N_BIS Information System Security

University of Finance and Administration
Summer 2024
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • V.Smejkal, T.Sokol, J.Kodl : Bezpečnost informačních syrémů podle zákona o kybernetické bezpečnosti, Plzeň 2019, ISBN 978-80-7380-765-8
  • E.Ochodková: Matematické základy kryptografických algoritmů, 2012 dostupné na http://mi21.vsb.cz
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
    recommended literature
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
Credit is awarded for the elaboration of a seminar paper consisting of 10 examples. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be made available to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023.

N_BIS Information System Security

University of Finance and Administration
Summer 2023
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • V.Smejkal, T.Sokol, J.Kodl : Bezpečnost informačních syrémů podle zákona o kybernetické bezpečnosti, Plzeň 2019, ISBN 978-80-7380-765-8
  • E.Ochodková: Matematické základy kryptografických algoritmů, 2012 dostupné na http://mi21.vsb.cz
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
    recommended literature
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
Credit is awarded for the elaboration of a seminar paper consisting of 10 examples. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be made available to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2022
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Sat 26. 2. 9:45–11:15 E224, 11:30–13:00 E224, Sat 12. 3. 9:45–11:15 E224, 11:30–13:00 E224, Sat 9. 4. 9:45–11:15 E224, 11:30–13:00 E224, Fri 29. 4. 14:00–15:30 E224, 15:45–17:15 E224, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
    recommended literature
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
Credit is awarded for the elaboration of a seminar paper consisting of 10 examples. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be made available to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2021
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Fri 12. 2. 14:00–15:30 S22, 15:45–17:15 S22, Fri 12. 3. 14:00–15:30 S22, 15:45–17:15 S22, Fri 16. 4. 14:00–15:30 S22, 15:45–17:15 S22, Fri 23. 4. 14:00–15:30 S22, 15:45–17:15 S22, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
    recommended literature
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
Credit is a written test. Five different scored examples for a total of 50 points. At least 20 points are needed to get the credit. Preparation time is 75 minutes. PCs, lectures, literature are permitted utilities. Credit is a necessary condition for the exam. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be sent to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2020
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Fri 14. 2. 15:45–17:15 S14, 17:30–19:00 S14, Fri 28. 2. 14:00–15:30 S14, 15:45–17:15 S14, Sat 14. 3. 14:00–15:30 S14, 15:45–17:15 S14, Sat 25. 4. 14:00–15:30 S14, 15:45–17:15 S14, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
    recommended literature
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
Credit is a written test. Five different scored examples for a total of 50 points. At least 20 points are needed to get the credit. Preparation time is 75 minutes. PCs, lectures, literature are permitted utilities. Credit is a necessary condition for the exam. The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 16 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be sent to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2019
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Fri 1. 3. 15:45–17:15 S14, 17:30–19:00 S14, Sat 16. 3. 9:45–11:15 S14, 11:30–13:00 S14, Sat 30. 3. 9:45–11:15 S14, 11:30–13:00 S14, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Personal Data Protection (GDPR), the Law on Electronic Communications, the Civil Code, the Act on Undertaking on the Capital Market, the Law on Cyber Security, the Trust-Building Services Act for electronic Transactions.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • Zákony: 412/2005, 181/2014, 297/2016, 89/2012, 256/2004, 127/2005
  • Nařízení EU: GDPR, eIDAS
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 15408 Evaluation criteria for IT security
  • ISO 22301 Business Continuity Management Systém
  • ISO 21827 Capability Maturity Model
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
    recommended literature
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
Teaching methods
Lectures and self-study.
Assessment methods
The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 12 hodin KS/semestr.
Teacher's information
The lectures in pdf format will be sent to the students after the lecture.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2018
Extent and Intensity
2/0/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
RNDr. Petr Tesař, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Sat 17. 2. 9:45–11:15 S22, 11:30–13:00 S22, Fri 2. 3. 14:00–15:30 S22, 15:45–17:15 S22, Sat 7. 4. 14:00–15:30 S22, 15:45–17:15 S22, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
Learning outcomes of the course unit The aim of the subject is to teach students basic theory, legislative framework, norms and practical approaches to protection of information systems. Deeper knowledge will be gained by students on ISMS building under international standards ISO/IEC 27001: 2013. Students will also get a more detailed overview of cryptography.
