Courses – Fakultet tehničkih nauka u Novom Sadu

Subject: Information Security Management (19.SEM018)

Type of studies	Title
Master Academic Studies	Software Engineering and Information Technologies (Year: 1, Semester: Winter)

General information:

Category	Theoretical-methodological
Scientific or art field	Applied Computer Science and Informatics
ECTS	6

Students learn about the methods and techniques for the modeling and implementation of information security within the different systems.

After successfully completing the course the students are able to apply principles, methods and standards in the field of the information security. They are capable to implement information security management, security risk management, and to establish information security in organizations.

Introduction to information security management: definition, fields of interest, basic concepts, development of information security. Requisites for information security: threats to information security, attacks on information systems, business, professional and ethical reasons for defining information security, legal framework. Information security standards: ISO 27000. Organization of information security: internal organization, external organization, resource management, physical and logical security, security incidents, business continuity. Information security management system: the concept of information security management systems and information security management, the scope of the system, user identification and resources, system design, policies, standards, procedures. Security risk management: fundamentals of risk management, risk identification, risk assessment, risk reduction, risk avoidance, strategies for risk control. Information security implementation: technical and non-technical aspects of implementation, defining security requirements, implementation of information security management, information security analysis, monitoring and maintenance.

Lectures. Computer practice. Consultations. The examination is oral. The final grade is formed on the basis of achievement in the laboratory practice classes and oral examination.

Authors	Title	Year	Publisher	Language
Evan Wheeler	Security Risk Management Building an Information Security Risk Management Program from the Ground Up	2011	Elsevir	English
Dalziel, H.	Infosec Management Fundamentals	2015	Elsevier	English
Michael E. Whitman, Herbert J. Mattord	Principles of Information Security, Fourth Edition	2012	Course Technology, Cengage Learning	English
ISO/IEC 27000	Information technology — Security techniques — Information security management systems	2009	ISO	English
Gardner, B., Thomas, V.	Building an Information Security Awareness Program	2014	Elsevier	English
Ryan, M., Talabis, M., Jason, M.	Information Security Risk Assessment Toolkit	2013	Elsevier	English
Snedaker, S., Rima, Ch.	Business Continuity and Disaster Recovery Planning for IT Professionals	2014	Elsevier	English
Gantz, S.	The Basics of IT Audit	2014	Elsevier	English
Iannarelli, J., Shaughnessy, M.	Information Governance and Security	2015	Elsevier	English