Curricular Unit:Code:
Security and Computer Audit833SAI
Year:Level:Course:Credits:
1MasterComputer Systems Engineering (Information Systems and Multimedia)6 ects
Learning Period:Language of Instruction:Total Hours:
Spring SemesterPortuguese/English78
Learning Outcomes of the Curricular Unit:
This course has the following learning objectives:
• Understand that information security has wide implications
• Identify security factors
• Analyse, propose and implement security measures
• Define security plans
• Analyse the application of cryptographic protocols
• Understand symmetric algorithms
• Understand asymmetric algorithms
• Apply security concepts in application development
• Understand the principles of security audits
• Design and plan security audits
Syllabus:
1. Security Policies and Practices, general principles of information security
2. Security measures, security program, security policy. Contingency planning, risk analysis
3. Cryptography, ciphers and codes. Analysis, steganography.
4. Symmetric and assymmetric algorithms. One-way functions. Modular arithmetic. Digital signatures.
5. Application security. Programmatic security, security tests.
6. Security auditing. Concepts, methods. Audit of security controls.
Demonstration of the Syllabus Coherence with the Curricular Unit's Objectives:
The syllabus addresses the objectives of the course, covering the materials necessary for the students to acquire the competencies. The course starts with the Security Program, including policies and practices, then Cryptography and application security, and finally an introduction to Auditing.
Teaching Methodologies (Including Evaluation):
The methodology of teaching and learning is expository, and demonstrative. Students install in their laptop all necessary software applications, which they can use during the classes to test and experiment. Labs are geared towards practical exercises, around analysis and security policies and practices definition, and later software testing.
The assessment includes:
• Two written tests
• Student performance, including attendance, resolution of proposed problems and active participation in classes.
•Submission of the proposed assignments
•Oral presentation of the application security project.
Demonstration of the Coherence between the Teaching Methodologies and the Learning Outcomes:
The proposed methodologies are consistent with the objectives set for the course since they rely on the understanding of the wide role of security, and the techniques that can be used to assure it. Classes discuss concepts, techniques and applications, that can be later worked out in the labs.
Reading:
[1] II e ANS, Segurança dos Sistemas e Tecnologias de Informação, Instituto de Informática e Autoridade Nacional de Segurança, 1995. ISBN: 972-96816-0-0 e 972-96837-0-0.
[2] Marianne Swanson e Barbara Guttman, Generally Accepted Principles and Practices for Securing Information Technology Systems, National Institute of Standards and Technology, Technology Administration, US department of Commerce, Setembro de 1996.
[3] NIST: An Introduction to Computer Security: the NIST Handbook. NIST Special Publication 800-12.
[4] Feliz Gouveia, Criptografia, UFP, 2010.
[5] Bruce Shneier, Applied Criptography, John Wiley and Sons Inc, 1995.
[6] Alberto Carneiro, Introdução à Segurança dos Sistemas de Informação, Lidel FCA, 2001.
[7] Alberto Carneiro, Auditoria de Sistemas de Informação, Lidel FCA, 2001.