Information Security Audit

Major: Cybersecurity
Code of subject: 6.125.04.E.164
Credits: 5.00
Department: Information Security
Lecturer: Associate Professor, Ph.D. Garanyuk Petro
Semester: 5 семестр
Mode of study: денна
Learning outcomes: As a result of studying the academic discipline, the student must be able to demonstrate the following program learning outcomes: ЗН 4.1. To solve the task of protecting programs and information processed in information and telecommunication systems by software and hardware means and to evaluate the effectiveness of the quality of the decisions made ZN 4.2. Implement measures and ensure the implementation of processes of prevention of unauthorized access and protection in information and information and telecommunication (automated) systems based on the reference model of interaction open systems. ZN 4.4. Analyze and evaluate the effectiveness and level of security of resources of various classes in information and information and telecommunication (automated) systems during testing in accordance with the established information and/or cyber security policy. ЗН 4.5. To evaluate the possibility of realizing potential threats of information processed in information and telecommunication systems and the effectiveness of the use of complex protection tools in the conditions of the realization of threats of various classes ЗН 4.6. Assess the possibility of unauthorized access to elements of information and telecommunication systems ЗН 4.9. To solve the problems of ensuring the continuity of business processes of the organization on the basis of risk theory.
Required prior and related subjects: Regulatory and legal support, standards and policy of information and cybernetic security International standards and practices in the field of information security
Summary of the subject: The current state of the organization's information security audit gives comprehensive answers to a number of questions that arise during its implementation, in particular, how to conduct an audit, what procedures to use, what results an audit can lead to, who has the right to conduct such an audit, how to evaluate the audit results, etc. .d. Therefore, an important component of business development is the automation of business processes using computer equipment and telecommunication systems, which is accompanied by a rapid increase in the amount of information that is received, processed, transmitted and stored electronically in information systems. In this regard, information systems become key in ensuring the effective development of an enterprise, company, or firm.
Assessment methods and criteria: Current control, which consists of the implementation of practical work and the protection of reports. Examination control consisting of written and oral components.
Recommended books: 1. Romaka VA, Dudykevych VB, Garasym YR, Garanyuk PI Textbook "Information Security Management Systems" NU "Lviv Polytechnic" Lviv, 2012-230 p 2. Romaka VA, Lagun AE, Garasim YR, Rak TS, Samotiy VV, Rybiy MM Textbook "Information Security Audit" LSU BJD, 2015-362 p .; 3. International standards ISO 17799-2000, ISO'IEC 27001-2005, ISO'IEC 27002-2007 4. Alan Calder & Steve Watkins. Information Security Risk Management for ISO 27001 / ISO 17799. - IT Governance Publishing, 2007