Objectives and competences
The objectives of the course are to present students with a systemic view of information security and the dimensions of its management; theories, models, and research related to explaining user behavior in relation to ICT and information security threats; key digital competencies for citizens; the role of people or users in the information security system and their impact on the effectiveness of security policies and the level of information security.
Students develop digital competencies based on the Digital Competence Framework for Citizens 2.2 and are capable of applying knowledge about user threats, risks associated with the use of ICT, and the impact of security culture, security awareness, and human factor management measures on organizational security in both their work and private lives.
Content (Syllabus outline)
- A systemic approach to information security
o Individual/user as a factor of information security and dimension of information system
o The impact of employees’ behavioural practices on information security in organisations
- Human-technology relationship
o ICT usage behavior – Models, theories, and research related to users' information security behavior
o ICT users in the role of victims and perpetrators
- Organisational measures
o Employee awareness and training
o Employee behaviour control and monitoring
o Strengthening of pro-safety behaviour in the use of ICT
- Management of information security through employee behaviour
o Security culture
o Security policy and compliance
- Education on digital content toward sustainability, with emphasis on the impact of digitalization on the elderly population, digital inclusion, challenges of the digital transition, digital interpersonal relationships, digital literacy
Learning and teaching methods
The course will be conducted through lectures, tutorials, discussions, and individual consultations with the lecturer. In addition to traditional lectures, the course includes modern teaching approaches such as flipped classroom and flipped learning, continuous knowledge assessment, and ongoing assignments.
Intended learning outcomes - knowledge and understanding
Students are able to:
- Classify the challenges of digital development at the individual and organizational levels.
- Explain the role of the human factor in the information security system.
- Debate on the impact of technology on human behaviour.
- Identify and analyse key information security risks and vulnerabilities related to the human factor.
- Link factors from various behavioural, criminological, and other theories and models with user information security behaviour and decision-making.
- Recognize and evaluate security practices in private and organizational environments.
- Identify key digital competencies.
- Define key measures for managing human and employee behaviour in the information security system.
Intended learning outcomes - transferable/key skills and other attributes
Based on the acquired knowledge, students know how to:
- Develop a plan for managing the information security behaviour of employees in an organisation.
- Create a proposal for an information security policy for users in an organisation.
- Analyse users' digital competencies.
- Analyse and evaluate the organizational (security) culture and information security awareness of employees.
- Propose an approach to developing users' information security awareness.
- Plan a research to identify factors related to users' or employees' information security behaviour.
Readings
• Prislan Mihelič, K. (2021). Vedenjski vidiki informacijske varnosti: 3. letnik, visokošolski študijski program Varnost in policijsko delo in Informacijska varnost: zbrano gradivo. Fakulteta za varnostne vede.
• Prislan Mihelič, K. in Bernik, I. (2019). Informacijska varnost in organizacije. Univerzitetna založba Univerze v Mariboru, Fakulteta za varnostne vede.
• Grilc, Š., Prislan Mihelič, K. in Mihelič, A. (2022).Teorije in modeli v vedenjskih informacijskovarnostnih raziskavah (Theories and models in behavioral information security research). Psihološka obzorja: slovenska znanstveno-strokovna psihološka revija, 31, 602-622. http://psiholoska-obzorja.si/arhiv_clanki/2022/Grilc_et_al.pdf
• Whitty, M. T. in Young, G. (2017). Cyberpsychology: The study of individuals, society and digital technologies. The British Psychological Society, Wiley.
• Attril-Smith, A., Fullwood, C., Keep, M. in Kuss, D. J. (ur). (2020). The Oxford handbook of cyberpsychology. Oxford University Press.
• Whitman, M. E. in Mattord, H. J. (2022). Principles of information security, seventh edition. Cengage.
• Vuorikari, R., Kluzer, S. in Punie Y. (2023). Okvir digitalnih kompetenc za državljane: z novimi primeri rabe znanja, spretnosti in stališč: DigComp 2.2. Zavod RS za šolstvo. https://www.zrss.si/wp-content/uploads/2023/08/DigComp-2-2-Okvir-digitalnih-kompetenc.pdf
Prerequisits
Basics of organizational management.
Additional information on implementation and assessment At least 80 % attendance is required in exercises.
