VSFS:B_BI Information Security - Course Information

B_BI Information Security

Extent and Intensity

2/1. 6 credit(s). Type of Completion: zk (examination).

Teacher(s)

RNDr. Petr Tesař, Ph.D. (seminar tutor)

Guaranteed by

doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ing. Barbora Ptáčková

Timetable of Seminar Groups

B_BI/cAPH: each even Monday 12:15–12:59 E224, each even Monday 13:00–13:45 E224, P. Tesař
B_BI/pAPH: Mon 10:30–11:14 E224, Mon 11:15–12:00 E224, P. Tesař
B_BI/vAPH: Sat 15. 10. 9:45–11:15 E304, 11:30–13:00 E304, Sat 12. 11. 9:45–11:15 E304, 11:30–13:00 E304, Fri 25. 11. 15:45–17:15 E304, 17:30–19:00 E304, P. Tesař

Prerequisites

There are no prerequisites for this course.

Course Enrolment Limitations

The course is also offered to the students of the fields other than those the course is directly associated with.

fields of study / plans the course is directly associated with

• Applied Informatics (programme VSFS, B-INF) (2)

Course objectives

After completing the course the student will be able to handle basic theory, legislative framework and practical approaches to information protection. He/she will have a deeper knowledge of the means used in the field of cryptographic protection of information.

Syllabus

• 1. Basics of Information Security - definitions of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies. 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection , the Law on Electronic Communications, the Commercial Code , the Law on Capital Market, the Law on Electronic Signature, the Law on Cyber Security. 3. Standards in the field of information security - Family ISO 27k. 4. Information Security Management System - Safety Management, ISMS, PDCA cycle, documentation. 5. History and mathematical foundations of cryptography - basic definitions, history, classical ciphers, Shannon's theory of security ciphers. 6. Complexity and primality in cryptology - the Turing machine, complexity classes, their prime properties, prime in cryptology . 7. Modern symmetric ciphers - definition, construction elements of modern symmetric ciphers, linear feedback registers, substitution boxes (S- boxes), stream ciphers, block ciphers. 8. Block ciphers DES and AES - description of DES , DES modes of operation, cryptanalytic attacks on DES , AES description . 9. Asymmetric cryptography - the definition, the use of asymmetric algorithms, list of algorithms related to NP problems, RSA, ElGamal, elliptic curve cryptography. 10. PKI and digital signature - definition of PKI, PKI layer, definition and use hash algorithms, MD5, SHA-X class, the electronic signature. 11. RNG and cryptographic protocols - distribution random number generators, advantages and disadvantages of each type, testing random sequences, RNG in cryptography, the distribution of cryptographic protocols, Diffie - Helmann protocol , Rivest -Shamir protocol, Shamir protocol of distribution secret, PKCS standards. 12. Microsoft and cryptography - server operating systems, OS MS Windows workstation, MS Office, VeraCrypt.

Literature

required literature
• Zákon č. 412/2005 Sb., o~ochraně utajovaných informací a o~bezpečnostní způsobilosti
• Zákon č. 101/2000 Sb., o~ochraně osobních údajů
• Zákon č. 127/2005 Sb., o~elektronických komunikacích
• Zákon č. 513/1991 Sb., Obchodní zákoník
• Zákon č. 256/2004 Sb., o~podnikání na kapitálovém trhu
• Zákon č. 227/2000 Sb., o~elektronickém podpisu
• Zákon č. 181/2014 Sb., o kybernetické bezpečnosti
• P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000
• J.Přibyl, J.Kodl : Ochrana dat v~informatice, Vydavatelství ČVUT, 1996
• E.Ochodková: Matematické základy kryptografických algoritmů, 2012 dostupné na http://mi21.vsb.cz
• L.Dostálek a kol.: Velký průvodce protokoly TCP/IP:Bezpečnost,Computer Press, Praha, 2001
• FIPS – 197: Advanced Encryption Standard (AES), NIST 2001

recommended literature
• ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
• ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
• A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996, dostupné na Internetu
• MS-OFFCRYPTO: Office Document Cryptography Structure Specification 2007 Microsoft Office Systém Document Encryption
• N.Ferguson: AES-CBC + Elephant diffuser A Disk Algorithm for Windows Vista, Microsoft, August 2006
• K.Eisenkolb, M.Gokhan, H.Weickardt: Bezpečnost Windows 2000/XP, Computer Press Praha 2003

Teaching methods

Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study; compulsory tutorial participation is 50% in part-time study. Self-study.

Assessment methods

The course ends with an oral exam, which consists of two questions. Range of issues covering the entire presentation area. For passing the oral examination is needed to answer both questions at least ratings E. The exam is admitted only students who had obtained credit from subject B_BI. To obtain the credit is necessary in the written test consisting of five examples acquire at least 40% of the points and also partake of the exercise of the subject B_BI least 75 % of students of PS. In the case of lower participation in the exercises is required in written test to obtain at least 50% of the points.

Language of instruction

Czech

Further comments (probably available only in Czech)

The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 12 hodin KS/semestr.

• Enrolment Statistics (Winter 2016, recent)
  
• Permalink: https://is.vsfs.cz/course/vsfs/winter2016/B_BI