Information Security (5 cr)

Evaluation scale

H-5

Content scheduling

The importance of Information Security for different organizations (i.e. business, non-profit, societies)
Basic principles of Information Security
Players in the Information Security field (good guys, bad guys)
Information Security Standards and Best Practices
The basics of Information Security Risk Assessment and Risk Management
The subareas of Information Security (i.a. traditional, standard based, best practices)
Threats and attack methods facing different organizations, and protection against them
Basic principles of encryption and firewalls
Business Continuity and Disaster Recovery Planning
Laboratory work

Objective

After passing the course the student can
- name and explain the basic principles of Information Security
- classify information and information systems
- identify information security threats
- give examples of information security controls and their implementations
- identify and list information security requirements in different kind of organizations taking into account juridical and regulatory requirements
- assess whether there are shortages in security controls’ implementations and give justified recommendations for their improvements
- explain the basics of information security risk management
- create, assess and improve business continuity and disaster recovery plans
- apply information security penetration testing toolkits.

Content

- The importance of Information Security for different organizations (i.e. business, non-profit, societies)
- Basic principles of Information Security
- Players in the Information Security field (good guys, bad guys)
- Information Security Standards and Best Practices
- The basics of Information Security Risk Assessment and Risk Management
- The subareas of Information Security (i.a. traditional, standard based, best practices)
- Threats and attack methods facing different organizations, and protection against them     
- Basic principles of encryption and firewalls
- Business Continuity and Disaster Recovery Planning
- Laboratory work

Materials

Will be provided in ItsLearning during the course.

Exam schedules

There is no exam on this course.

Student workload

Lectures 20h
Weekly homework 88h
Lab work 27h

Evaluation methods and criteria

Grading is based on weekly assignments and returned laboratory work. Laboratory work is mandatory.

Failed (0)

<50% assignment points.

Assessment criteria, satisfactory (1-2)

>=50% assignment points. Student understands the basic principles of information security as well as information classification and the most common security threats. Student is familiar with information security requirements and basic concepts of risk management. Student can perform basic security scanning against information systems.

Assessment criteria, good (3-4)

>=70% assignment points. Student understands and can apply the basic principles of information security as well as perform information classification and identify the most common security threats. Student is able to write basic information security requirements and utilize basic concepts of risk management. Student can perform basic security scanning against information systems.

Assessment criteria, excellent (5)

>=90% assignment points. Student understands and can apply the basic principles of information security as well as perform information classification and identify security threats independently. Student is able to write information security requirements and utilize basic concepts of risk management. Student understands the necessity of disaster recovery and business continuity planning. Student can independently perform basic security scanning against information systems.