Objectives and competences
- To demonstrate and justify the security of information as an essential aspect of comprehensive security and safety information to achieve work objectives.
- To introduce methods of information security from a holistic perspective of maintaining and raising property organizations.
- To understand the complex processes of protection and providing an appropriate level of information security.
- To demonstrate the usefulness of knowledge in achieving personal and organizational goals, and provide the basis for safe work in the real and cyber space by reducing the misuse of information and privacy.
Content (Syllabus outline)
- Providing information security
- Elements of information system and information security
- Cyberspace and cybersecurity
- Information or cybersecurity
- Cybersecurity and access to information resources
- Development life cycle of information security
- Business needs for (cyber)security
- Threats
o Natural, technical, human
- Attacks
o Internal, external
- Legal, ethical and professional perception of information security
o Legislation
o Ethical impacts of information security
- Management of information risks
o Risk Management Overview
o Identification of risks
o Risk assessment
- Security planning
o Information security policies, standards and best practices
- Technology to ensure the security
- Access control and environmental protection
Learning and teaching methods
The subject will consist of lectures, tutorials, case studies, discussions on current topics, group and individual consultations and preparation of seminar papers. Special attention is focused on students' active participation in discussions and exercises.
Intended learning outcomes - knowledge and understanding
The course presents students with an understanding of information security technologies to ensure an adequate level of security and protection of information assets of personnel and organizations.
Gain knowledge from all subject specific areas related to the subject matter.
Intended learning outcomes - transferable/key skills and other attributes
Students acquire the ability to understand information security, providing a comprehensive information security and the value of information as well as a comprehensive understanding of the means of protection against misuse of information from external and internal threads in the real and cyber space.
Readings
- Vrhovec, S., Bernik, I. in Markelj, Blaž. (2023). Explaining information seeking intentions. Computers & security, 125, art. 103038. http://dx.doi.org/10.1016/j.cose.2022.103038
- Fujs, D. in Bernik, I. (2022). Characterization of selected security-related standards in the field of security requirements engineering. Elektrotehniški vestnik, 89(3), 73–80.
- Bernik, I. in Prislan, K. (2016). Measuring information security performance with 10 by 10 model for holistic state evaluation. PloS ONE, 11(9).
- Whitman, M. in Mattord, H. J. (2008). Management of information security (2nd ed.). Thomson Course Technology.
Prerequisits
Basic understanding of ICT.
Additional information on implementation and assessment /
