|
Lecturer(s)
|
-
Macháček Miloslav, Ing. Ph.D.
|
|
Course content
|
Information system, definitions and types of IS. Basic concepts of security, threats, risks and vulnerability attacks. Risk analysis. Safety measures and security policy. Criteria for system security assessment TCSEC, CTCPEC, ITSEC and CC. Methods of monitoring the system, types of IDS. Security features for added security IS. Response to incidents and forensic analysis. Audit/penetration test. Security of operating systems, databases and applications. Importance of smart cards in security. Cybercrime, ICT and security threats. Security Methods of client computer. Information security during data transmission. Cloud computing and security of information assets. Cryptographic security mechanisms. Symmetric and asymmetric encryption algorithms. Electronic signature, keys and certification. Information Security Management System (ISMS). Certification - the introduction to information security of management system. The benefits of installation and certification of ISMS. Usage of CSN BS7799-2: 2004, ISO / IEC 17799: 2005 and ISO / IEC 27001 in the implementation of information security management system. Increase of the security of the information system by implementation and maintenance of the subsystems enhancing information security in the organization. Subsystem asset management, risk management, security policy management of information security, personal security, physical security, communication management and operation of ICT. Subsystem of rules of access to systems where safety rules are in the phase of acquirement, development and maintenance, solution of security incidents and deficiencies in management administration business, continuity and compliance standards and legal standards. The legislative framework of information security in the Czech Republic.
|
|
Learning activities and teaching methods
|
|
unspecified
|
|
Learning outcomes
|
Familiaring students with the design of a secure Information System and Information Security Management System in company.
Students are going to gain knowledge about information systems security and about a set of policies connected with information security management.
|
|
Prerequisites
|
Basic knowledge of work with PC (Windows 7, 8, 10 or Linux OS). Notebook with Windows.
|
|
Assessment methods and criteria
|
unspecified
Active mandatory attendance of seminars and lectures where selected topics will be practiced and also fulfilling of certain specified requirements. Successful finishing of all tasks is required.
|
|
Recommended literature
|
-
HANÁČEK, P; STAUDEK, J. Bezpečnost informačních systémů. Praha: Úřad pro státní informační systém, 2000. ISBN: 80-23854-00-3. S: 127..
-
JOINT TASK FORCE TRANSFORMATION INITIATIVE. Information security. Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology. Gaithersburg 2011, MD 20899-8930. March 2011. Dostupný z WWW: < http://csrc.nist.gov>..
-
MACHÁČEK, Miloslav. Cloud Computing and Security of Information Assets. Annual International Interdisciplinary Conference, AIIC 2014. University of the Azores, Ponta Delgada, 8-12 July 2014, Azores Islands, Portugal. p. 428. ISBN 978-608-4642-26-8..
-
MENEZES, Van OORSCHOT, VANSTONE. Handbook of Applied Cryptography. CRC Press. Hardcover. 1997. 816 pages..
-
PATTINSON, F. Certifying Information Security Management Systems. CISSP, CSDP, Atsec information security corporation. Dostupný z WWW: < http://www.atsec.com>..
|