VSFS:N_BIS Information System Security - Course Information
N_BIS Information System Security
University of Finance and AdministrationSummer 2022
- Extent and Intensity
- 2/0/0. 6 credit(s). Type of Completion: zk (examination).
- Teacher(s)
- RNDr. Petr Tesař, Ph.D. (seminar tutor)
- Guaranteed by
- RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková - Timetable of Seminar Groups
- N_BIS/vAPH: Sat 26. 2. 9:45–11:15 E224, 11:30–13:00 E224, Sat 12. 3. 9:45–11:15 E224, 11:30–13:00 E224, Sat 9. 4. 9:45–11:15 E224, 11:30–13:00 E224, Fri 29. 4. 14:00–15:30 E224, 15:45–17:15 E224, P. Tesař
- Prerequisites
- There are no prerequisites for this course.
- Course Enrolment Limitations
- The course is offered to students of any study field.
- Course objectives
- Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
- Learning outcomes
- After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
- Syllabus
- 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
- 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
- 3. Standards in the field of Information Systems I - Family ISO 27k.
- 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
- 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
- 6. Information Security Management System II - risk analysis, audit ISMS.
- 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
- 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
- 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
- 11. PKI, hash algorithms, electronic signature and generation of random bits.
- 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
- Literature
- required literature
- Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
- Nařízení EU: GDPR, eIDAS
- ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
- ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
- ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
- ISO 15408 Evaluation criteria for IT security
- ISO 22301 Business Continuity Management Systém
- ISO 21827 Capability Maturity Model
- P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
- J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
- recommended literature
- ČSN ISO 9000 : 2016 Zásady managementu kvality
- A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
- FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
- Teaching methods
- Lectures and self-study.
- Assessment methods
- Credit is awarded for the elaboration of a seminar paper consisting of 10 examples. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
- Language of instruction
- Czech
- Further comments (probably available only in Czech)
- The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr. - Teacher's information
- The lectures in pdf format will be made available to the students after the lecture.
- Enrolment Statistics (Summer 2022, recent)
- Permalink: https://is.vsfs.cz/course/vsfs/summer2022/N_BIS