Information systems security and privacy is one among key focuses in contemporary information systems, ranging from business environments, public environments to private environments, and even to the level of states security. Students will get a knowledge (theoretical and practically applicable) about security and privacy provisioning ranging from ordinary information systems to internet of things and cloud computing. The goal of the course is to provide students with appropriate knowledge to a such extent that they will be able to pursue careers as developers, system administrators, managers (like chief security officers) and consultants.
The course will start with an overview of historical development of this field and key standardization organizations and bodies (ISO, ITU-T, ANSI, IETF, W3C, OASIS, OMG,...). Next, risk management will be discussed, followed by security mechanisms and services (principles and practical applications). Next, public key infrastructure, privilege infrastructure and Authentication, Authorization and Accounting infrastructures will be covered (time base synchronization, Radius, etc.). Afterward, security will be covered along the IP stack, layer by layer, from physical to application layer (protocols will include WEP, WPA, WPA2, IPSec, TLS, S/MIME, SET, XMLSec, XAML, XACML, and WS-*). Development and verification of security and privacy systems strongly depends on formal methods, therefore hese methods will be presented with some key representatives (e.g., Rueppel's formal method). Last but not least, we will focus on specifics of cloud security, privacy in the Internet of things and digital currencies (BitCoin).
The main thread of this course will be complemented by hands-on laboratory works. But also lectures are going to be "refreshed" by including practical work on selected, special topics like security simulations, documents security within operational PKI, etc. This course assumes familiarity with the basics of Computer communications and / or Computer protocols courses, and Wireless mobile ommunications course, because it extends significantly the basics given in these courses. The course will be in English, while in case of only Slovene speaking students it may be conducted in Slovene.
- nosilec: Denis Trček
Probably one of the biggest charms of Computer Science is, that it appears so frequntly connected to other disciplines. Digital forensics is yet another of this areas. It is a branch of forensic science, which deals with acquisition and analysis of data related to digital equipment. The later are often connected to computer crime. The course is split into two parts. In the first one we will look into basics of digital forensics that need to be respected when performing forensic activity, that its outcomes are acceptable in the court of law. In the second, larger part, we will look at various operating systems and communication technologies. In detail, we will look at various technological procedures that are necessary to make collected data admissible in a court of law.
Student duties consists of assignments (quizes), two lab assignments where they simulate a criminal investigation, and an essay where they meet the most contemporary research in the area.
- nosilec: Andrej Brodnik
- nosilec: David Modic
Information/Computer
Security
describes
all
preventiv
measures,
procedures
and
means
to
ensure
access
to
Information
Systems
and
their contents
in
order
to
prevent
their
unauthorized
use.
Cryptography
provides
maximum
security
while
at
the
same
time
preserves
the flexibility of
digital media.
It
forms
the
foundation
of
Information
Society
(objectives:
privacy,
data
integrity,
digital
authentication/signatures, digital
cash,
and
other
cryptographic
protocols;
it
covers
Mathematics,
Computer
Science,
Electrical
Engineering,
Finances, Policy,
Defense,
etc.).
In this
course
will
cover
the
some basic of
Symmetric
Cryptography,
Public‐key
cryptography
(Asymmetric
Cryptography)
and Computer
and
Information
Security
.
- nosilec: Aleksandar Jurišić
- nosilec: Nikolaj Zimic