Course detail

ICT Security Management

FP-MICTAcad. year: 2023/2024

The course focuses on the following topics: information security and availability in IS, communication security, security strategy and security management.

Language of instruction

Czech

Number of ECTS credits

3

Mode of study

Not applicable.

Guarantor

doc. Ing. Vít Novotný, Ph.D.

Department

Institute of Informatics (ÚI)

Entry knowledge

They are not required

Rules for evaluation and completion of the course

The course is not concluded by a course-unit credit:
Conditions for passing an exam: Knowledge of taught topics and its practical application.
Form of examination is combined:
- a written test of 50 questions, must correctly answer at least 25 questions, according to ECTS classification,
- an oral examination.
Resulting from simple arithmetic average of the two parts.
Attendance at lessons is not checked. The course consists of lectures only, and the attendance at them is not compulsory

Aims

The main objective of the course is to provide students with the necessary knowledge with respect to IS/IT security, to teach them how to apply the risk analysis as well as to design corporate safety strategy of firm.
Students will gain a basic knowledge of information security - possible security threats, security measures.
After completing the course students will be able to classify assets, analyse security risks in IS / IT and propose comprehensive solutions for their prevention, so as to create security company strategy and proposed safety management system of firm.

Study aids

The Information Security Management scripts are available in electronic form in the course literature

Standards of the 27000 series available electronically from the BUT library

Prerequisites and corequisites

Not applicable.

Basic literature

Drastich, M.: Systém managementu bezpečnosti informací. Grada 2011, Elektronická kniha EAN 24776163
Marciano, F.: Řízení bezpečnosti informací. Professional Publishing 2011, ISBN 978-80-7431-050-8
Ondrák, V.: Management informační bezpečnosti. VUT-FP 2016, Elektronické skriptum
Ondrák, V., P. Sedlák a V. Mazálek: Problematika ISMS v manažerské informatice. CERM 2013,ISBN 978-80-7204-872-4
Požár, J.: Informační bezpečnost. Aleš Čeněk s.r.o. 2005, ISBN 80-86898-38-5

Recommended reading

Harold F. Tipton, Micki Krause Nozaki: Information Security Management Handbook. Auerbach Publications, 2016 ISBN 9781138199750
Horák, J. Bezpečnost malých počítačových sítí. Grada. 2003. ISBN 80-247-0663-6
DOSEDĚL, T.: Počítačová bezpečnost a ochrana dat. Computer Press 2004, ISBN 80-251-0106-1
Smejkal v.: Kybernetická kriminalita. Aleš Čeněk s.r.o. 2015, ISBN 978-80-7380-501-2
Taylor A., D. Alexander, A. Finch a D. Sutton: Information Security Management Principles. BCS 2013, ISBN 1780171757
Vacca, J.,R.: Managing Information Security. Elsevier inc. 2014ISBN 978-0-12-416688-2
Normy ČSN ISO 27000:2017, 27001.2014, 27002:2014, 27003:2018, 27004:2018, 27005:2019

eLearning

eLearning: currently opened course

Classification of course in study plans

  • Programme BAK-MIn Bachelor's, 3. year of study, winter semester, compulsory

Type of course unit

 

Lecture

26 hours, optionally

Teacher / Lecturer

Ing. Viktor Ondrák, Ph.D.

Syllabus

1. Information system from the point of view of information security - decomposition, analysis of information services and users

2. Information security - basic terms, attributes, mechanisms

3. Information assets - analysis, classification, evaluation, ownership, vulnerability analysis

4. Security event - detection, evaluation

5. Security incident - management cycle, ISIRT, impact assessment, incident resolution

6. Security threats - analysis, assessment, synthesis of influence

7. Security risks - risk identification, risk analysis methods, assessment of consequences, risk level

8. Treatment of risks - modification, acceptance, avoidance, sharing of risks, residual risks

9. Risk management system - determination of context, structure, risk acceptance, communication, monitoring and review

10. Safety measures - proposals, management, life cycle, efficiency

11. Information security management systems - ITIL, COBIT, CRAMM, CC, ISO/IEC 27000

12. Implementation of ISMS - analysis of requirements, determination of boundaries, organization design, ISMS policy, documentation

13. ISMS operation - monitoring, measurement, audit, certification

E-learning texts

Záznamy přednášek (cs)
Zadání semestrální práce (a vzorové práce) a termín odevzdání (cs) - Termín odevzdání v ZS: 31.listopadu
Výběr z ČSN/EN 27005 (cs) - Přiložený soubor obsahuje příklady hrozem a zranitelností se systematickým zatříděním. Určitě bude přínosem při vypracování semestrální práce

eLearning

eLearning: currently opened course