Information Security and Privacy

2022/2023
Programme:
Computer Science and Mathematics, Second Cycle
Year:
1 in 2 year
Semester:
first
Kind:
optional
ECTS:
6
Language:
slovenian, english
Course director:

Denis Trček

Lecturer (contact person):

Denis Trček

Hours per week – 1. semester:
Lectures
3
Seminar
0
Tutorial
2
Lab
0
Prerequisites

There are no prerequisites.

Content (Syllabus outline)

Introduction.
Key standards and organizations (ISO, ITU-T, IETF, W3C, OASIS, OMA).
Security mechanisms, security services (principles and practical implementations of authentication, confidentiality, integrity, non-repudiation, access control, logging and alarming), public key infrastructure (time base, name space management, operational protocols), quantum computing basics (quantum key exchange).
Authentication, authorization and accounting infrastructure (principles, examples of standardized solutions like RADIUS and Diameter).
Security of physical and data layers (example protocols are WEP, WPA1 and WPA2).
Security of network, transport and application layers, including internet of things and clouds (example protocols are IPSec, TLS, S/MIME, SET, XMLSec, SAML, XACML, WS-*).
Formal methods (taxonomy of formal methods, examples like R. Rueppl's method, logic BAN).
Privacy management and privacy by design (sensor networks, RFID systems) with trust management and reputation management basics in services oriented architectures.
Secure programming (model checking).
Risk management in IS, organizational views and human factor views (security policies, human factor modelling and simulations).
Accreditation and auditing of IS related to security (ISO 2700X, CISSP), and standards for technical implementations of hardware and software components (Common Criteria).
Basic legislation in the area of IS security and privacy (EU directives, national implementations).
Comclusions.
Addendum: Mini practical tasks covering the latest selected technological issues.

Readings

D. Trček: Information Systems Security and Privacy, Springer, New York, Heidelberg, 2006.
D. Trček, Informacijska varnost in zasebnost, kopije prosojnic, FRI UL 2017/2018.

Objectives and competences

The goal of the course is to educate students to be able to actively provide security and privacy in contemporary information systems, be it as systems administrators, or developers of new solutions.
Categorized competences:

  • Developing skills in critical, analytical and synthetic thinking.
  • The ability to define, understand and solve creative professional challenges in computer and information science.
  • The ability of professional communication in the native language as well as a foreign language.
  • Compliance with security, functional, economic and environmental principles.
  • The ability to understand and apply computer and information science knowledge to other technical and relevant fields (economics, organisational science, fine arts, etc).
    -Practical knowledge and skills of computer hardware, software and information technology necessary for successful professional work in computer and information science.
Intended learning outcomes

After completing this course a student will:

-know and be familiar with principles for providing security and privacy in information systems,
-know and understand standard solutions in this area,
-be able to administer security and privacy of information systems,
-be able to develop simpler solutions in this domain,
-be qualified for internal security and privacy auditing,
-be able to define security policy.

Learning and teaching methods

Lectures, laboratory work (with practical prototype implementations), students’ presentations.
Attendance of laboratory work is mandatory (the exact percentage is announced at the beginning of a study year).
The lecturer may impose mandatory attendance of lectures.

Assessment

50% of the final grade is obtained on the basis of on-going laboratory work (home-works, quizzes, practical project implementations and presentations).
The other 50% is obtained on the basis of a written exam, or written and oral exam (the lecturer may decide that a coursework replaces the oral exam).
To be eligible for the written exam, a candidate must have successfully completed laboratory work, and fulfilled other obligations related to lecturing that the lecturer may have imposed. For successful completition of the course both grades have to be pos
grading: 5 (fail), 6-10 (pass) (according to the Statute of UL)

Lecturer's references

Nekaj najpomembnejših del:
Trček D, Wireless sensors grouping proofs for medical care and ambient assisted-living deployment, Sensors, vol. 16, no. 1, str. 1-12, 2016.
Trček D., Likar B., Driving information systems security through innovations : first indications, Cybernetics and systems, ISSN 0196-9722, 2014.
Trček D., Qualitative assessment dynamics : complementing trust methods for decision making, International journal of information technology &, decision making. vol. 13, no. 1, str. 155-173, 2014.
Trček D., Lightweight protocols and privacy for all-in-silicon objects, Ad hoc networks, ISSN 1570-8705, July 2013, vol. 11, no. 5, str. 1619-1628.
Trček D., Brodnik A., Hard and soft security provisioning for computationally weak pervasive computing systems in e-health, IEEE wireless communications, vol. 20, no. 4, 8 str., 2013.
Celotna bibliografija je dostopna na SICRISu:
The whole bibliography can be obtained at the below URL:
http://sicris.izum.si/search/rsr.aspx?lang=slv&,id=7226.