Study:	Civil Law - 9. semester Commercial Law - 9. semester Constitutional-Administrative - 9. semester Criminal Law - 9. semester International Law - 9. semester The European Union Law - 9. semester
Code:	127646
ECTS:	4.0
Course coordinators:	prof. dr. sc. Dražen Dragičević
Lecturers:	izv. prof. dr. sc. Nina Gumzej - Lectures doc. dr. sc. Marko Jurić - Lectures doc. dr. sc. Tihomir Katulić - Lectures izv. prof. dr. sc. Hrvoje Lisičar - Lectures
Exam dates:	06. 07. 2020. 31. 08. 2020. 14. 09. 2020. Exam registration: Studomat

Literature:

Whitman, Michael E., Mattord, Herbert J; Principles of Information Security; Cengage Learning (2012)

Optional literature:

Kouns, B., Kouns J; The Chief Information Security Officer; IT Governance Publishing (2011) Serge Gutwirth, Yves Poullet, Paul de Hert; Data Protection in a Profiled World; Springer Science + Business Media (2010) David I. Bainbridge; Introduction to Information Technology Law; Pearson Education (2007) Direktiva 2013/40/EU Europskog Parlamenta i Vijeća od 12. kolovoza 2013. o napadima na informacijske sustave i o zamjeni Okvirne odluke Vijeća 2005/222/PUP; Zakon o elektroničkim komunikacijama (NN 73/08, 90/11); Zakon o zaštiti osobnih podataka (NN 103/03, 118/06, 41/08, 130/11); Kazneni zakon, glava XXV (NN 125/11, 144/12); Zakon o elektroničkoj trgovini (NN 173/03, 67/08, 36/09, 130/11); Zakon o informacijskoj sigurnosti (NN 79/07); Zakon o tajnosti podataka (NN 79/07, 86/12);

Description:

Definition of information security. Aspects of information security. Information security in the digital domain. - 2 hrs Information security in Croatian law. Confidentiality, integrity and availability of information systems and data. - 2 hrs Key concepts of information systems and access control. Cryptography and information systems. Biometrics. - 2 hr Vulnerabilities of information systems. Threats and attacks on information systems. - 2 hrs Security policy. Technological and organization aspects of managing access rights. Operating system and application protection from unauthorized access. - 2 hours Information Security Law - 4 hrs Data Confidentiality Law - 4 hrs Personal data protection Law - 2 hrs Institutional and regulatory framework of information security in the Republic of Croatia - 2 hrs Self-regulation. Information security standards overview. BS7799 standard. PCI DSS standards. - 4 hrs ISO 27000 family of information security standards. Basic tenets and concepts. - 2 hrs State information infrastructure - institutions and legal framework - 2 hrs

Cognitive Skills:

Knowledge and understanding

After successfully completing the course, students will be able to:

- define information security,

- indicate methods and approaches to protection of information systems and data,

- explain security risks in the environment of information technology,

- explain institutional and regulatory framework of information security,

- indicate legal solutions from domestic and comparative legislation.

Application

After successfully completing the course, students will be able to:

- apply legal regulations about information security,

- use acquired knowledge in order to provide a better interpretation of the data protection,

- conduct research about efficiency of protection of information security and application of legislative self-regulatory standards,

- use acquired knowledge to ensure a high level of security of business information systems

Analysis

After successfully completing the course, students will be able to:

- connect the influence of high technologies on information security,

- indicate vulnerabilities of information systems

- examine procedures within business environment which can lead to vulnerability

- indicate standards of information security

- analyse legislative framework of information security

- analyse self-regulatory and institutional framework of information security

Synthesis

After successfully completing the course, students will be able to:

- propose legislative solutions for the purpose of better regulation

- pšpropose application of individual methods to realise a higher level of security

- formulate security policy

- propose changes in the existing institutional framework

Evaluation

After successfully completing the course, students will be able to:

- examine procedures and manner of regulation of information security

- compare legal regulation of information security in the Republic of Croatia, EU and other legal orders

- compare the institutional framework

Practical and Generic Skills:

After successfully completing the course, students will be able to:

- publicly present learning outcomes

- express themselves in a clear, well structured text explaining their standpoints,

- develop communication skills.

- develop presentation skills

- develop the ability of data analysis

- develop the ability of finding and selecting relevant data

- develop the ability of team work

Matching Assessments to Learning Outcomes:

Oral examination will be used for testing learning ouitcomes.

Oral examination comprises testing of theoretical knowledge from the area of legal regulation of information security, knowledge about legal regulation and regulatory framework, understanding the work of institutions and bodies with regard to protection of information security, knowledge about the most important results of self-regulation, industrial standards of information security, the ostructure of state information infrastructure, the development, implementation and assessment of the information security policy.

Consultations schedule:

• prof. dr. sc. Dražen Dragičević :

  Sabbatical

  Location: Trg Republike Hrvatske 14, room 52
• izv. prof. dr. sc. Nina Gumzej :

  Fridays at 8 am

  Location: Ćirilometodska 4, room 55/II
• doc. dr. sc. Marko Jurić :

  Tuesdays, 9-10am, Dean's Office (TRH 14, first floor)

  Location: Ćirilometodska 4, room 55