Syllabus — Security and Audit Practitioner

Year II, Part I — MSNCS, IOE Pulchowk, Tribhuvan University. 4 credits.

Chapter 1 — Introduction to Security and Audit Practices (10 marks)

• 1.1 Overview of IS Auditing — Practitioner Perspective
• 1.2 IS Audit Standards — ISACA ITAF, ISO 27001, NIST
• 1.3 Types of Audits — Internal, External, Compliance, Forensic
• 1.4 Risk-based Audit Planning

Chapter 2 — IT Governance and Risk Management (10 marks)

• 2.1 IT Governance Frameworks in Practice
• 2.2 Enterprise Architecture for Audit
• 2.3 Risk Management Process — Operational Detail
• 2.4 Maturity Models for Assessment
• 2.5 Regulatory Compliance Landscape

Chapter 3 — Auditing IS Acquisition & Development (10 marks)

• 3.1 Project Management Audits
• 3.2 Feasibility Analysis Review
• 3.3 SDLC and Agile Controls Testing
• 3.4 Security Testing Methods — SAST, DAST, IAST, SCA, Penetration Testing

Chapter 4 — IS Operations & Business Continuity (12 marks)

• 4.1 IT Operations Management Audit
• 4.2 Business Impact Analysis
• 4.3 Business Continuity Planning
• 4.4 Disaster Recovery Strategies

Chapter 5 — Information Asset Protection (10 marks)

• 5.1 Security Frameworks — Practitioner Application
• 5.2 Identity and Access Management Controls
• 5.3 Encryption and PKI Systems Audit
• 5.4 Network and Cloud Security Controls

Chapter 6 — Incident Response & Forensics (8 marks)

• 6.1 Security Event Monitoring and SIEM Audit
• 6.2 Incident Response Process Review
• 6.3 Digital Evidence Handling and Chain of Custody
• 6.4 Forensic Investigation Techniques