Information security

Objectives and competences

Objective of the course is to present the basic concepts of information security to students. The key ingredients are computer information security, security risk analysis and mitigation, and establishment of information security policy and procedures.

Prerequisites

Fluent in English or Slovene language, basic knowledge in computer and information science

Content

  1. Introduction
    • The goal and purpose of the course
    • Course materials and method of work
    • Study guide

  2. Security of information systems
    • Information security concepts
    • Vulnerabilities, threats and typical attacks on information systems

  3. Privacy and surveillance
    • The right to privacy
    • Legal development of the right to privacy

  4. Information security legislation and cybercrime
    • Cybercrime in criminal code
    • Digital forensics legislation
    • Information Security Act
    • Intelligence hacking and cyberterrorism
    • History of the cybercrime in Slovenia

  5. Basic concepts of cryptography
    • Cryptography basics
    • Security of hash algorithms
    • Cryptographic secret sharing
    • Digital signature

  6. Network security
    • Basic concepts of network security
    • Security of phone networks
    • VPN networks and anonimisation

  7. Digital forensics and antiforensics
    • Forensic investigation of digital media
    • Antiforensics techniques for data protection

  8. Advanced techniques of attacks on information systems
    • Attacks on random-access memory
    • TEMPEST attack
    • Hardware rootkits

Intended learning outcomes

The students will learn about the basics of computer information security. They will acquire knowledge about standards from the field. They will know how to perform information security risk analysis and how to setup a system for information security based on policies.

Readings

  • Schneier, Bruce. Beyond Fear: Thinking Sensibly About Security in an Uncertain World, Copernicus Books, 2003. ISBN 0-387-02620-7. Catalogue E-version
  • Anderson, Ross (2008). Security engineering: a guide to building dependable distributed systems. New York: John Wiley. ISBN 978-0-470-06852-6. Catalogue E-version
  • Infosec seminar. E-version
  • Video lectures on information security. E-version
  • Matej Kovačič. 2022. Crash course on cybersecurity: a manual for surviving in a networked world. ISBN: 978-961-7025-24-8 (PDF). E-version Catalogue

Assessment

Written exam 80%, Seminary work 20%

Lecturer's references

Dr. Matej Kovačič, higer lectuer in the field of information security, is employed at the Centre for Knowledge Transfer in Information Technologies and Artificial Intelligence Lab at the Jožef Stefan Institute. He is working in the field of data analysis and information security. He is author of several books and articles in the field of privacy, information security and digital forensics.

Selected bibliography

KOVAČIČ, Matej. Zasebnost na internetu / Privacy On the Internet, (Zbirka Politike). Ljubljana: Mirovni inštitut, Inštitut za sodobne družbene in politične študije, 2003. 111, 105 str. ISBN 961-6455-09-5;

KOVAČIČ, Matej. Nadzor in zasebnost v informacijski družbi : filozofski, sociološki, pravni in tehnični vidiki nadzora in zasebnosti na internetu [Surveillance and privacy in the information society: philosophical, sociological, legal and technical aspects of control and privacy on the Internet], (Znanstvena knjižnica, 55). Ljubljana: Fakulteta za družbene vede, 2006. 268 str., graf. prikazi. ISBN 961-235-242-9;

KOVAČIČ, Matej. Zasebnost in hramba prometnih podatkov v mobilni telefoniji. V: VEHOVAR, Vasja (ur.). Mobilne refleksije, (Knjižna zbirka Družboslovna informatika / Informacijska družba). 1. natis. Ljubljana: Fakulteta za družbene vede. 2007, str. 243-267. COBISS.SI-ID 26627165