Curricular Unit:Code:
Security and Computer Audit906SAI
Year:Level:Course:Credits:
1MasterComputer Systems Engineering (Information Systems and Multimedia)6 ects
Learning Period:Language of Instruction:Total Hours:
Portuguese/English78
Learning Outcomes of the Curricular Unit:
This course has the following learning objectives:
• Understand that information security has wide implications
• Identify security factors
• Analyse, propose and implement security measures
• Define security plans
• Analyse the application of cryptographic protocols
• Understand symmetric algorithms
• Understand asymmetric algorithms
• Apply security concepts in application development
• Understand the principles of security audits
• Design and plan security audits
Syllabus:
1. Security Policies and Practices, general principles of information security
2. Security measures, security program, security policy. Contingency planning, risk analysis
3. Cryptography, ciphers and codes. Analysis, steganography.
4. Symmetric and assymmetric algorithms. One-way functions. Modular arithmetic. Digital signatures.
5. Application security. Programmatic security, security tests.
6. Security auditing. Concepts, methods. Audit of security controls.
Demonstration of the Syllabus Coherence with the Curricular Unit's Objectives:
The syllabus addresses the objectives of the course, covering the materials necessary for the students to acquire the competencies. The course starts with the Security Program, including policies and practices, then Cryptography and application security, and finally an introduction to Auditing.
Teaching Methodologies (Including Evaluation):
The methodology of teaching and learning is expository, and demonstrative. Students install in their laptop all necessary software applications, which they can use during the classes to test and experiment. Labs are geared towards practical exercises, around analysis and security policies and practices definition, and later software testing.
The assessment includes:
• Two written tests
• Student performance, including attendance, resolution of proposed problems and active participation in classes.
•Submission of the proposed assignments
•Oral presentation of the application security project.
Demonstration of the Coherence between the Teaching Methodologies and the Learning Outcomes:
The proposed methodologies are consistent with the objectives set for the course since they rely on the understanding of the wide role of security, and the techniques that can be used to assure it. Classes discuss concepts, techniques and applications, that can be later worked out in the labs.
Reading:
[1] Ross Anderson, Security Engineering, Wiley, 2020.
[2] William Stallings, Lawrie Brown, Computer Security: Principles and Practice, Pearson, 2018.
[3] André Zúquete, Segurança em Redes Informáticas, FCA, 2018.
[4] Miguel Pupo Correia, Paulo Jorge Sousa, Segurança no Software, FCA, 2017.
[5] Bruce Shneier, Applied Criptography, John Wiley and Sons Inc, 1996.