SPR800 - Security Audit

Outline info
Last revision date Apr 8, 2019 11:19:02 AM
Last review date Apr 8, 2019 11:19:35 AM

Subject Title
Security Audit

Subject Description
This course will enable students to measure security policy compliance. The course will teach students to reflect on the need to protect IT assets daily. Students will learn that a security audit is a continual effort to improve data protection. The course will demonstrate that an audit measures the organization's security policy and provides an analysis of the effectiveness of that policy within the context of the organization's structure, objectives and activities. Students will learn to use tools as part of the audit process, and how to develop organized, consistent, and accurate data collection.

Credit Status
1 credit in the IFS program.

Learning Outcomes
Upon successful completion of this subject the student will be able to:

  •     Create IT Audit Plans
  •     Assess Existing Environment
  •     Access existing policies, identify weaknesses in policies and recommend modifications
  •     Audit access control lists and review audit logs for a system
  •     Audit system and network logs to identify attacks.
  •     Audit plans for implementing standard security setting for various operating systems
  •     Detect security flaws and research and create procedures for installing patches to secure security holes uncovered in an audit
  •     Audit Backup plans and recommend strategies for back-up and recovery of a system

Essential Employability Skills
Communicate clearly, concisely and correctly in the written, spoken and visual form that fulfils the purpose and meets the needs of the audience.

Academic Integrity
Seneca upholds a learning community that values academic integrity, honesty, fairness, trust, respect, responsibility and courage. These values enhance Seneca's commitment to deliver high-quality education and teaching excellence, while supporting a positive learning environment. Ensure that you are aware of Seneca's Academic Integrity Policy which can be found at: http://www.senecacollege.ca/about/policies/academic-integrity-policy.html Review section 2 of the policy for details regarding approaches to supporting integrity. Section 2.3 and Appendix B of the policy describe various sanctions that can be applied, if there is suspected academic misconduct (e.g., contract cheating, cheating, falsification, impersonation or plagiarism).

Please visit the Academic Integrity website http://open2.senecac.on.ca/sites/academic-integrity/for-students to understand and learn more about how to prepare and submit work so that it supports academic integrity, and to avoid academic misconduct.

All students and employees have the right to study and work in an environment that is free from discrimination and/or harassment. Language or activities that defeat this objective violate the College Policy on Discrimination/Harassment and shall not be tolerated. Information and assistance are available from the Student Conduct Office at student.conduct@senecacollege.ca.

Accommodation for Students with Disabilities
The College will provide reasonable accommodation to students with disabilities in order to promote academic success. If you require accommodation, contact the Counselling and Accessibility Services Office at ext. 22900 to initiate the process for documenting, assessing and implementing your individual accommodation needs.

SRT710 (After Sept. 2009)

SPR700 (Before Sept. 2009)

Topic Outline
Students will learn how to audit systems including:

  •     Planning an IT Audit
  •     Aligning IT audit to Organizational policies.
  •     Identifying  DR, System and IT services polices
  •     Identifying weaknesses in policies.
  •     Identifying Information Systems
  •     Assess Existing Environment
  •     Create Baselines for System Operations and System Security.
  •     Auditing System Operations and System Security
  •     Audit Windows / Unix / Linux Systems
  •     Auditing Network Systems
  •     Auditing Databases
  •     Audit Web Based applications
  •     Risk Management, Compliance and Control
  •     Create IT Audit Reports

Mode of Instruction
3 hours lab time per week

Prescribed Texts

  • The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments  ISBN-10: 1597492663

Reference Material

  • IT Auditing: Using Controls to Protect Information Assets (Paperback)  ISBN-10: 0072263431
  • CISA Certified Information Systems Auditor Study Guide: Certified Information Systems Auditor Study Guide  ISBN-10: 0470231521

Required Supplies

Student Progression and Promotion Policy
To obtain a credit in this subject, a student must:

  •     Satisfactorily complete all assignments
  •     Pass the weighted average of all assessments
  •     Pass the final exam
  •     Pass the weighted average of the exam and tests

Grading Policy
A+ 90%  to  100%
A 80%  to  89%
B+ 75%  to  79%
B 70%  to  74%
C+ 65%  to  69%
C 60%  to  64%
D+ 55%  to  59%
D 50%  to  54%
F 0%    to  49% (Not a Pass)
EXC Excellent
SAT Satisfactory
UNSAT Unsatisfactory

For further information, see a copy of the Academic Policy, available online (http://www.senecacollege.ca/about/policies/academics-and-student-services.html) or at Seneca's Registrar's Offices.

Modes of Evaluation

Presentations (2) 20%
Case Study (2) 20%
Tests (2) 30%
Final Exam 30%

Approved by: Mary-Lynn Manton