Course detail

IS/IT Security

FP-bezPAcad. year: 2026/2027

The course focuses on the following topics: information security and availability in IS, communication security, security strategy and security management.

Language of instruction

Czech

Number of ECTS credits

5

Mode of study

Not applicable.

Guarantor

doc. Ing. Vít Novotný, Ph.D.

Department

Institute of Informatics (ÚI)

Entry knowledge

Computer literacy, knowledge of operating systems, computer networks, cryptography.

Rules for evaluation and completion of the course

The course is concluded with a credit and an exam.

Requirements for credit: Participation in seminars, knowledge of the material covered and its practical application.

To be awarded credit, students must also:

- Pass a written test of 40 questions, at least 20 must be answered correctly, classification according to ECTS.

- Prepare a semester paper.

The work is classified according to ECTS The exam is oral, the student randomly selects 2 questions, has 20 minutes to prepare, then answers these questions orally. The final assessment according to ECTS is a weighted arithmetic average:

50% oral part

60% test

40% semester paper .

For ISP, the conditions are identical, except for any mandatory participation in classes. The deadlines for completing the course are agreed individually according to the conditions approved by ISP.Odeslat zpětnou 

Aims

The main objective of the course is to provide students with the necessary knowledge with respect to IS/IT security, to teach them how to apply the risk analysis as well as to design corporate safety strategy.
Students will gain a basic knowledge of information security - possible security threats, security measures.
After completing the course students will be able to classify assets, analyse security risks in IS / IT and to propose comprehensive solutions for their prevention, so as to create security company strategy and proposed safety management system of firm.

Study aids

The Information Security Management scripts are available in electronic form in the course literature

Standards of the 27000 series available electronically from the BUT library

Videos from lectures

Prerequisites and corequisites

Not applicable.

Basic literature

DOUCEK, P., L. NOVÁK, L. NEDOMOVÁ a V. SVATÁ. Řízení bezpečnosti informací. 2.vyd. Praha: Professional Publishing, 2011. 240 s. ISBN 978-80-7431-050-8 (CS)
KENYON, B.ISO 27001 controls – A guide to implementing and auditing. Second edition. ITGP, 2024. 249 s. ISBN13: 9781787784314 (EN)
ONDRÁK, V: Management informační bezpečnosti. Brno, 2021, Skriptum FP VUT – dostupné v elektronické podobě. (CS)
ONDRÁK, V., P. SEDLÁK, V. MAZÁLEK. Problematika ISMS v manažerské informatice. Brno: CERM. 2013, 378 s. ISBN 978-80-7204-872-4. (CS)
WHITMAN, M.E.Principles of Information Security.Cengage Learning, 2021. 752 s. ISBN: 9780357506431 (EN)

Recommended reading

ČSN EN ISO/IEC 27000. Informační technologie - Bezpečnostní techniky - Systémy řízení bezpečnosti informací - Přehled a slovník. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, 2020, 32 s. EAN 8596135100569. (CS)
ČSN EN ISO/IEC 27001. Informační bezpečnost, kybernetická bezpečnost a ochrana soukromí - Systémy managementu informační bezpečnosti - Požadavky. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, 2023, 24 s. EAN 8596135172801. (CS)
ČSN EN ISO/IEC 27005. Informační bezpečnost, kybernetická bezpečnost a ochrana soukromí - Pokyny pro management rizik informační bezpečnosti. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, 2023, 60 s. EAN 8596135180950. (CS)
ČSN ISO/IEC 27003. Informační technologie - Bezpečnostní techniky - Systémy řízení bezpečnosti informací - Pokyny. Praha: Úřad pro technickou normalizaci, metrologii a státní zkušebnictví, 2018, 44 s. EAN 8596135039203. (CS)
USA National Security Agency; Network Infrastructure Security Guide (Cybersecurity Technical Report), U/OO/118623-22PP-22-0293, Version 1.2. National Security Agency, Cybersecurity Directorate, 2023, dostupné na https://media.defense.gov/2022/Jun/15/2003018261/-1/-1/0/CTR_NSA_NETWORK_INFRASTRUCTURE_SECURITY_GUIDE_20220615.PDF (EN)

Classification of course in study plans

  • Programme BAK-MIn Bachelor's 2 year of study, summer semester, compulsory-optional

Type of course unit

 

Lecture

26 hours, optionally

Teacher / Lecturer

doc. Ing. Vít Novotný, Ph.D.

Syllabus

  1. Introduction to information security
  2. Basic principles and objectives of IS/IT security
  3. Identification of assets and their owners
  4. Vulnerabilities and their management
  5. Security threats and their development
  6. Security events and incidents
  7. Analysis and management of security risks
  8. Security measures and their implementation
  9. Security management and governance
  10. Information security strategy and planning
  11. Operation of an information security management system (ISMS)
  12. Training, awareness and security culture
  13. Compliance with legislation and standards

Exercise

13 hours, compulsory

Teacher / Lecturer

doc. Ing. Vít Novotný, Ph.D.

Syllabus

  1. Asset Analysis and Information Classification
  2. Threat, Vulnerability and Risk Identification
  3. Security Incident Recognition and Response
  4. Security Policy and Policy Design
  5. ISMS Operation and Improvement (PDCA Cycle)
  6. Security Strategy and BCP/DRP Development
  7. Case Study: Compliance with Standard or Legislation

Learning outcomes:

  • Professional knowledge
    • By completing these 7 topics of exercises, the student will gain practical knowledge in the field of asset identification, risk analysis and creation of security measures. They will learn to recognize and resolve security incidents, compile a business continuity plan and apply security standards in real situations. They will also gain an overview of ISMS operation and requirements for compliance with standards and legislation.
  • Professional skills
    • The student will acquire skills in practical identification and classification of assets, evaluation of security threats and conducting risk analysis. They will learn to design and implement security measures, respond to incidents and create basic security documentation and strategies. They will gain the ability to apply theoretical knowledge to real scenarios and effectively manage operational and crisis situations in the field of information security.
  • Professional skills
    • The student will gain the ability to independently analyze the security environment of the organization and propose adequate solutions based on identified risks. They will be able to practically apply the principles of information security management, including incident response, business continuity planning and ensuring compliance with standards.

Self-study

45 hours, optionally

Teacher / Lecturer

doc. Ing. Vít Novotný, Ph.D.

Individual preparation for an ending of the course

55 hours, optionally

Teacher / Lecturer

doc. Ing. Vít Novotný, Ph.D.