Objectives and competences
The student will
1. Understand the fundamental concepts of information security.
2. Be able to apply the confidentiality, integrity and availability criteria to organization and business.
3. Be able to analyse, evaluate and manage of information security risks.
4. Be able to implement the information security management system implementation into real business environment.
Content (Syllabus outline)
1. Fundamental concepts of information security: availability, integrity, confidentiality
2. Definition and classification of security threats
3. Ensuring of information system reliability and availability (hardware, software, human)
4. Countermeasures and mechanisms for physical security
5. Countermeasures and mechanisms for logical security
6. Countermeasures for preventing organizational weaknesses
7. Standards and guidelines for information security
8. Implementation of information security management system (ISMS) in an organization
9. Information security auditing and measuring,
10. Information security risk assessment and management
11. Information security awareness and training
Learning and teaching methods
- Lectures,
- Tutorial and computer work,
- e-Learning,
- Laboratory work.
Intended learning outcomes - knowledge and understanding
Knowledge and understanding:
• Awareness of information security importance for business continuity,
• Identification of potential security threats and consequences of their realization,
• Understanding of information security measures and mechanisms,
• Understanding the process of information security risks management,
• Familiarity with ISO 27000 family and other information security standards.
Intended learning outcomes - transferable/key skills and other attributes
- Ability of implementation of information security management system (ISMS) in an organization.
Readings
Obvezna/Obilgatory:
1. Brezavšček, A. (2022). Informacijska varnost, elektronsko učno gradivo, spletna učilnica Moodle.
Priporočljiva/Recommended:
2. Stallings, W., Brown, L. (2018). Computer security: principles and practice, 4th ed., Global ed., New York: Pearson.
3. Rhodes-Ousley, M. (2013). Information Security, The Complete Reference, 2nd Ed., New York: McGraw-Hill Education.
4. Stallings, W. (2014). Cryptography and Network Security: Principles and Practice, 6th ed. Prentice Hall.
5. Whitman, M.E., Mattord, H.J. (2012). Principles of Information Security, 4th Ed., Course Technology, Cengage Learning.
6. Merkow, M.S., Breithaupt, J. (2014). Information Security: Principles and Practices, 2nd Ed., Pearson Education, Inc.
7. ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems – Requirements.
8. ISO/IEC 27002:2017, Information technology — Security techniques — Code of practice for information security controls.
9. ISO/IEC 27002:2022, Information security, cybersecurity and privacy protection — Information security controls
Prerequisits
- Fundamental knowledge of computer systems and networks.
Additional information on implementation and assessment e-Learning, 20%
Tutorial, 40%
Written exam. 40%
Criteria for passing the exam:
at least 50% of the maximum score at e-learning, at least 50% of the maximum score at tutorial, and at least 50% of the maximum score at the written exam.