Subject description
Basics of information security: structure and taxonomy according to international guidelines, standards. Types of intelligence with special emphasis on human-related resources.
Ethics and informal norms: organizational aspects, basic conditions for work according to the role. Data protection, safe disclosure, responsible behavior, normative aspects of work in the field of information security.
Psychological aspects of cyber security: psychology of security (classification of attackers and attack vectors, rationality justification); the basics of related psychological characteristics (self-control, premeditation, temporal effects, decision-making, rational choice theory, illusions of superiority, similarity, influence of authority, personality traits).
Human aspects by phases of attack: Recognizing threats, attacker mindset, rapid threat discovery based on mindset understanding. Preparation phase and intelligence gathering. Implementation stage (human perception of security, security budget, price of privacy, game theory and information security). Attack phase (social engineering, phishing, manipulation, deception). Post-mortem phase (stakeholder communication, communication with line managers, employees; responsible disclosure, cooperation strategies).
Cyber Crime and Criminal Law; hacking, identity theft and online fraud.
Basics of online legal transactions, legal aspects of digital financial services and e-commerce (including legal aspects of electronic signatures and certificates).
Privacy and data protection, relevant laws and regulations related to the collection, storage and use of personal data.
Cybersecurity management: policies and procedures to manage cybersecurity risks, such as incident response plans and compliance with industry standards and regulations.
Legal and regulatory issues related to cyber insurance (coverage limits and exclusions).
Information and information technology as an economic phenomenon: information as a public good, value of information; technology as tangible and intangible knowledge, distinctive attributes of information technology.
Economic aspects and analysis of harmful behavior.
Economic aspects of security deployment (cost-benefit analysis/incremental analysis, risk mitigation, operational risk).
Standards and organizations in the field of cyber security (global, EU, Slovenia).
Cyber security in the organization: role in business-information architecture, security policies, incident response, creating an incident response plan.
The subject is taught in programs
Objectives and competences
The aim of the course is to give the student a comprehensive overview of non-technical interdisciplinary aspects of cyber security: human-psychological, legal and economic. This course will enable students to become aware of the complexity of the field, understand legal and regulatory restrictions, and will provide them with basic frameworks for communicating with stakeholders, thus preparing them for challenges in both the business world and private life.
Teaching and learning methods
Lectures for theoretical aspects, classroom or laboratory work and teamwork for real-world use case scenarios and problem solving through project work. E-learning.
Expected study results
After successful completion of the course, students should be able to:
-
Have a basic understanding of the field and will be able to make informed decisions on the future role pursuit.
-
Recognizing Threat Models and recommend practical solutions.
-
Evaluate Threat models from technical, judicial, psychological and ethical perspective.
-
Knowing how to communicate about cybersecurity in a way that takes into account all of the stakeholders.
Basic sources and literature
- Mouton, F., Leenen, L., & Venter, H. S. (2016). Social engineering attack examples, templates and scenarios. Computers & Security, 59, 186-209. doi: http://dx.doi.org/10.1016/j.cose.2016.03.004
- Holt, Thomas J. in Kilger, Max. (2012). Examining Willingness to Attack Critical Infrastructure Online and Offline. Crime & Delinquency, 58(5), 798-822. doi: doi:10.1177/0011128712452963
- Kim, Won, Jeong, Ok-Ran, Kim, Chulyun in So, Jungmin. (2011). The Dark Side of the Internet: Attacks, Costs and Responses. Information Systems, 36(3), 675-705. doi: http://dx.doi.org/10.1016/j.is.2010.11.003
- Završnik, Aleš, Lutman, Karmen in dr. (2022). Information Technology Law in Slovenia.
- Juhart, Miha, Možina, Damjan in dr. (2016). Uvod v civilno pravo.
- Brumvield, C. & Haugli, B. (2022) Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework. Hoboken, NJ: John Wiley & Sons.
- Van der Wens, C. (2019) ISO 27001 Handbook: Implementing and Auditing an Information Security Management System in Small and Medium-Sized Businesses, Independently published.