XSDP ICT Security and Data Protection

Moravian Business College Olomouc
winter 2021
Extent and Intensity
2/0/0. 3 credit(s). Type of Completion: zk (examination).
Teacher(s)
Ing. Lukáš Pavlík, Ph.D. (lecturer)
Guaranteed by
Ing. Lukáš Pavlík, Ph.D.
Moravian Business College Olomouc
Supplier department: Moravian Business College Olomouc
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
Course objectives
The aim of the course is to acquaint students with various aspects of security and data protection in information systems. Students should be familiar with the terminology in the field of security, what kinds of threats exist and how we can defend against them. The course focuses on the entire life cycle of IS - from the design of IS, through its deployment into a company and to its operation. The key issue is the information security management system in accordance with the applicable standards (series ISO / IEC 27000). A part of the course deals with digital documents and tools for documents security, such as electronic signature, electronic seal and timestamp in connection to the Regulation eIDAS and the Czech law No. 297/2016. Students will become familiar with the laws and technical standards that govern a security of ICT. The issue of cybercrime, including its detection and investigation is included into the interpretation too. This course thus can be concurrently considered as an introduction to cryptology. After passing out this course, students will be able to understand the issues of IS (ICT) security, to know the basic threats in the field of information processing, to orientate themselves on the security aspects of computer systems and networks, to understand the various steps in building a secured IS, to know the legal and technical standards in the ICT security, to control the issue of electronic documents and tools for their authentication (electronic signatures, electronic seals and timestamps), to understand the basic aspects of cryptography, to provide data backup and recovery of system, and will have a global knowledge of the facts in cybercrime issues and about securing evidence in computer systems.
Syllabus
  • 1. Introduction to the issue of security - the concept of security, enterprise information security, ICT/IS security, specification of basic threats; legal and technical standards in the field of ICT security
    2. Multi-layered security (defence in depth) of information systems
    3. Security in operating systems, access management, identification, authentication, authorization
    4. Internet security, protocols, wireless networks
    5. Workstation security
    6. Information security management system - ISO / IEC 27000, PDCA, ITIL methodology principles
    7. Security risk analysis (identification of assets, risk assessment, the draft of countermeasures, etc.)
    8. Realization of security - conception of security, security policy, security measures
    9. Cryptography (symmetric/asymmetric algorithms), hash functions, key management, PKI, etc.
    10. Papers and electronic documents - definition, properties, security and authentication, electronic signature, biometric dynamic signature, electronic stamp and time stamp, eIDAS Regulation and Act No. 297/2016
    11. Data backup and recovery of system
    12. Cybercrime - facts in issues, crime detection and investigation (perpetrators, expertise and expert opinions)
    The teaching methods used include: information-receptive methods (interpretation, explanation, description), verbal and demonstration methods (presentation). Further methods used: reproductive (testing, examination, repeating), problem interpretation methods and case studies.
Literature
    required literature
  • KODL JINDŘICH A VLADIMÍR SMEJKAL. ICT Security and Data Protection. Olomouc: Moravská vysoká škola Olomouc, 2018. info
  • Information Security Management Systems - Overview and Vocabulary. International Organization for Standardization, 2016. info
  • Information Security Management Systems - Requirements. International Organization for Standardization, 2016. info
  • Code of Practice for Information Security Controls. International Organization for Standardization, 2015. info
  • SMEJKAL, Vladimír. Kybernetická kriminalita. Plzeň: Aleš Čeněk. ISBN 978-80-738-0501-2. 2015. info
  • Information Security Risk Management. International Organization for Standardization, 2011. info
  • Information Security Management System Implementation Guidance. International Organization for Standardization, 2010. info
  • CLARK, David Leon. Enterprise Security: A Manager's Defense Guide. Boston: Addison-Wesley Longman Publishing Co., I. ISBN 978-02-017-1972-7. 2002. info
  • MENEZES, Alfred, Paul C. Van OORSCHOT a Scott A. VANSTONE. Handbook of Applied Cryptography. Boca Raton: CRC Press. ISBN 0-8493-8523-7. 1997. info
  • SCHNEIER, Bruce. Applied Cryptography, Second Edition: Protocols, Algorithms, and Source Code in C. ew York: John Wiley & Sons. ISBN 0471117099. 1996. info
    recommended literature
  • Data security management. Praha: TATE International. info
  • SMEJKAL, Vladimír a Karel RAIS. Řízení rizik ve firmách a jiných organizacích. Praha: Grada. ISBN 978-80-247-4644-9. 2013. info
  • MATES, Pavel a Vladimír SMEJKAL. E-government v České republice: právní a technologické aspekty. 2. podstatně přeprac. a rozš. vyd. Praha: Leges. ISBN 978-80-875-7636-6. 2012. info
  • DOUCEK, Petr et al. Řízení bezpečnosti informací: 2. rozšířené vydání o BCM. Praha: Professional Publishing. ISBN 978-80-743-1050-8. 2011. info
Assessment methods (in Czech)
Zkouška: kombinovaná - písemná část (test) a ústní.
Language of instruction
English
Further Comments
The course can also be completed outside the examination period.
The course is taught annually.
The course is taught: every week.
Teacher's information
https://teams.microsoft.com/l/team/19%3ad5415f37faea48f392376219b4d19fb0%40thread.tacv2/conversations?groupId=eadd499d-e199-4741-bf21-9cbac147ad83&tenantId=ed27fc21-8d98-4df9-af69-7fce8cea652b
The course is also listed under the following terms winter 2020, summer 2021, summer 2022, summer 2023.
  • Enrolment Statistics (winter 2021, recent)
  • Permalink: https://is.mvso.cz/course/mvso/winter2021/XSDP