Lecturer(s)
|
|
Course content
|
- Risk analysis - IT Circuit Assurance Standards (Common Ciriteria) - Information security management standards (ISO 27000 family of standards) - Standards related to the provision of trust-building services in the EU common market (ETSI standards)
|
Learning activities and teaching methods
|
Monologic (reading, lecture, briefing), Dialogic (discussion, interview, brainstorming)
- Class attendance
- 30 hours per semester
- Preparation for exam
- 30 hours per semester
- Preparation for classes
- 15 hours per semester
|
Learning outcomes
|
The goal of the lecture is to make the student acquaint with implementation, enforceability and content of basic norms and standards in information security and cryptography. The emphasis will namely be given to the ISO standards and the standards used at evaluation of information security and ISMS implementation. The differences in procedures (testing, evaluation, certification, accreditation) to which these standards are linked, will be explained. The system of norms and standard will be explained (de facto and de iure), as well as their creation, acceptance and implementation, the way of the enforceability of appropriate norm and the relationship to the actual legal regulation. Mainly the development of norms and methodology will be discussed to be able to evaluate the security according to: TCSEC, ITSEC, CTPEC, CC, ISO15408, and FIPS-140. Final thematic packet will be dealing with the question of security specification of the product, especially of creation and audit of ISMS in compliance with the ISO 27001.
The student will gain a basic overview of standards in the field of information security. The elaboration of a risk analysis will be practically demonstrated.
|
Prerequisites
|
Ability to read Czech standards that are in English.
|
Assessment methods and criteria
|
Oral examination, Test
Basic knowledge of operating systems (eg in the scope of the course UAI / 684 Operating Systems I) and computer networks (eg in the scope of the course UAI / 699 Computer Networks I).
|
Recommended literature
|
-
- Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model.
-
- ETSI TR 119 000, Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview,.
-
- ETSI TR 119 100, Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation,.
|