MPŠ MP&Scaron MP&Scaron MP&Scaron Avtorji

Jožef Stefan
Postgraduate School

Jamova 39
SI-1000 Ljubljana

Phone: +386 1 477 31 00
Fax: +386 1 477 31 10


Course Description

Critical Information Infrastructure Protection


Information and Communication Technologies, second-level study programme


doc. dr. Rok Bojanc
prof. dr. Borka Jerman-Blažič


Objecitves of the subject is to assure that student who completes this course successfully will know and understand:
• An ability to analyse, synthesise and anticipate solutions and consequences
• To gain the mastery over research methods, procedures and processes, a development of the critical judgment
• An ability to apply the theory in to a practice
• An autonomy in the professional work
• Communicational-skills development; particularly in international environment

• Ethical reflection and obligation to a professional ethics
• Cooperativity, team work (in international environment)

This course prepares students to be able to:

• Understand and evaluate threats to critical information infrastructure
• Protect critical information infrastructure in compliance with world wide public policies and initiatives


Critical information infrastructure
Definition of basic concepts, information systems, security, dependability, common infrastructure and usage in critical sectors, interconnection and interdependencies, critical infrastructure stakeholders.

Threats to public and critical infrastructure information systems, critical information systems failures, threat sources and motivation, threat consequences, threat classification and mitigation.

Public policies and initiatives
History, critical sectors, Slovenia, European Union and world, legalization and regulation, early warning systems.

Information systems, security, safety, security architectures, services, mechanisms, design, control, management, maintenance, security standards; physical security.

Complex systems
Complex systems properties and models, approaches to risk, dependability and interconnection modelling and management, attack and system failure modelling.

Critical information infrastructure trends
New market sectors and technology, future protection trends, human and social aspects

Course literature:

Selected chapters from the following books:

• S. Das, K. Kant, N. Zhang, Handbook on Securing Cyber-Physical Critical Infrastructure, P.C Morgan Kaufmann, 2012. ISBN: 978-0-124-15815-3
• A. Wenger, V. Mauer, M. Dunn Cavelty, International CIIP Handbook: An Inventory and Analysis of National Protection Policies, Vol. I, II, 2006, ISSN: 1660-3222
• D. J. Landoll, The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments. Auerbach Publications, 2006. ISBN 978-1-439-82148-0.
• J. Lopez, R. Setola, S. Wolthusen, Critical Infrastructure Protection: Advances in Critical Infrastructure Protection: Information Infrastructure Models, Analysis, and Defense. Springer, 2012. ISBN: 978-3-642-28920-0
• P. Theron, S. Bologna, Critical Information Infrastructure Protection and Resilience in the ICT Sector Hardcover. IGI Global, 2013. ISBN: 978-1-466-62964-6
• J. R. Vacca, Cyber Security and IT Infrastructure Protection. Syngress, 2013. ISBN: 978-0-124-20047-0

Significant publications and references:

• R. Bojanc, B. Jerman-Blažič. A quantitative model for information-security risk management. Engineering management journal, vol. 25, no. 3, pp. 25-37, 2013.
• R. Bojanc, B. Mφrec, M. Tekavčič, B. Jerman-Blažič. Model določitve optimalnega obsega vlaganj v informacijsko varnost. IB revija, vol. 46, no. 3/4, pp. 53-61, 2012.
• R. Bojanc, B. Jerman-Blažič, M. Tekavčič. Managing the investment in information security technology by use of a quantitative modeling. Information processing & management, vol. 48, no. 6, pp. 1031-1052, 2012.
• R. Bojanc, B. Jerman-Blažič. Quantitative model for economic analyses of information security investment in an enterprise information system. Organizacija, vol. 45, no. 6, pp. 276-288, 2012.
• R. Bojanc, B. Jerman-Blažič. Towards a standard approach for quantifying an ICT security investment. Computer standards & interfaces, vol. 30, no. 4, pp. 216-222, 2008.


Exam (50%)
Oral defense of seminar work (50%)

Students obligations:

Seminar work and oral defense of seminar work.