ECTS credits: 5
Lectures: 2
Exercises: 2

Course objective:

The goal is for students to acquire knowledge about the importance of conservation and the possible protection of data, information and documents, procedures to calculate the potential risk of destruction of data and available measures for the protection and preservation of data, as well as continuity of operations in organizational systems.

Course contents:

Concept, role and importance of information in today’s business. Information security requirements. Conceptual determination of information security, data protection and information, information security system management (ISMS). Legal regulations in the area of information security. International standards in the area of information security management systems. Planning the information security management system. - Objective of the planning stage of ISMS, Determining the volume of ISMS, Policy of information security system with obligation to the government and its support. Analysis of state of IS resource resources in a business organization. Sources of potential threats to IS resources, focusing on data, programs, information, documentation, and media on which they are located and processed. Estimating vulnerabilities of each IS resource for a certain potential threat. Risk assessment, risk management concept, risk assessment methods. Determination of parameter values in risk calculation, risk calculations, acceptance and rejection of certain risks.Establishing the matrix of calculated risks with all the parameters, their names and the values that participated in the calculation of the risk. Analysis of possible measures of IS resource protection (data, information, programs, documentation, media) according to the analysis of the calculated risks. Systematic approach to IS protection. Establishment and control of protection. Evaluation of the risk of established protection measures by serial connection of three subsystems of protection (plan - implementation - control). Concluding reports on IS protection. Creating a plan and documents for continuous work on analysis and implementation of security and protection measures (ISMS), by using the latest versions of international standards in the field of security and data protection and information. Monitoring of IS security and protection system and continually maintaining and upgrading all its components.

Competences:

Students shall be trained to recognize and decrease critical risks to the safety and to direct efforts towards preserving the safety and to protect data. Students will gain knowledge of planning, implementing, and controlling data and information security management systems, and for the continuity of business in organizational systems.

Learning outcomes:

Having passed the exam, the student will be able to: 1. Assess types and structure of possible threats to information systems. 2. Rank the probability of threats and damages which can be done to certain IS resources. 3. Choose quantitative, qualitative and combined methods to the risk assessment of the IS operation. 4. Perform an analysis of the necessary and available measures to protect IS in accordance with estimated risks. 5. Develop an ISMS measures plan. 6. Test the plan and implementation of measures of protection and IS seurity. These outcomes contribute to the learning outcomes of the study program: - Present the use of information systems (3). - Propose solutions to engineering problems in the profession (4). - Plan the development of information systems with regard to user needs (7). - Propose improvements in data security and system security (8). - Explain opinions, solutions, and suggestions in team work (11).