Master degree program
Information Security Audit

Information Security Audit

QUALIFICATION

  • Scientific and pedagogical direction - Master of Engineering Sciences

MODEL OF GRADUATING STUDENT

1. To determine the content, methods and means of training sessions in accordance with the objectives of the course for the development of the QMS and conducting lectures and practical classes, to carry out educational activities in professional educational institutions on the basis of psychological and pedagogical principles
2. Document the process and the result of the audit, using legal and procedural acts, international and state standards in the field of information security, the formation of the audit report
3. Develop and use the latest technological methods and hardware and software tools for information protection.
4. Evaluate threats to the information security of objects and design methods of countering them
5. Checking and analyzing the current security status of the information security audit object
6. Identify the vulnerability of the network equipment and software of the audit object
7. Investigate computer crimes, conduct risk analysis and provide expert assessment of data based on the study of the collected information (media objects) for audit evaluation and in the investigation of computer crimes
8. Use information sources and analytical methods of competitive intelligence, a system of measures to counter industrial espionage, penetration testing, means and methods of unauthorized access to IP resources
9. Apply analytical and experimental research methods to put forward hypotheses on the topic of scientific research using knowledge in the field of history and philosophy of science, subject area, speak English as a means of communication in professional and scientific activities
10. Design a comprehensive strategy to improve the security of data transmission in telecommunications networks

Program passport

Speciality Name
Information Security Audit
Speciality Code
7M06302
Faculty
Information technology

disciplines

Ensuring network security
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to work with Wired and wireless communication systems and ensure network security, basic standards of modern communication and internet systems. General patterns of creation of modern network communication systems, methods and means of ensuring the security of network connections, methods and means of protection against pest testing and program research will be studied.

Foreign language (professional)
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to form practical skills in various types of speech activity in a foreign language. The training course builds the ability to perceive, understand and translate information in the modern global space, participate in scientific events to test their own research. The discipline is aimed at improving competencies in accordance with international standards of foreign language education.

History and Philosophy of Science
  • Number of credits - 3
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to form a holistic systemic understanding of philosophy as a special form of cognition of the world, its main sections, problems and methods of their study in the context of future professional activity. The training course forms the theoretical and methodological basis of research work.

Organization and Planning of Scientific Research (in English)
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline to form the ability to apply practical skills in the organization and planning of scientific research. The discipline studies: forms and methods of planning, organization and design of scientific articles and dissertations; forms of summarizing the results of scientific research in presentations, speeches, projects, articles.

OS Security Analysis
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to apply the requirements of information security and skills in the use of methods to ensure the protection of information in the OS. Methods and tools for testing and protecting operating system programs will be studied. Principles of competent administration of operating systems. Methods for analyzing sources and security threats in operating systems; tools and methods aimed at eliminating security threats in the operating system.

Pedagogy of Higher Education
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to form the ability to teach in universities and colleges based on knowledge of higher school didactics, theory of education and management of education, analysis and self-assessment of teaching activities. The training course is aimed at studying the trends in the development of education and the Bologna process. The course will help you master teaching and curatorial skills, various strategies and methods of teaching and education.

Project and Change management
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to form the ability of undergraduates to manage the quality, risks and changes of an IT project to build systems aimed at achieving the strategic objectives of the organization. As a result of the training, the following are considered: project life cycle , it Project Management Standards and methodologies, risk assessment methods, risk management, change management tools, diagnostics and conceptualization of changes, project budgeting, IT project documentation

Psychology of management
  • Number of credits - 3
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to provide scientific training of highly qualified specialists based on the study of fundamental concepts of management psychology, creating prerequisites for a theoretical understanding and practical application of the most important aspects of the field of management in the process of professional formation. The course is aimed at studying the patterns of development and functioning of mental processes, the basics of effective interaction and conflict resolution, self-development and self-presentation.

Risk management
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to develop the ability of undergraduates to assess the ICT infrastructure in terms of the quality of work and the risk to the organization. The following topics will be studied: Methodologies and principles of conducting and organizing audit activities, models of the quality of ICT processes, International and domestic standards for information security. Risk management in the field of ICT. Creating an audit report.

Security of software applications
  • Number of credits - 5
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to conduct software security analysis by identifying vulnerabilities, and to teach security methods in order to prevent threats arising from identified vulnerabilities. The following topics will be studied: Theoretical and practical basics of creating reliable and secure software for information systems. Rules, stages, and technologies for building reliable software.

Data for 2021-2024 years

disciplines

Analytical information security systems
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is the development of disciplinary competencies related to the disclosure of technologies for intelligent analysis of large information arrays through information and analytical systems. Including aspects: The main provisions related to information and analytical security systems, methods for collecting information about legal entities and individuals, regulatory documents regulating the activities of the relevant services.

