Protection and Security of Information Systems

Course Description

Information security principles. Risk, vulnerability and threats to information systems. Procedures for risk assessment, management and control. Mathematical models of information security. Models for secure data and process workflow. Cryptography, cryptography protocols, techniques and algorithms. Digital identification procedures.Database security. Security of operating systems. Network and distributed systems security. Trusted information systems design and implementation. Information systems security standards and evaluation. Legal and ethical aspects of security.

General Competencies

Students will get deep understanding of ever increasing need for information security considerations and implementation on all levels of information technology infrastructure, applications and business processes. They will get also deep understanding of concepts, methods and techniques in security assessment, identification of threats and vulnerabilities, cryptographic algorithms, risk analysis and implementation and enhancement of security control. Students will get theoretical knowledge for designing of security models and practical skills to design and implement security mechanisms for network, database, operating systems and application security. They will get ability of using standards for implementing of information system security management and ability to extend their knowledge in the field of information security.

Learning Outcomes

  1. assess the risk of information security
  2. explain the technical, organizational and human factors that are associated with risks of information security
  3. explain the application of standards for the establishment of information security
  4. define the threats, vulnerabilities and attacks that threaten information systems and the organization itself
  5. explain the analysis and application of technological solutions in the construction of the security architecture
  6. explain how to establish and maintain the system for information security management
  7. assess the impact of security policies, legal framework, compliance requirements and market development on complex systems and objectives of an organization

Forms of Teaching

Lectures

Theoretical foundations and paradigms presented during lectures are illustrated with practical examples for design, implementation and management of information system security.

Exams

-midterm exam -final exam

Seminars

term paper and presentation

Grading Method

Continuous Assessment Exam
Type Threshold Percent of Grade Comment: Percent of Grade
Seminar/Project 0 % 10 % 0 % 30 %
Attendance 0 % 5 % 0 % 0 %
Mid Term Exam: Written 0 % 45 % 0 %
Final Exam: Written 0 % 40 %
Exam: Written 0 % 70 %

Week by Week Schedule

  1. Defining security issues, objectives, principles and security policy
  2. Analysis, management and control of risk
  3. Access control and flow control; Mathematical models of security
  4. Basics of cryptography; The protocols, techniques and algorithms
  5. The architecture of the security system – basic modules
  6. Methods of digital identification and authentification
  7. Security and protection of programs and operating systems
  8. Midterm exam
  9. Standards and criteria for evaluation of security and thrustworthiness of systems
  10. Database security
  11. Security of computer networks and distributed systems
  12. Systems for the detection of security breach (IDS)
  13. Managing and monitoring the security system (ISMS); Legal and Ethical Aspects of Security
  14. Managing security incidents and business continuity
  15. Final exam

Study Programmes

University graduate
Computer Engineering (profile)
Specialization Course (1. semester) (3. semester)
Information Processing (profile)
Specialization Course (1. semester) (3. semester)
Software Engineering and Information Systems (profile)
Specialization Course (1. semester) (3. semester)

Literature

Charles P. Pfleger (1997.), Security in Computing, Prentice Hall
Bruce Schneier (1996.), Applied Cryptography B. Schneier John Wiley & Sons 1996, John Wiley & Sons, Inc
S. Castano, M.G. Fugini, G. Martella, P. Samarati (1995.), Database Security, ACM Press
Harold F. Tipton, Micki Krause (2000.), Information Security Management Handbook, CRC Press LLC

Lecturers

Grading System

ID 34430
  Winter semester
4 ECTS
L1 English Level
L1 e-Learning
30 Lecturers
0 Exercises
0 Laboratory exercises

General

87,5 Excellent
75 Very Good
62,5 Good
50 Acceptable