MPŠ MP&Scaron MP&Scaron MP&Scaron Avtorji

Jožef Stefan
Postgraduate School

Jamova 39
SI-1000 Ljubljana

Phone: +386 1 477 31 00
Fax: +386 1 477 31 10


Course Description

Information Security and Risk Managment


Information and Communication Technologies, second-level study programme


doc. dr. Rok Bojanc
prof. dr. Borka Jerman-Blažič


Objecitves of the subject is to assure that student who completes this course successfully will know and understand:

• An ability to analyse, synthesise and anticipate solutions and consequences
• To gain the mastery over research methods, procedures and processes, a development of the critical judgment
• Ability to apply the theory in practice
• An autonomy in the professional work
• Communicational-skills development; particularly in international environment

• Ethical reflection and obligation to a professional ethics
• Cooperativity, team work (in international environment)

This course prepares students to be able to:

• Understand and capable to use optimal methods for selecting the optimal solution regarding protection of the information technology and business data in the enterprise or institution
• Prepare the basic organization scheme for information security provision


Business information and their protection
e-form and value

Management of the security risks
Security risks and threats, vulnerability of the assets, risk management

Investment in security measures and solutions
Type of security measures, technical, organizational, managerial, insurance based

Investment economy
Cost analysis, assessment of the return of investment

Optimal selection method for security investment
Practical exercise

Standards – System for information security provision

International and national regulation

Course literature:

Selected chapters from the following books:

• M. Peitz, J. Waldfogel, The Oxford Handbook of the Digital Economy, Oxford Press, 2012. ISBN 978-0-19-539784-0
• T. Moore, D. Pym, C. Ioannidis, Economics of Information Security and Privacy, Springer, 2010. ISBN 978-1-4419-6967-5
• R. Bojanc, B. Jerman-Blažič, M. Tekavčič, Informacijska varnost v podjetniškem okolju: potrebe, ukrepi in ekonomika vlaganj, Ekonomska fakulteta, 2014. VI, 168 str. ISBN 978-961-240-284-6
• B. Schneier, Data and Goliath - The Hidden Battles to Collect Your Data and Control Your World, W. W. Norton & Company, Inc., 2015. ISBN 978-0-393-24481-6

Significant publications and references:

• R. Bojanc, B. Jerman-Blažič. A quantitative model for information-security risk management. Engineering management journal, vol. 25, no. 3, pp. 25-37, 2013.
• R. Bojanc, B. Mφrec, M. Tekavčič, B. Jerman-Blažič. Model določitve optimalnega obsega vlaganj v informacijsko varnost. IB revija, vol. 46, no. 3/4, pp. 53-61, 2012.
• R. Bojanc, B. Jerman-Blažič, M. Tekavčič. Managing the investment in information security technology by use of a quantitative modeling. Information processing & management, vol. 48, no. 6, pp. 1031-1052, 2012.
• R. Bojanc, B. Jerman-Blažič. Quantitative model for economic analyses of information security investment in an enterprise information system. Organizacija, vol. 45, no. 6, pp. 276-288, 2012.
• R. Bojanc, B. Jerman-Blažič. Towards a standard approach for quantifying an ICT security investment. Computer standards & interfaces, vol. 30, no. 4, pp. 216-222, 2008.


Exam (50%)
Oral defense of seminar work (50%)

Students obligations:

Seminar work and oral defense of seminar work.