Security of Information Systems

Security of Information Systems 1

Course title
Security of Information Systems 1
Course tag
Course status
Independent work
Teachers and associates
Msc Dražen Pranić, Lecturer
Robert Petrunić, Lecturer
The course aims
To familiarize students with the Croatian and European legal regulations of information security, ISO standards for information security and the most important areas of information security (risk management, basics of cryptography, protection against malicious software, network security, ...)
The basics of information security, Digital evidence, Identity theft, ISO 27001/27002, Risk management, Security business cooperation, Basics of cryptography, Malicious software, Network security, Weba application security, Business continuity
Supplementary literature
1. Applied Cryptography, B. Schneier, John Wiley and Sons, 1996.
2. Peltier R.T., Information Security Risk Analysis, Auerbach, CRC press, 2000.
3. International IT Governance: An Executive Guide to ISO 17799/ISO 27001 by Alan Calder and Steve Watkins, 2006.
4. Security in Computing, Charles P. Pfleger, Prentice Hall, 1997.

Minimum learning outcomes

  1. Determine the fundamentals of legislation for information security.
  2. Determine the basics of ISO 27001 standard.
  3. Evaluate different asymmetric and symmetric cryptographic algorithms and compression algorithms.
  4. Determine methods for vulnerability management processes, Web application security and methods for managing log records.
  5. Determine the category of malicious programs and techniques for their use, systems for detecting and preventing unauthorized user activity, firewalls.

Preferred learning outcomes

  1. Evaluate the importance of the legal framework for information security in the Republic of Croatia.
  2. Evaluate basic methods of risk management.
  3. Evaluate the importance of public key infrastructure in the application of cryptography.
  4. Evaluate the importance of penetration testing and usage of SIEM system.
  5. Evaluate the applicability of innovative mechanisms of protection against malicious programs and unauthorized user activity.