Learning outcomes
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, GDPR, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature, eIDAS, Cybernetic security Act.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. PKI, hash algorithms, electronic signature and generation of random bits.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office.
Literature
    required literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
  • ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti
  • ISO 22301 Business Continuity Management Systém
  • ČSN ISO 9000 : 2016 Zásady managementu kvality
  • ISO 15408 Evaluation criteria for IT security
  • ISO/IEC 27002:2013 Soubor postupů pro opatření bezpečnosti informací
  • Nařízení EU: GDPR, eIDAS
  • Zákony: 412/2005, 181/2014, 297/2016, 256/2001, 127/2005, 101/2000, 227/2000, 89/201
  • ISO/IEC 27001:2013 Systémy řízení bezpečnosti informací – Požadavky
  • ISO 21827 Capability Maturity Model
    recommended literature
  • FIPS – 197: Advanced Encryption Standard (AES), NIST 2001
  • OCHODKOVÁ, E. Matematické základy kryptografických algoritmů. 2012, dostupné na http://mi21.vsb.cz
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. Both questions must be answered at least on E. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 12 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2017
Extent and Intensity
2/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ing. Barbora Ptáčková
Timetable of Seminar Groups
N_BIS/vAPH: Sat 18. 2. 9:45–11:15 S14, 11:30–13:00 S14, Sat 4. 3. 14:00–15:30 S14, 15:45–17:15 S14, Sat 1. 4. 14:00–15:30 S14, 15:45–17:15 S14, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature, Cybernetic security Act.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology, generation of random bits.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. Hash algorithms and PKI - definition and use of the hash algorithms, MD5, SHA class - x, the structure of PKI, electronic signature.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office, True Crypt.
Literature
    required literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 12 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2016
Extent and Intensity
2/0. 6 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ing. Barbora Ptáčková
Timetable of Seminar Groups
N_BIS/vAPH: Fri 18. 3. 15:30–17:00 S14, 17:15–18:45 S14, Fri 1. 4. 15:30–17:00 S24, 17:15–18:45 S24, Sat 16. 4. 9:45–11:15 S24, 11:30–13:00 S14, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information.
Syllabus
  • 1. Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies.
  • 2. Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature, Cybernetic security Act.
  • 3. Standards in the field of Information Systems I - Family ISO 27k.
  • 4. Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL.
  • 5. Information Security Management System I - security management, ISMS, PDCA cycle, documentation.
  • 6. Information Security Management System II - risk analysis, audit ISMS.
  • 7. Information Security Management System III - personnel security, physical security, information system security, crisis management.
  • 8. Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology, generation of random bits.
  • 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10. Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve.
  • 11. Hash algorithms and PKI - definition and use of the hash algorithms, MD5, SHA class - x, the structure of PKI, electronic signature.
  • 12. Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office, True Crypt.
Literature
    required literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000.
  • J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT
  • A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996.
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 12 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2015
Extent and Intensity
2/0. 5 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (lecturer)
Guaranteed by
doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Tamara Urbánková
Timetable of Seminar Groups
N_BIS/vAPH: Sat 28. 2. 9:45–11:15 S11, 11:30–13:00 S11, Fri 13. 3. 15:30–17:00 S11, Fri 27. 3. 15:30–17:00 S23, 17:15–18:45 S23, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information .
Syllabus
  • 1 Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies. 2 Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature, Cybernetic security Act. 3 Standards in the field of Information Systems I - Family ISO 27k,. 4 Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL 5 Information Security Management System I - security management, ISMS, PDCA cycle, documentation. 6 Information Security Management System II - risk analysis, audit ISMS. 7 Information Security Management System III - personnel security, physical security, information system security, crisis management. 8 Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology, generation of random bits. 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10 Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve. 11 Hash algorithms and PKI - definition and use of the hash algorithms, MD5, SHA class - x, the structure of PKI, electronic signature. 12 Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office, True Crypt.
Literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000 J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT, A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996,
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS Information System Security

University of Finance and Administration
Summer 2014
Extent and Intensity
2/0. 5 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (lecturer)
Guaranteed by
doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Dagmar Medová, DiS.
