This subject is part of the "Quality and Security" knowledge block and offers the student a wide vision of the concepts of audit and security, as well as the role these concepts play in the information systems of companies. This subject is intertwined with the subject "Management, Certification and Evaluation of Information Systems" to offer a complete vision of the competencies related to guarantee the quality and security (as an outstanding element of quality) of the information technologies.
Through Audit and Security Management, the aim is to make known the aspects related to the audit and security of information systems and technologies, considering both legislative and regulatory aspects, among other dimensions.
In the Software Engineering profession, skills related to audit and security management are among the most demanded and recognized, from the governance and management of information technologies, to the creation and management of Information Security Management Systems (ISMS), the performance of Information System Risk Analysis and Management (ISRAM), as well as analysis of their impact on companies. The implementation of audit and security management departments (Internal Control), as well as addressing other challenges in emerging issues of audit and security management in Smart Cities, coming to understand existing regulations relating to cyber security, critical infrastructure, contingency plans and disaster recovery, are also key activities for this profession.
Course competences | |
---|---|
Code | Description |
CE06 | Ability to secure, manage, audit and certify the quality of developments, processes, systems, services, applications and computing products. |
INS03 | Ability to manage information and data. |
INS05 | Argumentative skills to logically justify and explain decisions and opinions. |
PER01 | Team work abilities. |
PER04 | Interpersonal relationship skills. |
PER05 | Acknowledgement of human diversity, equal rights and cultural variety. |
SIS01 | Critical thinking. |
SIS02 | Ethical commitments. |
SIS03 | Autonomous learning. |
SIS09 | Care for quality. |
UCLM02 | Ability to use Information and Communication Technologies. |
UCLM04 | Professional ethics. |
Course learning outcomes | |
---|---|
Description | |
Assess and certify the security of the system software based on the existing rules and standards, as well as the most appropriate security maturity models | |
Plan, implement and operate departments responsible for the audit, safety and quality control tasks in companies | |
Perform an IT management audit based on existing rules and standards | |
Perform a system security audit based on the existing rules and standards | |
Additional outcomes | |
Not established. |
practices:
1. Business Continuity Plan.
2. Security Management and ICT Risk Analysis.
Training Activity | Methodology | Related Competences (only degrees before RD 822/2021) | ECTS | Hours | As | Com | Description | |
Class Attendance (theory) [ON-SITE] | Combination of methods | CE06 | 0.8 | 20 | N | N | Master classes for the development of the topics and theoretical and practical lessons in the laboratory | |
Problem solving and/or case studies [ON-SITE] | Problem solving and exercises | INS05 PER01 PER04 SIS01 | 0.36 | 9 | Y | N | Case Study Discussion | |
In-class Debates and forums [ON-SITE] | Debates | INS05 PER01 PER04 PER05 SIS01 UCLM02 | 0.16 | 4 | Y | N | Discussions on real cases or related current proposals | |
Individual tutoring sessions [ON-SITE] | Other Methodologies | INS03 | 0.16 | 4 | N | N | Tutoring to follow up on individual work | |
Group tutoring sessions [ON-SITE] | Group tutoring sessions | SIS03 | 0.08 | 2 | N | N | Tutoring to follow up on group work | |
Study and Exam Preparation [OFF-SITE] | Self-study | CE06 INS03 SIS03 | 2.2 | 55 | N | N | Study to be devoted to the study of the subject for the written tests | |
Project or Topic Presentations [ON-SITE] | Group Work | CE06 INS03 INS05 SIS01 SIS02 SIS09 UCLM02 | 0.16 | 4 | Y | N | Presentation of the work in class and question rounds by the other students. | |
Practicum and practical activities report writing or preparation [OFF-SITE] | Group Work | CE06 INS03 INS05 SIS01 SIS02 SIS09 | 1 | 25 | Y | Y | Preparation of two reports covering theoretical and practical content. This activity will have a group character. | |
Practicum and practical activities report writing or preparation [OFF-SITE] | Other Methodologies | CE06 | 0.4 | 10 | Y | Y | Elaboration of a report covering practical contents This activity will have an individual character. | |
Laboratory practice or sessions [ON-SITE] | Practical or hands-on activities | INS03 INS05 PER04 SIS09 UCLM02 | 0.4 | 10 | N | N | Preparation of practices in the laboratory | |
Progress test [ON-SITE] | Assessment tests | CE06 INS05 SIS01 UCLM04 | 0.12 | 3 | Y | Y | Progress test with approximately half of the subject content | |
Final test [ON-SITE] | Assessment tests | CE06 INS05 SIS01 UCLM04 | 0.16 | 4 | Y | Y | Final test with all the contents of the subject. | |
Total: | 6 | 150 | ||||||
Total credits of in-class work: 2.4 | Total class time hours: 60 | |||||||
Total credits of out of class work: 3.6 | Total hours of out of class work: 90 |
As: Assessable training activity Com: Training activity of compulsory overcoming (It will be essential to overcome both continuous and non-continuous assessment).
Evaluation System | Continuous assessment | Non-continuous evaluation * | Description |
Final test | 0.00% | 50.00% | |
Test | 25.00% | 0.00% | Compulsory activity that can be retaken. Partial test of the first half of the temary (chapters 1-4). It will be held in the middle of the four-month period [ESC]. |
Test | 25.00% | 0.00% | Compulsory activity that can be retaken. Partial test of the second half of the temary (chapters 5-7). It will be held on the date stipulated in the official calendar for the regular final examination [ESC] |
Assessment of problem solving and/or case studies | 5.00% | 5.00% | Non-compulsory activity that can be retaken. In class, practical cases and readings in which students will have to participate and get involved (in groups or individually depending on the type of activity) [INF]. |
Theoretical papers assessment | 15.00% | 15.00% | Compulsory activity that can be retaken. Deliverable of the theoretical group work [INF] |
Practicum and practical activities reports assessment | 20.00% | 20.00% | Compulsory activity that can be retaken. It will consist of the delivery of 2 theoretical-practical works [LAB] |
Oral presentations assessment | 10.00% | 10.00% | Non-compulsory activity that can be retaken. To be carried out during the theory/lab sessions in the case of continuous evaluation students. The non-continuous evaluation students will have an alternative evaluation system for this activity to be carried out within the planned exam dates of the final exam call (convocatoria ordinaria). [PRES] |
Total: | 100.00% | 100.00% |
Not related to the syllabus/contents | |
---|---|
Hours | hours |
General comments about the planning: | This course will be taught in 1.5 hour sessions spread over the school calendar. |