| Code | DE0753 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Name | Information Systems Security Engineering | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Status | Compulsory/Courses of Limited Choice; Courses of Free Choice | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Level and type | Post-graduate Studies, Academic | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Field of study | Computer Science | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Faculty | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Academic staff | Mārīte Kirikova, Arnis Staško, Raimundas Matulevičius | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Credit points | 6.0 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Parts | 1 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Annotation |
The study course introduces students to security risk management. It gives an opportunity to practice security modelling languages and models, analyse security threats and identify security requirements. It includes, also, the topics on security controls (role-based access control, introduction to cryptography), secure software processes, security patterns, and social engineering. The study course was prepared and is consulted by Professor Raimundas Matulevicius, University of Tartu, Estonia.. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Contents |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Goals and objectives of the course in terms of competences and skills |
The goal of the study course is to provide students with an overview of the principles of information systems security engineering. The tasks of the study course: 1. To develop student understanding of how to ensure confidentiality, integrity, and availability of secure assets. 2. To develop students understanding of how to engineer and model security requirements and how to use the major security controls, like role-based access control and the principles for the model driven security. 3. To develop student understanding of what are the principles of secure development processes and what the security patterns are. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Learning outcomes and assessment |
Is able, using appropriate technologies, to develop enterprise improvement strategies in the field of information security, to plan analysis and change management projects, and define requirements for new products and services. - Performed practical exercises; exam with theoretical and practical parts. Is able to identify causes and consequences of (lack of) system and software security. - Performed practical exercises; exam with theoretical and practical parts. Is able to use the most important techniques to prevent or reduce system and software security problems and to implement and discuss security requirements and security management. - Performed practical exercises; exam with theoretical and practical parts. Is able to apply advanced modelling techniques (notations, tools, and processes) to build secure systems and software. - Performed practical exercises. Is able to interpret business concepts of information security in computer science and ICT terms and vice versa. - Performed practical exercises. |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Evaluation criteria of study results |
Individual practical exercises - 23%
Group practical exercises - 29% Exam - 48% |
||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Course prerequisites | Computer network basics, database basics. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Course planning |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||