Timetable of Seminar Groups
N_BIS/vAPH: Fri 21. 3. 17:15–18:45 S13, Fri 4. 4. 15:30–17:00 S13, 17:15–18:45 S13, Fri 18. 4. 15:30–17:00 S13, 17:15–18:45 S13, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information .
Syllabus
  • 1 Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies. 2 Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature. 3 Standards in the field of Information Systems I - Family ISO 27k,. 4 Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL 5 Information Security Management System I - security management, ISMS, PDCA cycle, documentation. 6 Information Security Management System II - risk analysis, audit ISMS. 7 Information Security Management System III - personnel security, physical security, information system security, crisis management. 8 Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology, generation of random bits. 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10 Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve. 11 Hash algorithms and PKI - definition and use of the hash algorithms, MD5, SHA class - x, the structure of PKI, electronic signature. 12 Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office, True Crypt.
Literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000 J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT, A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996,
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
General note: Bb1.
Information on the extent and intensity of the course: 10 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
Summer 2013
Extent and Intensity
2/0. 5 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (lecturer)
Guaranteed by
doc. RNDr. Jan Lánský, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Dagmar Medová, DiS.
Timetable of Seminar Groups
N_BIS/vAPH: Fri 1. 3. 15:30–17:00 S14, 17:15–18:45 S14, Sat 16. 3. 9:45–11:15 S14, 11:30–13:00 S14, Fri 19. 4. 17:15–18:45 S14, P. Tesař
Prerequisites
There are no prerequisites for this course.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives
After completing the course the student will be able to handle basic theory , legislative framework and practical approaches protection of information in information systems of the organizations. He will also have an idea about resources applicable for cryptographic protection of the information .
Syllabus
  • 1 Fundamentals of IS security - definition of basic terms, why deal with security, how to deal with safety, security features, security mechanisms, security policies. 2 Legislative framework - the classification of sensitive information, the Act on the Protection of Classified Information and Security, the Law on Personal Data Protection, the Law on Electronic Communications, the Commercial Code, the Act on Undertaking on the Capital Market, Law on electronic signature. 3 Standards in the field of Information Systems I - Family ISO 27k,. 4 Standards in the field of Information Systems II - ISO 13335, ISO 15408. ISO 9000, ISO 21827, PAS56, COBIT, ITIL 5 Information Security Management System I - security management, ISMS, PDCA cycle, documentation. 6 Information Security Management System II - risk analysis, audit ISMS. 7 Information Security Management System III - personnel security, physical security, information system security, crisis management. 8 Principles of cryptography - basic definitions, history, classical ciphers, Shannon cipher security theory, complexity classes, primes in cryptology, generation of random bits. 9 Symmetric cryptography - definition, linear feedback shift register, substitution boxes (S-boxes), stream ciphers, block ciphers, DES, AES, Block cipher modes of operation. 10 Asymmetric cryptography - Overview, Diffie-Helmann protocol, RSA, ElGamal, Elliptic curve. 11 Hash algorithms and PKI - definition and use of the hash algorithms, MD5, SHA class - x, the structure of PKI, electronic signature. 12 Microsoft and cryptography - a server operating system, OS MS Windows Workstation, MS Office, True Crypt.
Literature
  • P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000 J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT, A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996,
Teaching methods
Lectures and seminars in full-time study; tutorials in part-time study; compulsory seminar participation is 75% in full-time study, compulsory tutorial participation is 50% in part-time study.
Assessment methods
The exam is verbal, consists of two questions. The set of questions covers the whole range of lecture.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
General note: Bb1.
Information on the extent and intensity of the course: 10 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
summer 2012
Extent and Intensity
2/0. 5 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
prof. RNDr. Ondřej Čepek, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Fri 16. 3. 17:15–18:45 S14, Fri 30. 3. 15:30–17:00 S14, 17:15–18:45 S14, Fri 20. 4. 15:30–17:00 S14, 17:15–18:45 S14, P. Tesař
Prerequisites (in Czech)
Žádné.
Course Enrolment Limitations
The course is offered to students of any study field.
Course objectives (in Czech)
Student bude schopen orientace v řízení bezpečnosti informačního systému podle standardů ISO.
