SylabUZ
| Course name | Information systems security |
| Course ID | 11.3-WE-BizElP-BezpElektron-Er |
| Faculty | Faculty of Computer Science, Electrical Engineering and Automatics |
| Field of study | E-business |
| Education profile | practical |
| Level of studies | First-cycle Erasmus programme |
| Beginning semester | winter term 2019/2020 |
| Semester | 5 |
| ECTS credits to win | 4 |
| Course type | obligatory |
| Teaching language | english |
| Author of syllabus |
|
| The class form | Hours per semester (full-time) | Hours per week (full-time) | Hours per semester (part-time) | Hours per week (part-time) | Form of assignment |
| Lecture | 30 | 2 | - | - | Credit with grade |
| Laboratory | 15 | 1 | - | - | Credit with grade |
To familiarize students with issues related to the security of digital data and the use of the Internet to conduct secure transactions. Presentation of security mechanisms and threats on the Internet. Teaching and practice of using so-called good security practices. Developing skills in recognizing Internet threats. Presentation of examples of mechanisms securing transactions concluded using the Internet.
Knowledge of technical aspects of the Internet.
Personal computer security. Malware types, its distribution mechanisms and ways to protect against it. Security of MS Windows and Linux systems. System updates. Anti-virus software. Software firewalls. Backups.
Basics of cryptographic data protection. Symmetrical and asymmetrical algorithms. Hash functions. Applications of cryptographic algorithms in business practice. Cryptanalysis.
Controlling access to protected data. Authentication and authorization methods. Protection mechanisms for sensitive data storage. Estimating password strength and power of mechanisms securing access to data. Intrusion into systems - recognition and prevention. Potential consequences of theft of digital data.
Theft of personal data. Phishing and protection against it.
Threats to ICT systems. DoS and DDoS attacks. Data transmission protection. VPN networks. Man in the Middle and spoofing attacks - recognition and defence. Other types of attacks (e.g., SQL injection, XSS scripting). Ensuring electronic security with hardware solutions (role of hardware firewalls, IDS/IPS mechanisms, VPN hubs, routers with integrated services).
Security of mobile devices. Best practices for the safe use of smartphones, tablets, notebooks. The security of transactions using pay cards like MasterCard, Visa (incl. wireless cards e.g., PayPass, Visa PayWave). Security mechanisms of popular systems for mobile devices (Android, IOS, Windows).
Digital signature. Signature submission and verification. Law basics regarding electronic signature. Additional services (time stamping, multiple signature, etc.). Qualified signature. Handling certificates.
Secure transactions. SSL protocol. Authorization based on certificates. Threats related to the use of certificates.
Law basics regarding security of data (incl. personal data). The application of law in the context of the security of e-commerce systems. Comparison of Polish regulations with the EU legislation.
Mechanisms for securing internet transactions on selected examples: electronic banking - access to bank accounts, performing banking operations; electronic stores; Polish government systems: tax offices, e-court, electronic offices, etc.
Review of commercial solutions ensuring electronic security of devices and cloud data processing (e.g., IBM Rational AppScan, IBM Tivoli, CISCO Secure Borderless Network).
Lecture - conventional lecture (with the use of video projector).
Laboratory - practical laboratory exercises.
| Outcome description | Outcome symbols | Methods of verification | The class form |
Lecture – the passing condition is to obtain a positive mark from the final (written or oral) test.
Laboratory – the passing condition is to obtain positive marks from all laboratory exercises being planned during the semester.
Calculation of the final grade: lecture 50% + laboratory 50%
1. Lukatsky, A., Protect Your Information with Intrusion Detection, Helion, 2004.
2. Stallings, W., Cryptography and Network Security: Principles and Practice 5th Edition, Helion, 2012.
3. Lehtinen, R., i in., Computer Security Basics, Helion (O’Reilly), 2007.
4. Russell, R., i in., Stealing the Network: How to Own the Box, Helion, 2004.
1. Mercer, D., Building Online Stores With Oscommerce: Professional Edition, Helion 2007.
2. Kępa, L., Tomasik, P., Dobrzyński, S., Security of the e-commerce system - how to run a business online without risk (in Polish: Bezpieczeństwo systemu e-commerce, czyli jak bez ryzyka prowadzić biznes w internecie), Helion, 2007.
3. Garfinkel, S., Spafford, G., Web Security, Privacy & Commerce. 2nd Edition, Helion, 2001.
Modified by dr inż. Grzegorz Bazydło (last modification: 07-12-2019 18:03)
