Objectives and competences
Students gain knowledge about the management of information security. threats and methods to assure the acceptable level of security. The basic concept of the subject is to provide the concepts that will allow students to understand the main problems regarding the information security assurance. Other subjects are intended to deepen the knowledge provided by the Information Security Primer.
Content (Syllabus outline)
- Management of information assets
- Request for Comments (RFCs) and their role in information security
- Identification and authentication
- Authorization and access control
- Auditing and governance of information assets
- Basics of cryptography
- Operational Security
- Physical aspects of information security
- Network security: - Fixed; - Wireless
- Security of Operating Systems
- Security of Software
- Safety programs for online access and access to services
- Digital identities in modern IT
Learning and teaching methods
The subject will consist of lectures, tutorials, case studies, discussions on current topics, group and individual consultations and preparation of seminar papers. Special attention is focused on students' active participation in discussions and exercises.
Intended learning outcomes - knowledge and understanding
Knowing and understanding of the information security management concepts. Students understand the variety of security management models and practices to ensure secure information systems, information and data.
Intended learning outcomes - transferable/key skills and other attributes
Knowledge of the concept of information security management and governance. Students learn the definition and key characteristics of information security management, as well as the differences between information security management and general management.
Readings
- Markelj, B. (2020). Varnost informacijskih sistemov: visokošolski študijski program: Informacijska varnost: študijsko gradivo. Fakulteta za varnostne vede.
- Whitman E. M. in, Mattord J. H. (2008). Management of information security. Thomson Course Technology.
- Markelj, B. in Zgaga, S. (2016). Comprehension of cyber threats and their consequences in Slovenia. Computer Law & Security Review, 32(3), 513–525. http://doi.org/10.1016/j.clsr.2016.01.006
- Praprotnik, G. in Markelj, B. (2023). E-vdori v eUpravo. V B. Markelj (ur.), Informacijska varnost: doba tehnoloških prebojev in pravnih izzivov (str. 35–69). Lexpera, GV Založba.
- Tomše, S., Zgaga Markelj, S. in Markelj, B. (2023). Informacijska varnost: etično hekanje 2.0: na poti k zagotavljanju večplastne zaščite. Lexpera, GV Založba.
Prerequisits
Basic understanding of ICT.
Additional information on implementation and assessment /
