Semester: 4
ECTS: 5
Lectures: 30
Practice sessions: 30
Independent work: 90
Module Code: 23-000-0125
Semester: 4
ECTS: 5
Lectures: 30
Practice sessions: 30
Independent work: 90
Module Code: 23-000-0125
Module title:
Information system security
Lecturers and associates:
Module overview:
The course is focused on developing a thorough understanding of the fundamental principles of information systems security. This objective encompasses the study of key methods, techniques, and tools used to ensure the integrity, confidentiality, and availability of information system. Through the course, students will become familiar with advanced technologies and methods in the field of information systems security, including authentication, authorization, cryptography, network security, protection against malicious programs, secure software development, web security, vulnerability management, penetration testing, effective security analytics, management security incidents and business continuity. The most important security control frameworks and standards will be explained in more detail: CIS Top 18, NIST CSF and ISO 27001.
The goal is to train students to critically evaluate various security strategies and practices and to apply this knowledge to real scenarios.
In this module students will learn:
Understand the basic concepts and methods of information systems security.
Analyse risk management methods in information systems.
Propose optimal organizational and physical protection measures for information systems.
Describe the ways in which the security of an information system can be compromised.
Evaluate different authentication and authorization mechanisms and their differences.
Assess the application of symmetric and asymmetric cryptographic algorithms and hashing algorithms.
Determine methods for vulnerability management processes and web application security.
Understand the importance of effective analytics for detecting security incidents.
Understand the category of malicious programs and techniques for their prevention and detection.
Evaluate the importance of penetration testing and secure software development practices.
Assess the applicability of innovative mechanisms for protection against malicious programs and unauthorized activities.
Literature:
Required readings:
1. William Stallings, Lawrie Brown: Computer Security Principles and Practice: 5th edition, Pearson, 2023
Supplementary readings:
1. Brooks, C., Grow, C., Craig, P. and Short, D., (2018). Cybersecurity Essentials. Hoboken: John Wiley and Sons.