Učni načrt predmeta

Predmet:
Informacijska varnost in ekonomija tveganj
Course:
Information Security and Risk Managment
Študijski program in stopnja /
Study programme and level		 Študijska smer /
Study field		 Letnik /
Academic year		 Semester /
Semester
Informacijske in komunikacijske tehnologije, 2. stopnja Napredne internetne tehnologije 1 2
Information and Communication Technologies, 2nd cycle Advanced Internet Technologies 1 2
Vrsta predmeta / Course type
Izbirni / Elective
Univerzitetna koda predmeta / University course code:
IKT2-659
Predavanja
Lectures		 Seminar
Seminar		 Vaje
Tutorial		 Klinične vaje
work		 Druge oblike
študija		 Samost. delo
Individ. work		 ECTS
15 15 15 105 5

*Navedena porazdelitev ur velja, če je vpisanih vsaj 15 študentov. Drugače se obseg izvedbe kontaktnih ur sorazmerno zmanjša in prenese v samostojno delo. / This distribution of hours is valid if at least 15 students are enrolled. Otherwise the contact hours are linearly reduced and transfered to individual work.

Nosilec predmeta / Course leader:
doc. dr. Tomaž Klobučar
Sodelavci / Lecturers:
prof. dr. Borka Jerman-Blažič
Jeziki / Languages:
Predavanja / Lectures:
slovenščina, angleščina / Slovenian, English
Vaje / Tutorial:
Pogoji za vključitev v delo oz. za opravljanje študijskih obveznosti:
Prerequisites:

Zaključen študijski program prve stopnje s področja naravoslovja, tehnike ali računalništva.

Student must complete first-cycle study programmes in natural sciences, technical disciplines or computer science.

Vsebina:
Content (Syllabus outline):

Poslovne informacije in njihovo varovanje:
e-oblika in vrednost poslovnih informacij

Ravnanje z varnostnimi tveganji:
varnostna tveganja in grožnje, ranljivost sredstev, obvladovanje tveganj

Investicije v varnostne ukrepe in rešitve:
vrste varnostnih ukrepov, tehnične, organizacijske, upravljavske, zavarovalniške

Ekonomika vlaganj:
analiza stroškov, ocene o donosnosti vlaganj

Postopek izbire optimalne rešitve:
praktična uporaba metode izbire

Standardi in sistemi ravnanja z informacijsko varnostjo

Slovenska in mednarodna regulativa

Business information and their protection:
e-form and value

Management of the security risks:
security risks and threats, vulnerability of the assets, risk management

Investment in security measures and solutions:
type of security measures, technical, organizational, managerial, insurance based

Investment economy:
cost analysis, assessment of the return of investment

Optimal selection method for security investment:
practical exercise

Standards – System for information security provision

International and national regulation

Temeljna literatura in viri / Readings:

Izbrana poglavja iz naslednjih knjig: / Selected chapters from the following books:
- W. Stallings, L. Brown, Computer Security – Principles and Practice, Pearson Global Edition, 2018.
- T. Moore, D. Pym, C. Ioannidis, Economics of Information Security and Privacy, Springer, 2010.
ISBN 978-1-4419-6967-5
- R. Bojanc, B. Jerman-Blažič, M. Tekavčič, Informacijska varnost v podjetniškem okolju: potrebe, ukrepi in ekonomika vlaganj, Ekonomska fakulteta, 2014. VI, 168 str. ISBN 978-961-240-284-6
- B. Schneier, Data and Goliath - The Hidden Battles to Collect Your Data and Control Your World, W. W. Norton & Company, Inc., 2015. ISBN 978-0-393-24481-6

Cilji in kompetence:
Objectives and competences:

Cilji predmeta so zagotoviti, da bo študent, ki bo uspešno končal ta predmet, pridobil:
- Sposobnost analize, sinteze in predvidevanja rešitev ter posledic
- Obvladanje raziskovalnih metod, postopkov in procesov, razvoj kritične in samokritične presoje
- Sposobnost uporabe znanja v praksi
- Avtonomnost v strokovnem delu
- Razvoj komunikacijskih sposobnosti in spretnosti, posebej komunikacije v mednarodnem okolju
- Etična refleksija in zavezanost profesionalni etiki
- Kooperativnost, delo v skupini (in v mednarodnem okolju)

Predmet pripravlja študente, da bodo sposobni:
- Razumeti in uporabiti metode za izbiro optimalnih rešitev za informacijska tveganja
- Postaviti sistem varovanja informacij v podjetju ali organizaciji

Objecitves of the course are to assure that student who completes this course successfully will acquire:
- An ability to analyse, synthesise and anticipate solutions and consequences
- To gain the mastery over research methods, procedures and processes, a development of the critical judgment
- Ability to apply the theory in practice
- An autonomy in the professional work
- Communicational-skills development; particularly in international environment
- Ethical reflection and obligation to a professional ethics
- Cooperativity, team work (in international environment)

This course prepares students to be able to:
- Understand and capable to use optimal methods for selecting the optimal solution regarding protection of the information technology and business data in the enterprise or institution
- Prepare the basic organization scheme for information security provision

Predvideni študijski rezultati:
Intendeded learning outcomes:

Študent bo znal izbrati ter uporabiti pristope in metodologije za oceno tveganja in rešitve za zagotovitev sistema informacijske varnosti.

The student will be capable to select and use methodologies for addressing and managing the risks and to provide the solution for setting the system of information security.

Metode poučevanja in učenja:
Learning and teaching methods:

Predavanja, seminar, konzultacije, individualno delo

Lectures, seminar, consultancy, individual work

Načini ocenjevanja:
Delež v % / Weight in %
Assesment:
Pisni ali ustni izpit
50
Written or oral exam
Seminarska naloga
25
Seminar work
Ustni zagovor seminarske naloge
25
Oral defence of seminar work
Reference nosilca / Lecturer's references:
1. R. Kaur, D. Gabrijelčič, T. Klobučar, "Artificial intelligence for cybersecurity: literature review and future research directions", Information fusion. [Online ed.]. Sep. 2023, vol. 97, [article no.] 101804, str. 1-29.
2. T. Klobučar, R. Kaur, D. Gabrijelčič, "Umetna inteligenca za kibernetsko varnost", v: M. Holbl (ur.). Soustvarjamo digitrajno Slovenijo: zbornik: 30. konferenca Dnevi slovenske informatike. 1. izd. Ljubljana: Slovensko društvo Informatika, 2023. Str. [1-10], ilustr. ISBN 978-961-6165-60-0.
3. R. Kaur, D. Gabrijelčič, T. Klobučar, "Churn handling strategies to support dependable and survivable structured overlay networks", IETE Technical Review. 2022, vol. 39, no. 1, str. 179-195.
4. R. Kaur, T. Klobučar, D. Gabrijelčič, "Privacy in online social networks: threat analysis and countermeasures", v: M. M. Cruz-Cunha (ur.), N. R. Mateus-Coelho (ur.). Handbook of research on cyber crime and information privacy. Hershey: IGI Global, 2021. Str. 567-598. ISBN 978-1-79985-729-7, ISBN 1-79985-729-8.
5. B. Jerman-Blažič, T. Klobučar, "A new legal framework for cross-border data collection in crime investigation amongst selected european countries", International journal of cyber criminology. 2019, vol. 13, no. 2, str. 270-289.