Information Security and Privacy
Lecturer: Denis Trček
• Key standards and organizations (ISO, ITU-T, IETF, W3C, OASIS, OMA).
• Security mechanisms, security services (principles and practical implementations of authentication, confidentiality, integrity, non-repudiation, access control, logging and alarming), public key infrastructure (time base, name space management, operational protocols), quantum computing basics (quantum key exchange).
• Authentication, authorization and accounting infrastructure (principles, examples of standardized solutions like RADIUS and Diameter).
• Security of physical and data layers (example protocols are WEP, WPA1 and WPA2).
• Security of network, transport and application layers, including internet of things and clouds (example protocols are IPSec, TLS, S/MIME, SET, XMLSec, SAML, XACML, WS-*).
• Formal methods (taxonomy of formal methods, examples like R. Rueppl’s method, logic BAN).
• Security and privacy by design (internet stvari, RFID systems) with trust management and reputation management basics in services oriented architectures.
• Secure programming (model checking).
• Risk management in IS, organizational views and human factor views (security policies, human factor modelling and simulations).
• Accreditation and auditing of IS related to security (ISO 2700X, CISSP), and standards for technical implementations of hardware and software components (Common Criteria).
• Basic legislation in the area of IS security and privacy (EU directives, national implementations).
• Addendum: Mini practical tasks covering the latest selected technological issues.
Objectives and competences:
The goal of the course is to educate students to be able to actively provide security and privacy in contemporary information systems (IS), which include internet of thins, be it as systems administrators, or developers of new solutions.
- Developing skills in critical, analytical and synthetic thinking.
- The ability to define, understand and solve creative professional challenges in computer and information science.
- The ability of professional communication in the native language as well as a foreign language.
- Compliance with security, functional, economic and environmental principles.
- The ability to understand and apply computer and information science knowledge to other technical and relevant fields (economics, organisational science, fine arts, etc).
- Practical knowledge and skills of computer hardware, software and information technology necessary for successful professional work in computer and information science.
Intended learning outcomes:
- Knowledge and understanding: Knowledge of the principles for protection of information resources, data, and privacy in a modern global information environment that includes internet of things and smart devices.
- Application: Administration of security and privacy IS solutions, and their development, including internet of things and smart structures.
- Reflection: Holistic understanding of information security and privacy.
- Transferable skills: The course is related to areas of operating systems, computer communications, and business views of IS security and privacy. Further, the acquired skills are also aimed at the development of new products and servivces.