INTRODUCTION TO INFORMATION SECURITY:
Introduction to Information Security
Chair of Legal Informatics
Introduction to Information Security
Study: Civil Law - 9. semester
Commercial Law - 9. semester
Constitutional-Administrative - 9. semester
Criminal Law - 9. semester
International Law - 9. semester
The European Union Law - 9. semester
Code: 127646
ECTS: 4.0
Course coordinators: prof. dr. sc. Dražen Dragičević
Lecturers: izv. prof. dr. sc. Nina Gumzej - Lectures
doc. dr. sc. Marko Jurić - Lectures
doc. dr. sc. Tihomir Katulić - Lectures
izv. prof. dr. sc. Hrvoje Lisičar - Lectures
Exam dates:
  • 20. 04. 2020.
  • 01. 06. 2020.
  • 15. 06. 2020.
  • 29. 06. 2020.
  • 31. 08. 2020.
  • 14. 09. 2020.
Exam registration: Studomat
Basic data
Introduction to Information Security Civil Law - 9. semester
Commercial Law - 9. semester
Constitutional-Administrative - 9. semester
Criminal Law - 9. semester
International Law - 9. semester
The European Union Law - 9. semester
4.0 127646
Lecturer in charge Consultations Location
prof. dr. sc. Dražen Dragičević

Sabbatical

Trg Republike Hrvatske 14, room 52
Lecturer Consultations Location
izv. prof. dr. sc. Nina Gumzej (Lectures)

Fridays at 8 am

Ćirilometodska 4, room 55/II
doc. dr. sc. Marko Jurić (Lectures)

Tuesdays, 9-10am, Dean's Office (TRH 14, first floor)

Ćirilometodska 4, room 55
doc. dr. sc. Tihomir Katulić (Lectures) Gundulićeva 10, room br. 7
izv. prof. dr. sc. Hrvoje Lisičar (Lectures) Gundulićeva 10, room Gundulićeva 10, soba Gundulićeva 10, soba 7
Literature
Whitman, