Introduction to Information Security

Study:	Civil Law - 9. semester Commercial Law - 9. semester Constitutional-Administrative - 9. semester Criminal Law - 9. semester International Law - 9. semester The European Union Law - 9. semester
Code:	127646
ECTS:	4.0
Course coordinators:	izv. prof. dr. sc. Tihomir Katulić
Lecturers:	izv. prof. dr. sc. Nina Gumzej - Lectures izv. prof. dr. sc. Marko Jurić - Lectures izv. prof. dr. sc. Hrvoje Lisičar - Lectures
Exam dates:	20. 11. 2023. 29. 01. 2024. 12. 02. 2024. 15. 04. 2024. 10. 06. 2024. 24. 06. 2024. 08. 07. 2024. 26. 08. 2024. 09. 09. 2024. Exam registration: Studomat

Literature:
Whitman, Michael E., Mattord, Herbert J; Principles of Information Security; Cengage Learning (2012), str
Optional literature:
Kouns, B., Kouns J; The Chief Information Security Officer; IT Governance Publishing (2011), str Serge Gutwirth, Yves Poullet, Paul de Hert; Data Protection in a Profiled World; Springer Science Business Media (2010), str David I. Bainbridge; Introduction to Information Technology Law; Pearson Education (2007), str Direktiva 2013/40/EU Europskog Parlamenta i Vijeća od 12. kolovoza 2013. o napadima na informacijske sustave i o zamjeni Okvirne odluke Vijeća 2005/222/PUP; , str Zakon o elektroničkim komunikacijama (NN 73/08, 90/11); , str Zakon o zaštiti osobnih podataka (NN 103/03, 118/06, 41/08, 130/11); , str Kazneni zakon, glava XXV (NN 125/11, 144/12); , str Zakon o elektroničkoj trgovini (NN 173/03, 67/08, 36/09, 130/11); , str Zakon o informacijskoj sigurnosti (NN 79/07); , str Zakon o tajnosti podataka (NN 79/07, 86/12); , str

Description:

Definition of information security. Aspects of information security. Information security in the digital domain. - 2 hrs
Information security in Croatian law. Confidentiality, integrity and availability of information systems and data. - 2 hrs
Key concepts of information systems and access control. Cryptography and information systems. Biometrics. - 2 hr
Vulnerabilities of information systems. Threats and attacks on information systems. - 2 hrs
Security policy. Technological and organization aspects of managing access rights. Operating system and application protection from unauthorized access. - 2 hours
Information Security Law - 4 hrs
Data Confidentiality Law - 4 hrs
Personal data protection Law - 2 hrs
Institutional and regulatory framework of information security in the Republic of Croatia - 2 hrs
Self-regulation. Information security standards overview. BS7799 standard. PCI DSS standards. - 4 hrs
ISO 27000 family of information security standards. Basic tenets and concepts. - 2 hrs
State information infrastructure - institutions and legal framework - 2 hrs

Cognitive Skills:

Knowledge and understanding

After successfully completing the course, students will be able to:

- define information security,

- indicate methods and approaches to protection of information systems and data,

- explain security risks in the environment of information technology,

- explain institutional and regulatory framework of information security,

- indicate legal solutions from domestic and comparative legislation.

Application

After successfully completing the course, students will be able to:

- apply legal regulations about information security,

- use acquired knowledge in order to provide a better interpretation of the data protection,

- conduct research about efficiency of protection of information security and application of legislative self-regulatory standards,

- use acquired knowledge to ensure a high level of security of business information systems

Analysis

After successfully completing the course, students will be able to:

- connect the influence of high technologies on information security,

- indicate vulnerabilities of information systems

- examine procedures within business environment which can lead to vulnerability

- indicate standards of information security

- analyse legislative framework of information security

- analyse self-regulatory and institutional framework of information security

Synthesis

After successfully completing the course, students will be able to:

- propose legislative solutions for the purpose of better regulation

- pšpropose application of individual methods to realise a higher level of security

- formulate security policy

- propose changes in the existing institutional framework

Evaluation

After successfully completing the course, students will be able to:

- examine procedures and manner of regulation of information security

- compare legal regulation of information security in the Republic of Croatia, EU and other legal orders

- compare the institutional framework

Practical and Generic Skills:

After successfully completing the course, students will be able to:

- publicly present learning outcomes

- express themselves in a clear, well structured text explaining their standpoints,

- develop communication skills.

- develop presentation skills

- develop the ability of data analysis

- develop the ability of finding and selecting relevant data

- develop the ability of team work

Matching Assessments to Learning Outcomes:

Oral examination will be used for testing learning ouitcomes.

Oral examination comprises testing of theoretical knowledge from the area of legal regulation of information security, knowledge about legal regulation and regulatory framework, understanding the work of institutions and bodies with regard to protection of information security, knowledge about the most important results of self-regulation, industrial standards of information security, the ostructure of state information infrastructure, the development, implementation and assessment of the information security policy.

Consultations schedule:

izv. prof. dr. sc. Nina Gumzej:
Fridays at 8 am upon prior e-mail announcement
Location: Ćirilometodska 4, room 55/II
izv. prof. dr. sc. Marko Jurić:
Tuesdays, 9-10am
Location: Trg Republike Hrvatske 3, room 39

Lecturer	Consultations	Location
izv. prof. dr. sc. Nina Gumzej (Lectures)	Fridays at 8 am upon prior e-mail announcement	Ćirilometodska 4, room 55/II
izv. prof. dr. sc. Marko Jurić (Lectures)	Tuesdays, 9-10am	Trg Republike Hrvatske 3, room 39
izv. prof. dr. sc. Hrvoje Lisičar (Lectures)		Gundulićeva 10, room Gundulićeva 10, soba Gundulićeva 10, soba 7