Information Systems Security

Professors Stefanos Gritzalis
Eleni-Laskarina Makri
Course category Core
Course ID DS-802
Credits 5
Lecture hours 3 hours
Lab hours 2 hours
Digital resources View on Aristarchus (Open e-Class)

Learning Outcomes

The purpose of the course is to acquaint students with the techniques and methods used to ensure the confidentiality, integrity and availability of the data managed by information systems and of the information systems themselves.

In this context, the learning outcomes of the course, after its successful completion, are that the students will be able:

  • to understand the basic concepts of identification and authentication, access control and malware.
  • to know the modern authentication techniques, access control, operating system security, database system security, malware protection, and IT systems.
  • to analyse, evaluate and justify alternative authentication, identity management, and malware protection systems.
  • to design authentication, identity management and access control systems.

Course Contents

  • Identification and Authentication: Authentication Categories, Authentication Data, Authentication Systems, Biometric Systems.
  • Identity management: examples, technologies, data protection.
  • Access control: Access operations, access matrix, access control mechanisms.
  • Security of Operating Systems: Operating System Security Parameters, Operating Systems Security Mechanisms, development of secure OS, case studies (Unix, Windows NT).
  • Database Systems Security: Security requirements, data integrity and system availability, security for sensitive data, multi-level databases, Oracle security.
  • Malware: Classification, types, methods, case studies.
  • System and product security and assurance: Purpose, issues and methods of assurance, assurance criteria, evaluation systems.

Recommended Readings

Associated scientific Journals

  • IEEE Security and Privacy Magazine, IEEE
  • International Journal of Information Security, Springer
  • Computers and Security, Elsevier
  • Requirements Engineering, Springer
  • IEEE Transactions on Software Engineering, IEEE
  • Security and Communication Networks, Wiley