School of Engineering and Management

Information security

This course is part of the programme:
Bachelor's programme in Engineering and Management (First Level)

Objectives and competences

Objective of the course is to present the basic concepts of information security to students. The key ingredients are computer information security, security risk analysis and mitigation, and establishment of information security policy and procedures.

Prerequisites

Fluent in English or Slovene language, basic knowledge in computer and information science

Content (Syllabus outline)

1. Introduction

  • The goal and purpose of the course
  • Course materials and method of work
  • Study guide

2. Security of information systems

  • Information security concepts
  • Vulnerabilities, threats and typical attacks on information systems

3. Privacy and surveillance

  • The right to privacy
  • Legal development of the right to privacy

4. Information security legislation and cybercrime

  • Cybercrime in criminal code
  • Digital forensics legislation
  • Information Security Act
  • Intelligence hacking and cyberterrorism
  • History of the cybercrime in Slovenia

5. Basic concepts of cryptography

  • Cryptography basics
  • Security of hash algorithms
  • Cryptographic secret sharing
  • Digital signature

6. Network security

  • Basic concepts of network security
  • Security of phone networks
  • VPN networks and anonimisation

7. Digital forensics and antiforensics

  • Forensic investigation of digital media
  • Antiforensics techniques for data protection

8. Advanced techniques of attacks on information systems

  • Attacks on random-access memory
  • TEMPEST attack
  • Hardware rootkits

Intended learning outcomes

The students will learn about the basics of computer information security. They will acquire knowledge about standards from the field. They will know how to perform information security risk analysis and how to setup a system for information security based on policies.

Readings

Schneier, Bruce. Beyond Fear: Thinking Sensibly About Security in an Uncertain World, Copernicus Books, 2003. ISBN 0-387-02620-7

Anderson, Ross (2008). Security engineering: a guide to building dependable distributed systems. New York: John Wiley. ISBN 978-0-470-06852-6.

Infosec seminar, video lectures on information security, http://videolectures.net/infosec_seminar/, https://infosec-seminar.si.

Assessment

Written exam 80%, Seminary work 20%

Lecturer's references

Dr. Matej Kovačič, higer lectuer in the field of information security, is employed at the Centre for Knowledge Transfer in Information Technologies and Artificial Intelligence Lab at the Jožef Stefan Institute. He is working in the field of data analysis and information security. He is author of several books and articles in the field of privacy, information security and digital forensics.

Selected bibliography

KOVAČIČ, Matej. Zasebnost na internetu / Privacy On the Internet, (Zbirka Politike). Ljubljana: Mirovni inštitut, Inštitut za sodobne družbene in politične študije, 2003. 111, 105 str. ISBN 961-6455-09-5;

KOVAČIČ, Matej. Nadzor in zasebnost v informacijski družbi : filozofski, sociološki, pravni in tehnični vidiki nadzora in zasebnosti na internetu [Surveillance and privacy in the information society: philosophical, sociological, legal and technical aspects of control and privacy on the Internet], (Znanstvena knjižnica, 55). Ljubljana: Fakulteta za družbene vede, 2006. 268 str., graf. prikazi. ISBN 961-235-242-9;

KOVAČIČ, Matej. Zasebnost in hramba prometnih podatkov v mobilni telefoniji. V: VEHOVAR, Vasja (ur.). Mobilne refleksije, (Knjižna zbirka Družboslovna informatika / Informacijska družba). 1. natis. Ljubljana: Fakulteta za družbene vede. 2007, str. 243-267. COBISS.SI-ID 26627165

University course code: 1GI038

Year of study: 2

Semester: 1

Course principal:

Lecturer:

ECTS: 6

Workload:

  • Lectures: 45 hours
  • Exercises: 15 hours
  • Individual work: 90 hours

Course type: elective

Languages: slovene, english

Learning and teaching methods:
the subject content will be divided into logical units. lectures with be given with active students' involvement (explanation, discussion, questions and answers, case studies) and group research work.