Information Systems Security |
|
|---|---|
| Professors | Stefanos Gritzalis Eleni-Laskarina Makri |
| Course category | Core |
| Course ID | DS-802 |
| Credits | 5 |
| Lecture hours | 3 hours |
| Lab hours | 2 hours |
| Digital resources | View on Aristarchus (Open e-Class) |
Learning Outcomes
Within the framework of the course, students will be able:
- To understand information security issues, especially regarding usable security)
- To recognize basic characteristics of modern authentication methods
- To select the appropriate access control methods regarding the application environments
- To understand Public Key Infrastructure characteristics, especially regarding electronic signatures
- To understand laws and regulations regarding cybersecurity
- To design and develop strategies that support business continuity management systems
- To understand the challenges posed by the evolving dynamics of the combination of the cognitive fields of cyber security, privacy protection, and Artificial Intelligence and the way they create social, cultural, political, and financial issues, as well as ethical issues in modern societies
- To possess state-of-the-art specialized scientific knowledge in the subjects of the course as a basis for original thinking and research activities.
Course Contents
- Information systems security. Socio-technical systems theory. Usable security
- Identification and authentication. Passwords: password management and good practices. Password cracking tools: Cain and Abel. Biometrics
- Access control and authorization: MAC – Mandatory Access Control, DAC – Discretionary Access Control, RRBAC – Role-Based Access Control, Access Control Matrix Model – ACM, Access Control List – ACL, Wildcards, Revoking access rights, Capability List – C-List
- Introduction to Applied cryptography: Symmetric and asymmetric cryptosystems, hash functions, Public Key Infrastructure, Trust Service Providers, Electronic signatures, eIDAS 2014/910, Digital Identity Regulation 2024/1183
- Cybersecurity regulatory issues: EU NIS2 2022/2555 Network and Information Security Directive, EU DORA 2022/2554 Digital Operational Resilience for the financial sector, EU Cyber Resilience Act, EU ePrivacy 2002/58, EU Data Retention 2006/24
- BCMS Business Continuity Management Systems and ISO 22301:2019: security and resilience requirements. Guidelines according to ISO 22313:2020 and ISO 22331:2018
- Privacy protection and personal data protection according to General Data Protection Regulation GDPR and ISO 29100:2024. Privacy Enhancing Technologies
Suggested Bibliography
- C. Pfleeger, Security in Computing, Addison Wesley, 2023
- R. Anderson, Security Engineering, J. Wiley & Sons, 3rd edition, 2020
- D. Gollmann, Computer Security, J. Wiley & Sons, 3rd edition, 2011
Scientific Journals
- International Journal of Information Security, Springer https://link.springer.com/journal/10207
- Computers and Security, Elsevier https://www.sciencedirect.com/journal/computers-and-security
- Information and Computer Security, Emerald https://www.emeraldgrouppublishing.com/journal/ics