Information Security

Scholar Year: 2018/2019 - 1S

Courses

Head Teacher Responsability Maria Leonilde dos Reis Head

Weekly workload Hours/week T TP P PL L TC E OT OT/PL TPL O S Type of classes 2 2 Lectures Type Teacher Classes Hours Theoretical Totals 1 2,00 Leonilde Reis   2,00 Practices Totals 1 2,00 Isidro Pedro   4,00

Teaching language

Portuguese

Intended learning outcomes (Knowledges, skills and competencies to be developed by the students)

The learning outcomes are focused on the knowledge acquisition:
• Understand the rules / standards national and international underlying theme of Security of Information Systems;
• Understand and encourage Business Continuity Planning;
• Develop methodologies and procedures to support Information Systems Audits, in accordance with organizational policies and national and international standards underlying the activity.

Syllabus

1. Fundamental concepts in information security
2. Objectives of Information Security
3. Information Security management
4. Risk Management
5. information Security Policies
6. Business Continuity
6.1 Necessity and Objectives of Business Continuity
6.2. Guidelines / Standards
7. Audit and Conformity
7.1. Impact of Audit
7.2. Guidelines / Standards

Demonstration of the syllabus coherence with the UC intended learning outcomes

The learning outcomes are focused on the knowledge acquisition:

• Understand the rules / standards national and international underlying theme of Security of Information Systems;
• Understand and encourage Business Continuity Planning;
• Develop methodologies and procedures to support Information Systems Audits, in accordance with organizational policies and national and international standards underlying the activity.
The skills and competencies to be developed by students:

Teaching methodologies

Lessons are oriented for a theoretical explanation of relevant issues for Information Security and Information Systems, Business Continuity for Organizational Context and Information Systems Audit (expository method) and the practical application of knowledge (participatory method), holding up examples of practical application of the knowledge acquired.
As far as possible, the concepts will be illustrated based on practical applications using the participative method for solving exercises.
The evaluation of knowledge comprises:
• Preparation, presentation and discussion of individual work, conducted in an organizational context;
• Realization of a test.

Demonstration of the teaching methodologies coherence with the curricular unit's intended learning outcomes

The skills and competencies to be developed by students:
• Acquisition of skills to understand and dominate the Standards / National and International Standards in the field of theme;
• Ability to promote / propose the analysis procedures inherent to policies of the Information Systems Security;
• Provide the students skills to Analyze / propose policies to support business continuity;
• Acquisition of skills to Understand the importance of the role of the Information Systems Audit.

Assessment methodologies and evidences

Lessons are oriented for a theoretical explanation of relevant issues for Information Security and Information Systems, Business Continuity for Organizational Context and Information Systems Audit (expository method) and the practical application of knowledge (participatory method), holding up examples of practical application of the knowledge acquired.
As far as possible, the concepts will be illustrated based on practical applications using the participative method for solving exercises.
The evaluation of knowledge comprises:
• Preparation, presentation and discussion of individual work, conducted in an organizational context;
• Realization of a test.

Bibliography

• Norma ISO/IEC 27002:2013 – Information Technology – Security techniques – Code of practice for information security controls.
• Norma ISO 22313:2012 – Societal security – Business continuity management systems – Guidance.
• Norma ISO/IEC 27001:2013 – Information Technology – Security techniques – Information security management systems Requirements.
• Norma ISO/IEC 27005:2011 – Information Technology – Security techniques – Information security
Risk management.
Calder, A. e Watkins, S. (2009) IT Governance: A Maneger’s Guide to Data Security and ISO 27001/ISO 27002Compute rand information security handbook(The Morgan Kaufmann Series in Computer Security)
• Oliveira J. (2006) Método de Auditoria a Sistemas de Informação, Porto Editora
• Pfleeger, C. e Pfleeger, S. (2003) – Security in Computing, 3rd Edition, PrenticeHall
• Mainwald, E. and Siegein, W., (2002) – Security Planning & Disaster Recovery Protect your Organization Resources, McGrawHill Osborne