Syllabus (in Czech)
  • 1. DEFINICE POJMŮ A LEGISLATIVNÍ RÁMEC - Definice základních pojmů - Klasifikace senzitivních informací - Zákon č. 412/2005 Sb. - Zákon č. 101/2000 Sb. - Zákon č. 127/2005 Sb. - Zákon č. 513/1991 Sb. - Zákon č. 256/2004 Sb. - Zákon č. 227/2000 Sb. 2. NORMY INFORMAČNÍ BEZPEČNOSTI - Rodina ISO 27k - ISO 13335 - ISO 15408 - ISO 9000 - ISO 21827 - PAS56 - COBIT - ITIL 3. ISMS – SYSTÉM ŘÍZENÍ INFORMAČNÍ BEZPEČNOSTI - Úvod - Cyklus PDCA - Analýza rizik 4. KRYPTOGRAFIE - Definice pojmů - Klasická kryptografie - Symetrická kryptografie - Asymetrická kryptografie - PKI 5. METODY A POSTUPY OCHRANY INFORMAČNÍCH SYSTÉMŮ - Fyzická bezpečnost - Personální bezpečnost - Komunikační bezpečnost - Řízení přístupu - Vývoj a údržba systémů - Řízení kontinuity DOPORUČENÁ LITERATURA - P.Hanáček, J.Staudek : Bezpečnost informačních systémů, ÚSIS Praha, 2000 - Zákon č. 412/2005 Sb., o ochraně utajovaných informací a o bezpečnostní způsobilosti - Zákon č. 101/2000 Sb., o ochraně osobních údajů - Zákon č. 127/2005 Sb., o elektronických komunikacích - Zákon č. 513/1991 Sb., Obchodní zákoník - Zákon č. 256/2004 Sb., o podnikání na kapitálovém trhu - Zákon č. 227/2000 Sb., o elektronickém podpisu - ISO/IEC 27001:2005 Information Security Management - ISO/IEC TR 13335-1 Pojetí a modely bezpečnosti IT - ISO/IEC TR 13335-2 Řízení a plánování bezpečnosti IT - ISO/IEC TR 13335-3 Techniky pro řízení bezpečnosti - J.Přibyl, J.Kodl : Ochrana dat v informatice, Vydavatelství ČVUT, 1996 - E.Ochodková : Matematické základy kryptografických algoritmů, VŠB-TU Ostrava, 2011, http://mi21.vsb.cz - A.J.Menezes, P.C. van Oorschot, S.A.Vanstone : Handbook of Applied Cryptography, CRC Press, 1996, dostupné na Internetu - Wikipedia
Teaching methods (in Czech)
Přednášky s prezentací v PowerPointu.
Assessment methods (in Czech)
Ústní zkouška
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10 hodin KS/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, Summer 2011, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
Summer 2011
Extent and Intensity
2/0. 5 credit(s). Type of Completion: zk (examination).
Teacher(s)
RNDr. Petr Tesař, Ph.D. (seminar tutor)
Guaranteed by
prof. RNDr. Ondřej Čepek, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Ivana Plačková
Timetable of Seminar Groups
N_BIS/vAPH: Sat 19. 3. 9:45–11:15 S14, 11:30–13:00 S14, Sat 2. 4. 14:00–15:30 S14, 15:45–17:15 S14, Fri 6. 5. 17:15–18:45 S14, P. Tesař
Course Enrolment Limitations
The course is offered to students of any study field.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10 hodin/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2010, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
Summer 2010
Extent and Intensity
2/0/0. 4 credit(s). Type of Completion: zk (examination).
Teacher(s)
doc. Ing. Jiří Přibyl, CSc. (seminar tutor)
Guaranteed by
prof. RNDr. Ondřej Čepek, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Lenka Bažantová
Timetable of Seminar Groups
N_BIS/vAPH: Fri 12. 2. 15:30–17:00 S14, Sat 27. 2. 9:45–11:15 S14, 11:30–13:00 S14, Fri 30. 4. 17:15–18:45 S14, Fri 7. 5. 15:30–17:00 S14, J. Přibyl
Prerequisites (in Czech)
Znalosti základů vysokoškolské matematiky, orientace v pojmech teorie informací, znalosti z oblasti práce s výpočetní technikou a výhodné jsou též základní znalosti z architektury informačních systémů a základních principů při realizaci podnikové informační bezpečnosti.
