Objectives and competences
The student will
1. Understand the fundamental concepts of information security.
2. Be able to apply the confidentiality, integrity and availability criteria to organization and business.
3. Be able to analyse, evaluate and manage of information security risks.
4. Be able to implement the information security management system implementation into real business environment.
Content (Syllabus outline)
1. Fundamental concepts of information security: availability, integrity, confidentiality
2. Definition and classification of security threats
3. Ensuring of information system reliability and availability (hardware, software, human)
4. Countermeasures and mechanisms for physical security
5. Countermeasures and mechanisms for logical security
6. Countermeasures for preventing organizational weaknesses
7. Standards and guidelines for information security
8. Implementation of information security management system (ISMS) in an organization
9. Information security auditing and measuring,
10. Information security risk assessment and management
11. Information security awareness and training
Learning and teaching methods
- Lectures,
- Tutorial and computer work,
- e-Learning,
- Laboratory work.
Intended learning outcomes - knowledge and understanding
Knowledge and understanding:
• Awareness of information security importance for business continuity,
• Identification of potential security threats and consequences of their realization,
• Understanding of information security measures and mechanisms,
• Understanding the process of information security risks management,
• Familiarity with ISO 27000 family and other information security standards.
Intended learning outcomes - transferable/key skills and other attributes
- Ability of implementation of information security management system (ISMS) in an organization.
Readings
1. Stallings, W. (2023). Cryptography and network security: principles and practice (8th ed., global ed., str. 832). Pearson.
2. Stallings, W., & Brown, L. (2018). Computer security: principles and practice (4th ed., global ed., str. 800). Pearson.
3. Information security management principles (3rd ed., str. XIX, 248). (2020). BCS, The Chartered Institute for IT.
4. International standard. ISO/IEC 27001, Information security, cybersecurity and privacy protection - Information security management systems - Requirements, = Sécurité de l'information, cybersécurité et protection de la vie privée - Systemes de management de la sécurité de l'information - Exigences (3rd ed., str. V, 19). (2022). ISO copyright office.
5. International standard. ISO/IEC 27002, Information security, cybersecurity and privacy protection - information security controls, = Sécurité del l'information, cybersécurité et protection de la vie privée - mesures de sécurité del l'information (3th ed., str. 152). (2022). ISO copyright.
6. International standard. ISO/IEC 27005, Information security, cybersecurity and privacy protection -Guidance on managing information security risks, = Sécurité de l'information, cybersécurité et protection de la vie privée - Préconisations pour la gestion des risques liés a la sécurité de l’information (4th ed., str. VI, 62). (2022). ISO copyright office.
Additional information on implementation and assessment Coursework, (20%)
Computer skills, (40%)
Written exam. (40%)
Note:
Criteria for passing the exam:
at least 50% of the maximum score at coursework, at least 50% of the maximum score at computer skills, and at least 50% of the maximum score at the written exam.
