Search
Nederlands
  Prospectuses 2012-2013
Radboud universityProspectusesFaculty of Science > Master Computing Science

Security in organisations 

Course ID
NWI-I00153
Credits
6
Scheduled
first semester
Introduction

Information security deals with the preservation of the confidentiality, integrity and availability of information. The leading standard on information security is ISO 27001 that defines the notion of a Information Security Management System (ISMS). This is a means for the management of an organization to be in control of the information security risks. Fundamental within ISO 27001 is that information security is considered to be a 'process' and not a 'product' one can simply buy. The process allows management to ensure that others within their organization are implementing security controls that are effective.

One of the difficulties of the information security process is its multidisciplinary nature: it needs to grasp security requirements from the organization business processes (where the managers typically are not savvy on information security) and to translate them to security controls. These controls can be of various types, including ICT technical or cryptographic.  Moreover, the process needs to check that the operational effectiveness of the chosen controls is satisfactory and to adapt the controls (or the surrounding framework leading to the controls) if required.

Within the course this process is explored both from a theoretical and a practical level never loosing sight of the computer science perspective. To this end the course also has several 'hands-on' exercises including conducting a Windows EDP audit, a network audit and a network penetration. The course provides the basic information on information security required  by the security officer of an organization, by IT security auditors and by IT security consultants. As information security is still a rapidly evolving topic (some might argue it is even still in its infancy) the course can also provide inspiration for further scientific research.
Objectives
  • Learn to control information security risks within an organization in an holistic fashion (procedural, organizational and technical).
  • Getting familiar with the leading standards in this area, their shortcomings and practical implementation guidelines.
  • To learn to map policies to technical countermeasures and vice versa.
  • To learn how to write and enforce security policies.
  • To learn some basic techniques in security auditing.
  • Getting an idea of the practical aspects of information security.
  • Getting inspiration for further scientific research.
Subjects
  • International standards for information security and risk management
  • Implementing information security and risk management
  • Risk analysis methods
  • Privacy
  • Electronic signatures (law, practice, technical)
  • EDP auditing
  • Secure development and aquisition of software
  • Business continuity management
  • Background in Security Technologies and the right time & place to use them
  • Security Architectures
  • Network and database security
  • Special topics: pseudonimization, phyiscal access control, digid, ideal
  • Future Trends (e.g., Cloud Computing, Smart Grid)
Study investment
  • 32 hrs lecture
  • 8 hrs personal study counseling
  • 32 hrs laboratory course
  • 96 hrs individual study period
Teaching methods

The course consists of 2 hours of lectures per week and there is a lab/exercise session of usually 2 hours per week; the later may vary depending on the topic taught that week. Much of the course will be case-study based. Except to be doing a lot of background reading using the reader.

Pre-requisites
The bachelor course Security.
Literature

This course has a reader.

Website
http://www.cs.ru.nl/~klaus/secorg/
Extra information

Related courses:

  • Software security
  • Network security
  • But also appropriate courses related to computers and law are an option.