XAICT ICT Security and Data Protection

Moravian Business College Olomouc
summer 2021
Extent and Intensity
2/0/0. 3 credit(s). Type of Completion: zk (examination).
Teacher(s)
Ing. Jindřich Kodl, CSc. (lecturer)
Guaranteed by
Ing. Jindřich Kodl, CSc.
Moravian Business College Olomouc
Course Enrolment Limitations
The course is only offered to the students of the study fields the course is directly associated with.
Course objectives
The aim of the course is to acquaint students with various aspects of security and data protection in information systems. Students should be familiar with the terminology in the field of security, what kinds of threats exist and how we can defend against them. The course focuses on the entire life cycle of IS - from the design of IS, through its deployment into a company and to its operation. The key issue is the information security management system in accordance with the applicable standards (series ISO / IEC 27000). and part of the course deals with digital documents and tools for documents security, such as electronic signature, electronic seal and timestamp in connection to the Regulation eIDAS and the Czech law No. 297/2016. Students will become familiar with the laws and technical standards that govern a security of ICT. The issue of cybersecurity and cybercrime, together with appropriate countermeasures. is included into the interpretation too. This course thus can be considered as an introduction to cryptology. After passing out this course, students will be able to understand the issues of IS (ICT) security, to know the basic threats in the field of information processing, to orientate themselves on the security aspects of computer systems and networks, to understand the various steps in building a secured IS, to know the technical standards in the ICT security, to control the issue of electronic documents and tools for their authentication (electronic signatures, electronic seals and timestamps), to understand the basic aspects of cryptography, to provide data backup and recovery of system, and will have a global knowledge of the facts in cybercrime issues and about securing evidence in computer systems.
Syllabus
  • 1. Introduction to the issue of security - the concept of security, enterprise information security, ICT/IS security, specification of basic threats; legal and technical standards in the field of ICT security
    2. Multi-layered security (defence in depth) of information systems
    3. Security in operating systems, access management, identification, authentication, authorization
    4. Internet security, protocols, wireless networks
    5. Workstation security
    6. Information security management system - ISO / IEC 27000, PDCA, ITIL methodology principles
    7. Security risk analysis (identification of assets, risk assessment, the draft of countermeasures, etc.)
    8. Realization of security - conception of security, security policy, security measures
    9. Cryptography (symmetric/asymmetric algorithms), hash functions, key management, PKI, etc.
    10. Papers and electronic documents - definition, properties, security and authentication, electronic signature, biometric dynamic signature, electronic stamp and time stamp, eIDAS Regulation and Act No. 297/2016
    11. Data backup and recovery of system
    12. Cybersecurity and Cybercrime - facts in issues, crime detection and investigation (perpetrators, expertise and expert opinions)
    The teaching methods used include: information-receptive methods (interpretation, explanation, description), verbal and demonstration methods (presentation). Further methods used: reproductive (testing, examination, repeating), problem interpretation methods and case studies.
Literature
    required literature
  • ISO/IEC 27005. Information Security Risk Management. International Organization for Standardization, 2018. info
  • MEERUWISSE R. Cybersecurity for Beginners. 2nd ed. Lulu Publishing Services, 2017. ISBN 978-1483431239. info
  • ISO/IEC 27003. Information Security Management System Implementation Guidance. International Organization for Standardization, 2017. info
  • ISO/IEC 27000. Information Security Management Systems - Overview and Vocabulary. International Organization for Standardization, 2016. info
  • ISO/IEC 27001:2013. Information Security Management Systems - Requirements. International Organization for Standardization, 2016. info
  • ISO/IEC 27002:2013. Code of Practice for Information Security Controls. International Organization for Standardization, 2015. info
  • CLARK, D. L. Enterprise Security: A Manager's Defense Guide. Boston: Addison-Wesley Longman Publishing, 2002. ISBN 978-02-017-1972-7. info
  • MENEZES, A., P. C. Van OORSCHOT and S. A. VANSTONE. Handbook of Applied Cryptography. Boca Raton: CRC Press, 1997. ISBN 0-8493-8523-7. info
  • SCHNEIER, Bruce. Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C. 2nd ed. York: John Wiley & Sons, 1996. ISBN 0471117099. info
Language of instruction
English
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.

  • Enrolment Statistics (recent)
  • Permalink: https://is.mvso.cz/course/mvso/summer2021/XAICT