vcc.ca
CYBR 1204: Frameworks and Auditing
Effective date
September 2024
Department
Cybersecurity PDD
School
Continuing Studies
Description
In this course, students will learn and put into practice knowledge about the auditing process, more specifically Information Technology (IT) auditing. Students will learn the key skills related to performing an IT audit, including planning, and executing audits related to IT and cybersecurity and how to effectively communicate the audit results and recommendations. Additionally, students will study foundational IT frameworks related to internal controls and compliance.
Credits
3.0
Year of study
1st Year Post-secondary
Prerequisites
CYBR 1101, CYBR 1104.
Corequisites
None
Course Learning Outcomes
Upon successful completion of this course, students will be able to:
- Employ auditing methods in the context of various IT process scenarios
- Explain the importance of ethics and independence in the context of auditing
- Discuss IT security frameworks and standards in the context of structuring responses to risks and building trust
- Discuss how different types of controls work together to mitigate risks
- Demonstrate the process of preparing for stakeholder interviews to obtain information about IT processes
- Summarize information gained through evidence collection within audit documentation
- Prepare IT audit plans suitable for different situations using project management methods relevant to performing audit procedures
- Prepare written reports summarizing the results of audit procedures and next steps
- Deliver effective oral presentation of the results of audit procedures and next steps
Prior Learning Assessment & Recognition (PLAR)
None
Hours
Lecture, Online, Seminar, Tutorial: 30
Clinical, Lab, Rehearsal, Shop, Kitchen, Simulation, Studio: 25
Total Hours: 55
Clinical, Lab, Rehearsal, Shop, Kitchen, Simulation, Studio: 25
Total Hours: 55
Instructional Strategies
Instructional strategies include classroom lectures, group work/discussions, presentations, simulation activities, and writing activities.
Grading System
Letter Grade (A-F)
Passing grade
C
Evaluation Plan
|
Type |
Percentage |
Assessment activity |
|
Project |
25 |
Project related to planning/IT audit |
|
Assignments |
20 |
Assignments involving simulated activities |
|
Assignments |
20 |
Assignments involving case studies |
|
Assignments |
10 |
Presentation |
|
Final Exam |
25 |
Final exam |
Course topics
- IT asset security frameworks, standards, and guidelines
- Common technology components
- Types of controls
- Risk-based audit planning
- Audit project management
- Sampling
- Evidence collection
- IT asset management
- Physical and environmental controls
- Identity and access management
- Job scheduling and automation
- System interfaces
- End-user computing
- Performance management
- Change and release management
- Patch and incident management
- Professional skepticism, ethics, and independence
- Reporting and communication
Notes:
- Course contents and descriptions, offerings and schedules are subject to change without notice.
- Students are required to follow all College policies including ones that govern their educational experience at VCC. Policies are available on the VCC website at:
https://www.vcc.ca/about/governance--policies/policies/. - To find out if there are existing transfer agreements for this course, visit the BC Transfer Guide at https://www.bctransferguide.ca.