Zarządzanie bezpieczeństwem informacji (Information security management) | Faculty of Electronics, Telecommunications and Informatics at the Gdańsk University of Technology

Zarządzanie bezpieczeństwem informacji (Information security management)

The aim of the course is to develop an understanding of the requirements for securing information resources and to acquire knowledge of the basic principles, methods and techniques of risk analysis and information security management. 

The knowledge and skills acquired in this subject constitute the basis for formulating requirements for securing an IT system and for assessing its security in the broader context of the environment in which the system is operated.

Lecture

Scope of the subject:

• Information resources and their importance;
• The concept and scope of information security;
• Security and trust;
• Security and usability;
• Classification and labeling of information resources;
• Threat and vulnerability assessment;
• Risk assessment of information assets;
• Selection of security measures – information security management system;
• Selected risk analysis techniques – attack trees;
• ISO/IEC 27001:2013 standard – scope, requirements, conformity assessment;
• Privacy (concept, scope, regulations) and selected techniques for ensuring privacy;
• Relationships between the concepts of safety, security and privacy;
• Security threats to SCADA (Supervisory Control And Data Acquisition) systems.

Project

As part of the project, students work in groups. Each group completes two tasks. Task 1 involves applying an ISO/IEC 27001 compliance template to assess security management in a selected organization (using the PREMIS tool). Task 2 involves developing attack trees for selected information resources (using the ADTool tool).