Documente Academic
Documente Profesional
Documente Cultură
Code: 2,0,0,4,3
Objective
of the To introduce the need for audit and assurance in computer security
course To Computer assisted audit tool and techniques
To Audit process and conduct information system audit
Expected After successfully completing the course the student will be able to
Outcome
1) Describe the need for audit and assurance for IT systems.
2) Describe and use the tools and techniques for IT system audit.
3)Understand audit reports and plan to improve IT security
4)Describe IT security standards from ISO, NIST
Text Books
1. Information Technology Control and Audit, Fourth Edition, Sandra Senft,Frederick
Gallegos,Aleksandra Davis, CRC Press,2012
Reference Books
1. Information System Audit and Assurance, D P Dube, V P Gulati, Tata Mc-Graw Hill ,
2008.
2. Micheal E.Whitman, Herbert J.Mattor, “Principles of Information Security”, Course
Technology, Delmar Cengage Learning, Fourth Edition, 2012.
3. Jennifer L. Bayuk, Jason Healey, Paul Rohmeyer and Marcus Sachs, “Cyber Security
Policy Guidebook”, John Wiley & Sons, Kindle Edition, 2012
Knowledge areas that contain topics and learning outcomes covered in the course
CE:NWK5 Data Security and Computer Assisted Audit Tools and Techniques 2
Integrity Auditor Productivity Tools-Audit Planning and
Tracking-Documentation and Presentations-Data
CS: IAS Network security
and Resource Management, Flowcharting
Techniques- Flowcharting as an analysis tool,
Defining critical data
CE:NWK5 Data Security and Virtual Application Security and ERP security 1
Integrity Recommendation to IT Auditors, Security and IT
CS: IAS Network security Professionals, Intranet/Extranet Security, Identity
Theft.
Total hours 28
This course is a
Program elective Course.
Suitable from 2nd semester onwards.
Part II: This section briefs about various audit standards and managing audit process using
various tools and techniques.
Part III: This section discusses about developing audit data flow diagrams and flowcharting
techniques.
Part IV: This section briefs about security and service continuity and responsibilities of owner
and third party.
Part V: This section discusses about virtual application security and ERP security.
This Course is designed with 2 hours of lecture every week, 60 minutes of video/reading
instructional material per week and 60 non-contact hours for project component. Generally this
course should have the combination of lectures, in-class discussion, case studies, guest-lectures,
mandatory off-class reading material, quizzes.
Additional weightage will be given based on their rank in developing novel application
projects.