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
Course objectives (in Czech)
Cíl kursu Bezpečnostní aspekty informačních systémů a zkoumání základních prvků vytváření podnikového bezpečnostního programu. Hlavní oblasti a směry při realizaci bezpečnostních opatření v prostředí podnikových informačních systémů a zásady bezpečnostních opatření, která je nutno přijmout při eliminaci bezpečnostních rizik. Normotvorné a legislativní úpravy problematiky informační bezpečnosti. Důraz je kladen i na získání znalostí o současných metodologiích řízení bezpečnosti informací v podnikovém IS a v IS veřejné správy.
Syllabus (in Czech)
  • Tato osnova je určena pro prezenční studium, průběh výuky pro kombinované studium je uveden ve studijních materiálech formou metodického listu /ML/ Bezpečnostní aspekty informačních a komunikačních systémů; Správa přístupu – metody identifikace, autentizace, autorizace; Šifrová ochrana informací – historie; Šifrová ochrana informací – věk počítačů; Bezpečnostní normy a standardy;
Literature
  • Povinná literatura
  • Přibyl J, Kodl J.: Ochrana dat v informatice, ČVUT, 1998
  • Kolektiv: Informační bezpečnost, Tate International, 2001
  • Kovacich G.L.: Průvodce bezpečnostního pracovníka IS, Unis Publishing, 2000
  • Smejkal V, Rais K.: Řízení rizik, Grada 2006
  • Horák J.: Bezpečnost malých počítačových sítí, Grada 2003
  • Časopis DSM - Data security management
  • Doporučená literatura
  • Singh S.: Kniha kódů a šifer, Argo, 2003
  • Applied Cryptography, John Wiley & sons, 1996
  • Doseděl T.: Počítačová bezpečnost a ochrana dat. Computer Press, 2004;
  • Menezes,A.J.;van Oorschot, P.C.; Vanstone, S.A.: Handbook of Applied Cryptography, CRC Press, 1997
  • Další zdroje
Assessment methods (in Czech)
Typ výuky:Výuka probíhá formou přednášek Rozsah povinné účasti ve výuce: Minimální povinná účast na cvičení v prezenčním studiu je 80%, na řízených skupinových konzultacích v kombinovaném studiu 50%. Studentům, kteří nesplní povinný rozsah účasti, mohou být v průběhu semestru zadány dodatečné studijní povinnosti (v míře, která umožní prokázat studijní výsledky a získané kompetence nezbytné pro úspěšné zakončení předmětu). Způsob zakončení předmětu: Předmět je zakončen zkouškou sestávající z písemné a doplňkové ústní části.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10hodin/semestr.
The course is also listed under the following terms Summer 2008, Summer 2009, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
Summer 2009
Extent and Intensity
2/0. 4 credit(s). Type of Completion: zk (examination).
Teacher(s)
doc. Ing. Jiří Přibyl, CSc. (seminar tutor)
Guaranteed by
doc. RNDr. Ing. Jaroslav Klvaňa, CSc.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Lenka Bažantová
Timetable of Seminar Groups
N_BIS/vAPH: Fri 13. 2. 12:00–13:30 S13, Sat 28. 2. 9:45–11:15 S13, 11:30–13:00 S13, Fri 13. 3. 12:00–13:30 S13, Fri 24. 4. 12:00–13:30 S13, J. Přibyl
Prerequisites (in Czech)
Znalosti základů vysokoškolské matematiky, orientace v pojmech teorie informací, znalosti z oblasti práce s výpočetní technikou a výhodné jsou též základní znalosti z architektury informačních systémů a základních principů při realizaci podnikové informační bezpečnosti.
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
Course objectives (in Czech)
Anotace je stejná pro všechny formy studia Cíl kursu Bezpečnostní aspekty informačních systémů a zkoumání základních prvků vytváření podnikového bezpečnostního programu. Hlavní oblasti a směry při realizaci bezpečnostních opatření v prostředí podnikových informačních systémů a zásady bezpečnostních opatření, která je nutno přijmout při eliminaci bezpečnostních rizik. Normotvorné a legislativní úpravy problematiky informační bezpečnosti. Důraz je kladen i na získání znalostí o současných metodologiích řízení bezpečnosti informací v podnikovém IS a v IS veřejné správy.
