Information Security (5cr)

Objective

After passing the course the student can
- name and explain the basic principles of Information Security
- classify information and information systems
- identify information security threats
- give examples of information security controls and their implementations
- identify and list information security requirements in different kind of organizations taking into account juridical and regulatory requirements
- assess whether there are shortages in security controls’ implementations and give justified recommendations for their improvements
- explain the basics of information security risk management
- create, assess and improve business continuity and disaster recovery plans
- apply information security penetration testing toolkits.

Content

- The importance of Information Security for different organizations (i.e. business, non-profit, societies)
- Basic principles of Information Security
- Players in the Information Security field (good guys, bad guys)
- Information Security Standards and Best Practices
- The basics of Information Security Risk Assessment and Risk Management
- The subareas of Information Security (i.a. traditional, standard based, best practices)
- Threats and attack methods facing different organizations, and protection against them     
- Basic principles of encryption and firewalls
- Business Continuity and Disaster Recovery Planning
- Laboratory work