Course: Management of Information Security (ČSN ISO 27001)

« Back
Course title Management of Information Security (ČSN ISO 27001)
Course code UAI/736
Organizational form of instruction Lecture
Level of course Bachelor
Year of study not specified
Frequency of the course In each academic year, in the summer semester.
Semester Summer
Number of ECTS credits 3
Language of instruction Czech
Status of course Compulsory
Form of instruction unspecified
Work placements unspecified
Recommended optional programme components None
Lecturer(s)
  • Novák Luděk, Ing. Ph.D.
Course content
- Risk analysis - IT Circuit Assurance Standards (Common Ciriteria) - Information security management standards (ISO 27000 family of standards) - Standards related to the provision of trust-building services in the EU common market (ETSI standards)

Learning activities and teaching methods
Monologic (reading, lecture, briefing), Dialogic (discussion, interview, brainstorming)
  • Class attendance - 30 hours per semester
  • Preparation for exam - 30 hours per semester
  • Preparation for classes - 15 hours per semester
Learning outcomes
The goal of the lecture is to make the student acquaint with implementation, enforceability and content of basic norms and standards in information security and cryptography. The emphasis will namely be given to the ISO standards and the standards used at evaluation of information security and ISMS implementation. The differences in procedures (testing, evaluation, certification, accreditation) to which these standards are linked, will be explained. The system of norms and standard will be explained (de facto and de iure), as well as their creation, acceptance and implementation, the way of the enforceability of appropriate norm and the relationship to the actual legal regulation. Mainly the development of norms and methodology will be discussed to be able to evaluate the security according to: TCSEC, ITSEC, CTPEC, CC, ISO15408, and FIPS-140. Final thematic packet will be dealing with the question of security specification of the product, especially of creation and audit of ISMS in compliance with the ISO 27001.
The student will gain a basic overview of standards in the field of information security. The elaboration of a risk analysis will be practically demonstrated.
Prerequisites
Ability to read Czech standards that are in English.

Assessment methods and criteria
Oral examination, Test

Basic knowledge of operating systems (eg in the scope of the course UAI / 684 Operating Systems I) and computer networks (eg in the scope of the course UAI / 699 Computer Networks I).
Recommended literature
  • - Common Criteria for Information Technology Security Evaluation, Part 1: Introduction and general model.
  • - ETSI TR 119 000, Electronic Signatures and Infrastructures (ESI); The framework for standardization of signatures: overview,.
  • - ETSI TR 119 100, Electronic Signatures and Infrastructures (ESI); Guidance on the use of standards for signature creation and validation,.


Study plans that include the course
Faculty Study plan (Version) Category of Branch/Specialization Recommended year of study Recommended semester
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: Summer
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: Summer
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: Summer
Faculty: Faculty of Science Study plan (Version): Applied Informatics (1) Category: Informatics courses - Recommended year of study:-, Recommended semester: Summer