Information Systems Security and Privacy Protection

Objective

The main objective of the course is the familiarisation of the students with the terminology and main principles of the Information Systems Security area, thus ensuring a common understanding among students of differing backgrounds. Methodologies for analysing and managing in a systematic way the risk of an information system will be presented in detail, while the main principles for specifying the security policy of an organization will be also discussed.

Upon completion of this course, the students will be able to:

• Understand in detail the main principles of the Information Systems Security Area.
• Apply a Risk Analysis and Management Methodology.
• Understand the aims and the structure of the security policy of an organization.
• Understand the identification, authentication and access control mechanisms.
• Evaluate the usability of a security product.
• Judge the consequences from cyberspace risks.

Course Contents

• Information and Communication Systems Security Terminology: Definitions and Principles.
• Need for and scientific foundation of ‘Risk Analysis’
• Best practices for Risk Management and for the identification of the appropriate security measures. Detailed presentation of the CRAMM Risk Analysis and Management Method.
• Identification and Authentication Mechanisms.
• Access Control Mechanisms.
• Security Policies: Principles, Alternative Approaches, Required Characteristics.
• Legal Framework for the protection of personal and sensitive data.
• Usability of Security: Importance and Consequences.
• Cyberspace Security.