Study program / study programs: INFORMATION TECHNOLOGY

Type and level of studies: Applied master’s studies

Subject: Data and Application Security

Status: elective

ECTS credits: 8

 

Course objective

Training students to apply methods and techniques for modeling and establishing information security in different systems.

Course outcome

After completing the course, the students are able to apply the principles, methods and standards in the area of information security. They are trained to manage information security, security risks and establish information security in different organizations.

Course content

Theoretical classes

  • Introduction to information security: definition (scope), main terms, development of information security.
  • The need to define information security: information security threats, attacks on information systems, business, professional and ethical reasons for defining information security, legal framework.
  • Standards in information security: reasons for standardization, areas of standardization, ISO 27000 standard series.
  • Information security organization: internal organization, external organization, resource management, physical and logistic protection, security incidents, business continuity.
  • Information security management system, system scope, identification of users and resources, system design, policies, standards, procedures.
  • Security risk management: risk management basics, risk identification, risk assessment, reducing, avoiding and accepting risk, risk control strategies.
  • Information security implementation: technical aspects of the implementation, non-technical aspects of the implementation, defining security requirements, information security management system implementation, information security analysis, system definition, monitoring and maintenance.

Practical classes

  • Exercises