Big Data Security
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to analyze the problems of big data security in the field of industry and society; to use the techniques necessary for solving problems in the field of network security and cryptography, from the point of view of protecting big data, detecting anomalies in the network. Advanced big data analytics, cloud applications and services, and big data architecture will be explored.

Computer Forensics
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to gain the knowledge and skills necessary to successfully investigate computer incidents and resolve security issues that lead to incidents. Methods of investigation of hacker incidents will be studied; the sequence of numerous tests to identify the facts of hacker penetration into the system will be described, and recommendations for tracking the actions of a potential intruder will be offered.

Information security audit 1
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is the development of disciplinary competencies for the application of a set of measures in the information security system based on the organization and conduct of an information security audit. The following topics will be studied: Legal and methodological bases of information security audit, Standards and Guidelines on the basics of audit and information security, Methods of information security assessment.

Information security audit 2
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to identify the vulnerability of the audit object's software and to investigate the components of the corporate network. The following topics will be studied: methods for analyzing the security of the external perimeter of the corporate network, methods for preventing network attacks, characteristics of network resources, analysis and evaluation modeling of network security, forecasting and recommendations for improving the level of network security protection.

Management technologies of information security
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to form a system of knowledge about the principles of effective information security management in the organization. The following issues will be studied: support of certification for compliance with the requirements of information security, conducting control checks of the operability and effectiveness of the applied software and technical means of information security, analysis of the source data for the design of subsystems, information security support.

Mobile and cloudy computer platforms
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to understand the composition and structure of cloud and mobile technologies, concepts, basic algorithms, and principles of functioning of modern cloud and mobile software applications. The following topics will be studied: the principles of introduction to mobile application development, various types of mobile applications and their structure; ensuring the development of mobile application interfaces; Using the main methods of developing multi-window applications and using the capabilities of smartphone technologies in applications.

Models and methods of the theory of neural networks
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The goal is to study the mathematical and technological foundations in the theory of neural networks for extracting hidden data and structures, as well as subsequent intellectual analysis, in order to gain new knowledge about the nature, character, and behavior of the object under study. The following topics will be studied: neuron models, neural network architectures, single-layer and multi-layer neurons, and the principles of building artificial neurons.

Penetration Testing
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to assess the level of protection of an information system from illegal penetration into it from public access networks, to identify security flaws from the point of view of a cybercriminal who is interested in obtaining unauthorized access to the information system. The following will be studied: methods and tools of penetration testing; scanning of vulnerabilities of networks, systems and applications; risk analysis and response to them; detection and response to intrusion. Special attention is paid to identifying system vulnerabilities and threats, as well as methods for preventing attacks.

Regulatory and legal standards of information security
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to study the standards of Information Security Management (IS) in an organization, as well as the main approaches to the development, implementation, operation, analysis, maintenance and improvement of the information security management system (ISMS) of a particular object. The discipline is aimed at studying the standards and regulations of Information Security Management in an organization.

Semantic analysis methods for information security
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purporse of the discipline is to study and develop semantic models of text analysis for the study of homograph attacks, language artifacts in the forensic analysis of malware and speech of various extremist organizations on the Internet. Methods of data import, exploratory data analysis, semantic and psycholinguistic markers in the text will be studied. The course will be based on practical tasks that will provide experience in solving problems such as text classification, speech understanding, data preparation for teaching machine and deep learning methods, etc.

Web Application security
  • Type of control - [RK1+MT+RK2+Exam] (100)
  • Description - The purpose of the discipline is to develop knowledge about the main types of attacks on web applications and methods to prevent them. The following will be studied: analysis of the features of the organization's activities and the use of automated systems in it in order to determine the information technology resources to be protected, and a set of measures to ensure the information security of the automated system.

Data for 2021-2024 years

INTERNSHIPS

Pedagogical
  • Type of control - Защита практики
  • Description - Formation of practical, educational-methodical skills of conducting lectures, seminars, creatively apply scientific, theoretical knowledge, practical skills in teaching activities, conduct training sessions in the disciplines of the specialty; own modern professional techniques, methods of training, use in practice the latest theoretical, methodological advances, make educational, methodological documentation.

Research
  • Type of control - Защита практики
  • Description - The purpose of the practice: gaining experience in the study of an actual scientific problem, expand the professional knowledge gained in the learning process, and developing practical skills for conducting independent scientific work. The practice is aimed at developing the skills of research, analysis and application of economic knowledge.

Data for 2021-2024 years