SPR800 - Security Audits

Outline info
Semester
School
Last revision date 2023-10-02 00:41:10.319
Last review date 2023-12-04 00:15:09.904


Subject Title
Security Audits

Subject Description
This course will enable students to measure security policy compliance. The course will teach students to reflect on the need to protect IT assets daily. Students will learn that a security audit is a continual effort to improve data protection. The course will demonstrate that an audit measures the organization's security policy and provides an analysis of the effectiveness of that policy within the context of the organization's structure, objectives and activities. Students will learn to use tools as part of the audit process, and how to develop organized, consistent, and accurate data collection.

Credit Status
1 credit in the IFS program.

Learning Outcomes
Upon successful completion of this subject the student will be able to:

  •     Create IT Audit Plans
  •     Assess Existing Environment
  •     Access existing policies, identify weaknesses in policies and recommend modifications
  •     Audit access control lists and review audit logs for a system
  •     Audit system and network logs to identify attacks.
  •     Audit plans for implementing standard security setting for various operating systems
  •     Detect security flaws and research and create procedures for installing patches to secure security holes uncovered in an audit
  •     Audit Backup plans and recommend strategies for back-up and recovery of a system

Essential Employability Skills

    •  Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.

Academic Integrity
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecapolytechnic.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.

Discrimination/Harassment
All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecapolytechnic.ca.

Accommodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

Camera Use and Recordings - Synchronous (Live) Classes
Synchronous (live) classes may be delivered in person, in a Flexible Learning space, or online through a Seneca web conferencing platform such as MS Teams or Zoom. Flexible Learning spaces are equipped with cameras, microphones, monitors and speakers that capture and stream instructor and student interactions, providing an in-person experience for students choosing to study online.

Students joining a live class online may be required to have a working camera in order to participate, or for certain activities (e.g. group work, assessments), and high-speed broadband access (e.g. Cable, DSL) is highly recommended. In the event students encounter circumstances that impact their ability to join the platform with their camera on, they should reach out to the professor to discuss. Live classes may be recorded and made available to students to support access to course content and promote student learning and success.

By attending live classes, students are consenting to the collection and use of their personal information for the purposes of administering the class and associated coursework. To learn more about Seneca's privacy practices, visit Privacy Notice.

Prerequisite(s)
SRT710 (After Sept. 2009)

SPR700 (Before Sept. 2009)

Topic Outline
Students will learn how to audit systems including:

  •     Planning an IT Audit
  •     Aligning IT audit to Organizational policies.
  •     Identifying  DR, System and IT services polices
  •     Identifying weaknesses in policies.
  •     Identifying Information Systems
  •     Assess Existing Environment
  •     Create Baselines for System Operations and System Security.
  •     Auditing System Operations and System Security
  •     Audit Windows / Unix / Linux Systems
  •     Auditing Network Systems
  •     Auditing Databases
  •     Audit Web Based applications
  •     Risk Management, Compliance and Control
  •     Create IT Audit Reports

Mode of Instruction
3 hours lab time per week

Prescribed Texts

  • The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments  ISBN-10: 1597492663

Reference Material

  • IT Auditing: Using Controls to Protect Information Assets (Paperback)  ISBN-10: 0072263431
  • CISA Certified Information Systems Auditor Study Guide: Certified Information Systems Auditor Study Guide  ISBN-10: 0470231521

Required Supplies
None

Student Progression and Promotion Policy
To obtain a credit in this subject, a student must:

  •     Satisfactorily complete all assignments
  •     Pass the weighted average of all assessments
  •     Pass the final exam
  •     Pass the weighted average of the exam and tests

http://www.senecapolytechnic.ca/about/policies/student-progression-and-promotion-policy.html

Grading Policyhttp://www.senecapolytechnic.ca/about/policies/grading-policy.html

A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
OR
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecapolytechnic.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices..


Modes of Evaluation

Presentations (2) 20%
Case Study (2) 20%
Tests (2) 30%
Final Exam 30%

Academic Support and Expectations
Missed Tests / Presentations / In-Class Assignments
Students who miss scheduled tests, presentations, or in-class or online assignments will receive a grade of zero.  If there are valid reasons for missing the test, presentation, or in-class assignment, the student MUST:
a)       Contact the professor or student advisor by email prior to the start time of the test, presentation, or in-class or online assignment, and
b)       Provide documentation where appropriate.
At the professor’s discretion, a make-up test/in-class assignment or new date for the presentation may be granted or the value of the test may be added to a subsequent test or final exam. 
 
Participation in Online Courses
Consistent online access is important for success in this subject. You are responsible for all online material and assignments; in addition, you need to be checking your Seneca e-mail on a daily basis for updates and other related information. While weekly updates and related e-mails will be provided, it is your responsibility to keep up with the content and maintain an active online presence.
Considerate online conduct, adequate preparation, and constructive online participation will be expected from each student and will enhance your academic experience and that of your fellow students. In particular, you are asked to be prompt, courteous, responsible, and collaborative, where relevant.
 
 
Learning Centre
The Learning Centre offers academic support to all Seneca students in the form of one-on-one tutoring, small group tutoring, and workshops and can be located at either the Newnham, Markham, York, or King campus.  Students can visit The Learning Centre in person to book an appointment or watch a tutorial on booking a tutoring appointment online at www.senecapolytechnic.ca/learningcentres.  
 
Dropping a Subject
There are two deadlines for dropping this subject.  If you drop by Day 10 of the semester, the subject will not appear on your transcript.  If you drop by the last drop date, the subject will appear on your transcript with a grade of DNC.  To drop, please notify your professor, complete a “Timetable Change Form,” and return it to Registration by the deadline.  Discuss any possible negative consequences of dropping the subject with your academic coordinator or student advisor.

Approved by: Kathy Dumanski