Syllabus (in Czech)
  • Tato osnova je určena pro prezenční studium, průběh výuky pro kombinované studium je uveden ve studijních materiálech formou metodického listu /ML/ Bezpečnostní aspekty informačních a komunikačních systémů; Správa přístupu – metody identifikace, autentizace, autorizace; Šifrová ochrana informací – historie; Šifrová ochrana informací – věk počítačů; Bezpečnostní normy a standardy;
Literature
  • Horák J.: Bezpečnost malých počítačových sítí, Grada 2003
  • Časopis DSM - Data security management
  • Přibyl J, Kodl J.: Ochrana dat v informatice, ČVUT, 1998
  • Kovacich G.L.: Průvodce bezpečnostního pracovníka IS, Unis Publishing, 2000
  • Kolektiv: Informační bezpečnost, Tate International, 2001
  • Smejkal V, Rais K.: Řízení rizik, Grada 2006
Assessment methods (in Czech)
Vyučuuící metody Metody hodnocení Předmět je zakončen zkouškou sestávající z písemné a doplňkové ústní části.
Language of instruction
Czech
Further comments (probably available only in Czech)
The course can also be completed outside the examination period.
Information on the extent and intensity of the course: 10hodin/semestr.
The course is also listed under the following terms Summer 2008, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.

N_BIS IS Security

University of Finance and Administration
Summer 2008
Extent and Intensity
2/0. 4 credit(s). Type of Completion: zk (examination).
Teacher(s)
Ing. Jindřich Kodl, CSc. (seminar tutor)
doc. Ing. Jiří Přibyl, CSc. (seminar tutor)
Guaranteed by
prof. RNDr. Ondřej Čepek, Ph.D.
Department of Computer Science and Mathematics – Departments – University of Finance and Administration
Contact Person: Lenka Bažantová
Timetable of Seminar Groups
N_BIS/vAPH: Sat 29. 3. 9:45–11:15 S13, 11:30–13:00 S13, Fri 11. 4. 17:15–18:45 S13, Sat 26. 4. 11:30–13:00 S13, 14:00–15:30 S13, J. Přibyl
Prerequisites (in Czech)
Znalosti základů vysokoškolské matematiky, orientace v pojmech teorie informací, znalosti z oblasti práce s výpočetní technikou a výhodné jsou též základní znalosti z architektury informačních systémů a základních principů při realizaci podnikové informační bezpečnosti.
Course Enrolment Limitations
The course is also offered to the students of the fields other than those the course is directly associated with.
fields of study / plans the course is directly associated with
Course objectives (in Czech)
Anotace je stejná pro všechny formy studia Cíl kursu Bezpečnostní aspekty informačních systémů a zkoumání základních prvků vytváření podnikového bezpečnostního programu. Hlavní oblasti a směry při realizaci bezpečnostních opatření v prostředí podnikových informačních systémů a zásady bezpečnostních opatření, která je nutno přijmout při eliminaci bezpečnostních rizik. Normotvorné a legislativní úpravy problematiky informační bezpečnosti. Důraz je kladen i na získání znalostí o současných metodologiích řízení bezpečnosti informací v podnikovém IS a v IS veřejné správy.
Syllabus (in Czech)
  • Tato osnova je určena pro prezenční studium, průběh výuky pro kombinované studium je uveden ve studijních materiálech formou metodického listu /ML/ Bezpečnostní aspekty informačních a komunikačních systémů; Správa přístupu – metody identifikace, autentizace, autorizace; Šifrová ochrana informací – historie; Šifrová ochrana informací – věk počítačů; Bezpečnostní normy a standardy;
Assessment methods (in Czech)
Vyučuuící metody Metody hodnocení Předmět je zakončen zkouškou sestávající z písemné a doplňkové ústní části.
Language of instruction
Czech
Further comments (probably available only in Czech)
Information on the extent and intensity of the course: 10hodin/semestr.
The course is also listed under the following terms Summer 2009, Summer 2010, Summer 2011, summer 2012, Summer 2013, Summer 2014, Summer 2015, Summer 2016, Summer 2017, Summer 2018, Summer 2019, Summer 2020, Summer 2021, Summer 2022, Summer 2023, Summer 2024.
  • Enrolment Statistics (recent)