B_BI Information Security

University of Finance and Administration
Summer 2023
Extent and Intensity
2/2/0. 6 credit(s). Type of Completion: zk (examination).
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics - Departments - University of Finance and Administration
Contact Person: Ivana Plačková
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit the aim of the subject is to teach students to master basic theory, legislative framework, norms and practical approaches to information protection. Deeper knowledge will be gained by students about the means of cryptographic protection.
Learning outcomes
After completing the course the student will be able: a) Explain solidly the basic definitions of information protection. b) Focus on the protection of personal data (GDPR), the Cyber Security Act, and the Privacy Act. c) Be an informed member of the team who will prepare the building of ISMS in the company. d) Effectively propose the deployment of specific cryptographic tools to protect corporate assets.
Syllabus
  • 1. Basics of Information Security - definitions of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies. 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security,the Personal Data Protection (GDPR) , the Law on Electronic Communications, the Civil Code , the Law on Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions. 3. Standards in the field of information security - Family ISO 27k. 4. Information Security Management System - Safety Management, ISMS, PDCA cycle, documentation. 5. History and mathematical foundations of cryptography - basic definitions, history, classical ciphers, Shannon's theory of security ciphers. 6. Complexity and primality in cryptology - the Turing machine, complexity classes, their prime properties, prime in cryptology . 7. Modern symmetric ciphers - definition, construction elements of modern symmetric ciphers, linear feedback registers, substitution boxes (S- boxes), stream ciphers, block ciphers. 8. Asymmetric cryptography - the definition, the use of asymmetric algorithms, list of algorithms related to NP problems, RSA, ElGamal, elliptic curve cryptography. 9. PKI and digital signature - definition of PKI, PKI layer, definition and use hash algorithms, MD5, SHA-X class, the electronic signature. 10. RNG and PKCS - distribution random number generators, advantages and disadvantages of each type, testing random sequences, RNG in cryptography, PKCS standards. 11. Cryptographic protocols - the distribution of cryptographic protocols, Diffie - Helmann protocol , Rivest -Shamir protocol, Shamir protocol of distribution secret. 12. Microsoft and cryptography - server operating systems, OS MS Windows workstation, MS Office, VeraCrypt.
Literature
    required literature
  • V.Smejkal, T.Sokol, J.Kodl : Bezpečnost informačních syrémů podle zákona o kybernetické bezpečnosti, Plzeň 2019, ISBN 978-80-7380-765-8
  • E.Ochodková: Matematické základy kryptografických algoritmů, 2012 dostupné na http://mi21.vsb.cz
  • L.Dostálek a kol.: Velký průvodce protokoly TCP/IP:Bezpečnost,Computer Press, Praha, 2001
  • Zákon č. 412/2005 Sb., o~ochraně utajovaných informací a o~bezpečnostní způsobilosti
  • Nařízení EP a Rady EU 2016/679 o ochraně fyzických osob v souvislosti se zpracováním osobních údajů a o volném pohybu údajů (GDPR)
  • Zákon č. 127/2005 Sb., o~elektronických komunikacích
  • Zákon č. 89/2012 Sb., občanský zákoník
  • Zákon č. 256/2004 Sb., o~podnikání na kapitálovém trhu
  • Zákon č. 297/2016 Sb., o službách vytvářejících důvěru pro elektronické transakce (adaptace na eIDAS)
  • Zákon č. 181/2014 Sb., o kybernetické bezpečnosti
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
    recommended literature
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996, dostupné na Internetu
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study; compulsory tutorial participation is 50% in part-time study. Self-study.
Assessment methods
The course ends with an oral exam, which consists of two questions. Range of issues covering the entire presentation area. For passing the oral examination is needed to answer both questions at least ratings E. The exam is admitted only students who had obtained credit from subject B_BI. To obtain the credit is necessary in the written test consisting of five examples acquire at least 40% of the points and also partake of the exercise of the subject B_BI least 75 % of students of PS. In the case of lower participation in the exercises is required in written test to obtain at least 50% of the points.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be sent to the students after the lecture.
The course is also listed under the following terms Winter 2007, Summer 2008, Winter 2008, Winter 2009, Winter 2010, Winter 2011, summer 2012, Winter 2012, Winter 2013, Winter 2014, Winter 2015, Winter 2016, Winter 2017, Winter 2018, Winter 2019, Winter 2020, Summer 2021, Summer 2022.
  • Enrolment Statistics (recent)
  • Permalink: https://is.vsfs.cz/course/vsfs/summer2023/B_BI