5027.10 - Information Security and Risk Analysis

5027.10

Information Security and Risk Analysis

7.5

High-school diploma with at least B-level in mathematics.

To investigate data security from the user-, technological- and organizational perspective. Basic concepts will be treated to learn how to identify risk, make risk analysis and perform protective measures to reduce the risks to an acceptable level. Also, historical and legal issues will be treated.

Overview and models: basic concepts, historical perspective, security models, guidelines for building security polices. Threats against information security: hacker attacs, viruses, masks, and trojans, data interceptions, data and sender modifications. Protection of data security: prevention, protection and updates, user rights control, cryptography, electronic signatures and authentication, firewalls and other tools. Interactions between humans, technology and organizations from a security perspective: laws and regulations, security from the user perspective, risk analysis, different tools and models for risk analysis, security policy, security plans in a company or organization, the ISO 27001 standard.

Remote education from Mid-Sweeden University

By the end of the course you should: - understand basic concepts and models within data security, - analyze possible threats against data security and physical infrastructure, - know which defence techniques are available and how to use them, - be able to use different security tools for defence and surveilence of data security - be able to perform both qualitative and quantitative analysis of data security, and - understand different methods and models for analysis of data security and for handling of security issues

Exercises (4.5 ECTS) and a project report (3 ECTS). Also, a 5 hour long written examination, which is voluntary, but is required in order to get the highest grades: B or A for the course. Otherwise, C is the maximum grade for the course. The exercises and the project report are required and count for the final grade for the course; if the student does not take the voluntary exam. If the student takes the exam, then the final outcome for the course may be raised, but not lowered.

External

P-

Ross J. Anderson, Security Engineering. A guide to Building Dependable Distributed Systems, Wiley & Sons, 2001 or newer edition. Thomas R. Peltier, Information Security Risk Analysis, 2005 or newer edition. Note: the 2001- and 2005-editions of these books, respectively, may be freely downloaded.

Hannes Gislason