Course: Information Security Risk Management

» List of faculties » FP » KMD
Course title Information Security Risk Management
Course code KMD/BRI
Organizational form of instruction Lecture + Lesson
Level of course Master
Year of study not specified
Semester Winter
Number of ECTS credits 5
Language of instruction Czech
Status of course Compulsory-optional
Form of instruction Face-to-face
Work placements Course does not contain work placement
Recommended optional programme components None
Course availability The course is available to visiting students
Lecturer(s)
  • Mlýnek Jaroslav, doc. RNDr. CSc.
Course content
Lectures: 1. The significance of electronic information, the reasons to ensure their safety. 2. Objectives and strategies of the security solution of the information system. 3. Risk analysis methods, examples of methodologies. 4. Performing of Business Impact Analysis (BIA) - identification of critical processes and a ctivities. 5. Security policy of information system, security classification of information, security regulations. 6. Areas of implementations of security countermeasures. 7. Use of cryptographic tools to ensure the confidentiality, integrity and authenticity of electronic information. 8. Practical applications of hash functions (SHA), symmetric ciphers (DES, Triple DES, AES). 9. Asymmetric ciphers (RSA), their use. 10. The principle of digital signature, the relationship between digital and electronic signatures. 11. Certificate of public key, activities of certification authority. 12. Definition of basic terms of business continuity and crisis management. 13. Implementation procedure business continuity, development and testing of emergency and crisis plans. 14. Monitoring and audit of information system. Exercises: Practice topics according to lectures.

Learning activities and teaching methods
Monological explanation (lecture, presentation,briefing), Written assignment presentation and defence
  • Class attendance - 56 hours per semester
  • Preparation for credit - 15 hours per semester
  • Semestral paper - 20 hours per semester
Learning outcomes
The subject is focused on the problem of confidentiality, integrity and availability of information within used information system. Attention is paid to methods of analysis of the risks of the information system (evaluation of assets, determination of threats and levels of risks), methods for identification of information owners and evaluation of information, introduction to information security classification. Based on the determination of measure of risks for individual parts of the information system, adequate safeguards are implemented. Use of current cryptographic tools to ensure the confidentiality, integrity and authenticity of electronic information is explained. The possibilities of using the digital signature, the public key certificate and the activities of the certification authority are shown to students. Interrelationship between digital and electronic signature is explained. The principles of secure communication through internet banking and internet commerce are presented. Subject also deals with the availability of information, testing and using the emergency and recovery plans of information system.
Knowlige of fundamentals of numerical mathematics.
Prerequisites
Passing of mathematical lectures of first four semestrs.

Assessment methods and criteria
Oral exam, Written exam

Credit: Working out a semestral work. Exam: Written.
Recommended literature
  • ANTUŠÁK, E.; KOPECKÝ, Z. Krizový management. Úvod do teorie. 1. vydání. Praha: Oeconomica, 2005. 97 s. ISBN 80-245-0951-2..
  • Bosáková, D. a kol.:. Elektronický podpis. GRADA Praha, 2002. ISBN 80-7263-125-X.
  • ČSN ISO/IEC 27001:2013. Mezinárodní norma řízení bezpečnosti informací. 2006.
  • Donucek, P., Novák, L., Svatá, V.:. Řízení bezpečnosti informací. Praha, Professional Publishing, 2008. ISBN 978-80-86946-88-7.
  • Mlýnek, J.:. Zabezpečení obchodních informací. Computer Press, Brno, 2007. ISBN 978-80-251-1511-4.
  • Peltier, T., R. Information Security Risk Analysis. Taylor & Francis Group, Boca Raton, USA, 2005.
  • Přibyl , J.:. Informační bezpečnost a utajování zpráv. ČVUT, fak. elektrotechnická, vydavatelství ČVUT, Praha, 2004. ISBN 80-01-02863-1.
  • Schneier, B.:. Applied Cryptography. John Wiley & sons, New York, USA, 1996. ISBN 0-471-59756-2.


Study plans that include the course
Faculty Study plan (Version) Category of Branch/Specialization Recommended year of study Recommended semester