Ensuring Security and Privacy

Objectives and competences

The main objective of the course is to present the basic concepts of information security, where the emphasis is on the protection of information systems, in particular educational information systems, against various threats, managing security risks and ensuring compliance of these systems with privacy protection regulations.
Students will acquire the following competences:

  • Understand the concept of educational information system protection against threats;

  • Security risk management and provision of compliance of these systems with regulations in the filed of privacy protection.

Prerequisites

Basic knowledge of computer and information science is assumed.

Content

  1. Introduction
    • The goal and purpose of the course
    • Course materials and method of work
    • Required and additional literature
    • Study guide

  2. Privacy
    • The concept of privacy and the right to pri-vacy
    • Protection of personal data in the area of education

  3. Information security basics
    • Threats to information security
    • Cybercrime
    • Concepts and basic technologies for the protection of information systems
    • Cryptography basics
    • Security risks analysis and management
    • Ensuring compliance with educational in-formation systems with privacy protection regulations

Intended learning outcomes

  • Students will be familiar with the key con-cepts and basic technologies for protecting in-formation systems.

  • Students will know how to perform infor-mation security risk analysis and how to set up a system for information security compliance based on policies.

  • Students will be able to ensure the compli-ance of educational information systems with privacy protection regulations.

Readings

• Layton, T.P. (2007). Information Security: Design, Implementation, Measurement, and Compliance. Boca Raton, Auerbach publications, 2007.
• Bishop, M. (2003). Computer Security, Art and Science, AddisonaWesley, 2003. Pfleeger, C.F. E-version
• Kovačič, M. (2006). Nadzor in zasebnost v informacijski družbi : filozofski, sociološki, pravni in tehnični vidiki nadzora in zasebnosti na internetu. Fakulteta za družbene vede, 2006. E-version
• Schneier, B. (2003). Beyond Fear. Copernicus Books, 2003. Catalogue E-version
• Schneier, B. (2015). Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World. W. W. Norton & Company, 2015. E-version
• Schneier, B. (2012). Liars and Outliers: Enabling the Trust that Society Needs to Thrive. Wiley, 2012. E-version

Assessment

• Interim presentations • Final exam

Lecturer's references

Bojan Cestnik is the general manager of software company Temida and a researcher in the de-partment of Knowledge technologies at Jozef Stefan Institute in Ljubljana. He obtained his PhD in Computer Science form the University of Ljubljana. His professional and research interests in-clude knowledge based information systems, business process modeling, decision support sys-tems and machine learning. His research work was presented at several international confer-ences. He has been responsible for several large-scale software development and maintenance projects for supporting business operations where also ensuring internet security is important.