Security Policies and Security Management |
|
|---|---|
| Professors | Stefanos Gritzalis Konstantinos Lambrinoudakis Eleni-Laskarina Makri |
| Course category | Core |
| Course ID | DS-801 |
| Credits | 5 |
| Lecture hours | 3 hours |
| Lab hours | 2 hours |
| Digital resources | View on Aristarchus (Open e-Class) |
Learning Outcomes
Within the framework of the course, students will be able:
- To understand information and systems security problems for public and private bodies
- To realise the necessity of information security management system ISMS according to ISO 27001:2022
- To conduct risk management actions according to ISO 27005:2022, starting with risk assessment process and continue with risk treatment process, using software tools
- To select suitable technological controls, organizational controls, physical controls and people controls, according to ISO 27002:2022
- To effectively design ISMS and information security polices
- To understand the challenges posed by the evolving dynamics of the combination of the cognitive fields of cyber security, privacy protection, and Artificial Intelligence and the way they create social, cultural, political, and financial issues, as well as ethical issues in modern societies
- To possess state-of-the-art specialized scientific knowledge in the subjects of the course as a basis for original thinking and research activities.
Course Contents
- Information and systems security terminology and ISO 27000:2018
- Information Security Management System – ISMS: Basic principles and ISO 27001:2022
- Controls/safeguards: technological controls, organizational controls, physical controls, and people controls according to ISO 27002:2022
- Information Security Risk management and ISO 27005:2022: assets, threats, vulnerabilities, controls
- Risk assessment: risk identification, risk analysis, risk evaluation
- Risk treatment: risk modification, risk retention, risk avoidance, risk sharing
- Statement of applicability
- Software for conducting the risk management process
- Information security organizational framework: Security policies, policies hierarchy, thematic policies, policies life cycle, responsibilities for the development of security policies
Suggested Bibliography
- R. Anderson, Security Engineering, J. Wiley & Sons, 3rd edition, 2020
- D. Gollmann, Computer Security, J. Wiley & Sons, 3rd edition, 2011
Scientific Journals
- International Journal of Information Security, Springer https://link.springer.com/journal/10207
- Computers and Security, Elsevier https://www.sciencedirect.com/journal/computers-and-security
- Information and Computer Security, Emerald https://www.emeraldgrouppublishing.com/journal/ics