total class time hours: 60 | |||||||
| Total credits of out of class work: 3.6 | Total hours of out of class work: 90 | |||||||
As: Assessable training activity Com: Training activity of compulsory overcoming (It will be essential to overcome both continuous and non-continuous assessment).
8. Evaluation criteria and Grading System
| Evaluation System | Continuous assessment | Non-continuous evaluation * | Description |
| Test | 25.00% | 0.00% | Compulsory activity that can be retaken. Partial test of the first half of the temary (chapters 1-4). It will be held in the middle of the four-month period [ESC]. |
| Test | 25.00% | 0.00% | Compulsory activity that can be retaken. Partial test of the second half of the temary (chapters 5-7). It will be held on the date stipulated in the official calendar for the regular final examination [ESC] |
| Assessment of problem solving and/or case studies | 5.00% | 5.00% | Non-compulsory activity that can be retaken. In class, practical cases and readings in which students will have to participate and get involved (in groups or individually depending on the type of activity) [INF]. |
| Theoretical papers assessment | 15.00% | 15.00% | Compulsory activity that can be retaken. Deliverable of the theoretical group work [INF] |
| Practicum and practical activities reports assessment | 20.00% | 20.00% | Compulsory activity that can be retaken. It will consist of the delivery of 2 theoretical-practical works [LAB] |
| Oral presentations assessment | 10.00% | 10.00% | Non-compulsory activity that can be retaken. To be carried out during the theory/lab sessions in the case of continuous evaluation students. The non-continuous evaluation students will have an alternative evaluation system for this activity to be carried out within the planned exam dates of the final exam call (convocatoria ordinaria). [PRES] |
| Final test | 0.00% | 50.00% | Compulsory activity that can be retaken (rescheduling) to be carried out within the planned exam dates of the final exam call (convocatoria ordinaria). |
| Total: | 100.00% | 100.00% |
According to art. 4 of the UCLM Student Evaluation Regulations, it must be provided to students who cannot regularly attend face-to-face training activities the passing of the subject, having the right (art. 12.2) to be globally graded, in 2 annual calls per subject , an ordinary and an extraordinary one (evaluating 100% of the competences).
Evaluation criteria for the final exam:
-
Continuous assessment:In compulsory activities, a minimum mark of 40% is required in order to pass that activity and have the possibility to therefore pass the entire subject. The evaluation of the activities will be global and therefore must be quantified by means of a single mark. In the case of the activities that may be retaken (i.e., rescheduling), an alternative activity or test will be offered in the resit/retake exam call (convocatoria extraordinaria).
The partial tests will be common for all the theory/laboratory groups of the subject and will be evaluated by the lecturers of the subject in a serial way, i.e., each part of the partial tests will be evaluated by the same lecturer for all the students.
A student is considered to pass the subject if she/he obtains a minimum of 50 points out of 100, taking into account the points obtained in all the evaluable activities, and also has passed all the compulsory activities.
For students who do not pass the subject in the final exam call (convocatoria ordinaria), the marks of activities already passed will be conserved for the resit/retake exam call (convocatoria extraordinaria). If an activity is not recoverable, its assessment will be preserved for the resit/retake exam call (convocatoria extraordinaria) even if it has not been passed. In the case of the passed recoverable activities, the student will have the opportunity to receive an alternative evaluation of those activities in the resit/retake exam call and, in that case, the final grade of the activity will correspond to the latter grade obtained.
The mark of the passed activities in any call, except for the partial tests, will be conserved for the subsequent academic year at the request of the student, provided that mark is equal or greater than 50% and that the activities and evaluation criteria of the subject remain unchanged prior to the beginning of that academic year.
The failure of a student to attend the partial 1 and partial 2 tests will automatically result in her/him receiving a "Failure to attend" (no presentado). If the student has not passed any compulsory evaluation activity, the maximum final grade will be 40%. -
Non-continuous evaluation:Students may apply at the beginning of the semester for the non-continuous evaluation mode. In the same way, the student may change to the non-continuous evaluation mode as long as she/he has not participated during the teaching period in evaluable activities that together account for at least 50% of the total mark of the subject. If a student has reached this 50% of the total obtainable mark or the teaching period is over, she/he will be considered in continuous assessment without the possibility of changing to non-continuous evaluation mode.
Students who take the non-continuous evaluation mode will be globally graded, in 2 annual calls per subject, an ordinary and an extraordinary one (evaluating 100% of the competences), through the assessment systems indicated in the column "Non-continuous evaluation".
In the "non-continuous evaluation" mode, it is not compulsory to keep the mark obtained by the student in the activities or tests (progress test or partial test) taken in the continuous evaluation mode.
Specifications for the resit/retake exam:
Evaluation tests will be conducted for all recoverable activities.
Specifications for the second resit / retake exam:
Same characteristics as the resit/retake exam call.
9. Assignments, course calendar and important dates
| Not related to the syllabus/contents | |
|---|---|
| Hours | hours |
| General comments about the planning: | 4 hours of class per week. |
10. Bibliography and Sources
