- Ending: Examination
Teachers
Included in study programs
Teaching results
After completing this course, students will gain:
Knowledge
A. To understand the fundamental concepts of cybersecurity.
B. To discuss information and application security, encryption, cryptography, and various types of attacks on information assets and computer networks.
C. To understand the use and creation of electronic and digital signatures as part of the digital transformation of society.
D. To know current trends in cybersecurity, including developments related to the deep web and blockchain technologies.
E. To understand information system security standards, especially ISO standards, and the legislation related to cybersecurity.
Skills
F. To identify, understand, and evaluate the need for information protection within an organisation and to apply appropriate security measures.
G. To analytically examine the design and implementation of security mechanisms in information systems.
B. To assess potential security risks, their impacts, and suitable preventive and technical solutions.
Competentness
A. To independently navigate cybersecurity topics in the context of enterprise information systems.
C. To apply electronic and digital signatures in practice and understand their legal and technical implications.
D. To monitor emerging security threats and trends—including deep web and blockchain—and evaluate their relevance for practice.
E. To implement and interpret the requirements of information security standards (ISO) and national cybersecurity legislation.
G. To evaluate the appropriateness and effectiveness of implemented security measures and prepare recommendations for improving IS security.
Indicative content
1. Basic concepts of information security, its importance in practice, the consequences of information security negligence in organizations. Information security management.
2. Information assets, their attributes.
3. Authentication and identification, authentication and identification systems, biometric systems.
4. Threats, incidents and classification of computer malware.
5. Intentional and unintentional attacks, attack life cycle, consequences of incidents
6. Characteristics and types of intentional attacks
7. Basics of cryptography (symmetric and asymmetric encryption)
8. Different types of virus protection, their quality and use for computers and mobile devices.
9. Electronic signature, certification authorities and importance in practice
10. Security policies and standards (ISO), security plans and their preparation
11. Criteria of security assessment, risk analysis and self-assessment of IT security in the company, security models.
12. Work in teams on case studies how to design a security plan
13. Analysis of IT security at the university and design of innovations in IT security at the university
Support literature
1. Anderson, R. (2020). Security engineering: A guide to building dependable distributed systems (3rd ed.). Wiley.
2. Bishop, M. (2019). Computer security: Art and science (2nd ed.). Addison-Wesley.
3. Janošcová, R. (n.d.). Princípy informačnej bezpečnosti. https://ics.upjs.sk/~jirasek/ops/Janoscova.pdf
4. Katz, J., & Lindell, Y. (2022). Introduction to modern cryptography (3rd ed.). Chapman & Hall/CRC Press.
5. Levický, D. (2018). Aplikovaná kryptografia. Elfa.
6. Pfleeger, C. P., Pfleeger, S. L., & Margulies, J. (2022). Security in computing (6th ed.). Pearson.
7. Rakovská, E. (n.d.). Ochrana a bezpečnosť IS [Elektronický kurz]. Ekonomická univerzita v Bratislave. https://moodle.euba.sk/course/view.php?id=161
8. Stallings, W. (2023). Cryptography and network security: Principles and practice (8th ed.). Pearson.
9. Stallings, W., & Brown, L. (2021). Computer security: Principles and practice (5th ed.). Pearson.
10. Zetter, K. (2024). Hacks, leaks, and cyberattacks: Understanding today's cybersecurity threats. Basic Books.
Syllabus
1. Basic concepts of information security, its importance in practice, and the consequences of neglecting security in organisations. Information security management. Explanation of core concepts such as the CIA triad, assets, threats and risk. Discussion of the impact of security failures on operations and reputation. Introduction to Information Security Management Systems (ISMS). 2. Information assets and their attributes. Definition of information assets, including physical, logical and human assets. Attributes such as value, sensitivity, availability and criticality for organisational functioning. 3. Authentication and identification; authentication and identification systems; biometric systems. Overview of identity verification methods, multi-factor authentication, passwords, tokens and certificates. Characteristics and security properties of biometric technologies. 4. Threats, incidents and classification of computer malware. Types of threats and malware categories (viruses, worms, ransomware, spyware). Methods for detecting and managing security incidents. 5. Intentional and unintentional attacks; attack life cycle; consequences of incidents. Phases of an attack from reconnaissance to data exfiltration. Distinction between technical and social attacks. Analysis of operational and organisational impacts. 6. Characteristics and types of intentional attacks. Typical attack scenarios such as phishing, DDoS, SQL injection, man-in-the-middle and privilege escalation. Attacker motivations and detection approaches. 7. Fundamentals of cryptography (symmetric and asymmetric encryption). Principles of key-based cryptography, hashing and digital certificates. Overview of modern algorithms and their practical applications. 8. Types of antivirus protection, their quality and use for computers and mobile devices. Comparison of signature-based, heuristic and behavioural detection. Endpoint protection across platforms and evaluation of their effectiveness. 9. Electronic signature, certification authorities, and their importance in practice. Legal and technical aspects of electronic signatures. The role of Certification Authorities, qualified certificates and their use in digital communication. 10. Security policies and standards (ISO); security plans and their preparation. Development of security documentation and policies. Overview of ISO/IEC 27000 standards and requirements arising from cybersecurity legislation. 11. Criteria for evaluating security; risk analysis and self-assessment in organisations; security models. Fundamental methods for risk management, vulnerability assessment and security maturity models. Procedures for internal audits. 12. Teamwork on case studies: how to design a security plan. Team-based threat analysis, proposal of security controls, and documenting a practical security plan. Assessment of feasibility and organisational impact. 13. Analysis of IT security at the university and proposals for improving IT security. Audit of the existing security infrastructure, identification of deficiencies and weaknesses. Development of recommendations and innovative security improvements.
Requirements to complete the course
Prerequisites:
- final exam - written form, 60% (passing the exam means obtaining a minimum of 51% of the exam grade). The exam consists of two parts: verification of theoretical knowledge (test with different types of questions). The theoretical part verifies the level of learning outcomes A., B, C, D, E.
Exercises:
- independent work and intermediate tests 20%,
- elaboration and presentation of the seminar topic in teams 20%
The following learning outcomes are developed and assessed through the assessment of independent work and the assessment of work in teams: D., E., F., G.
Student workload
Total study load (in hours):
3 credits x 26 hours= 78 hours
Study load distribution:
Seminar participation: 26 hours
Preparation for seminars: 8 hours
Project preparation: 10 hours
Preparation for the final exam: 34 hours
Language whose command is required to complete the course
slovak
Date of approval: 03.04.2024
Date of the latest change: 03.04.2024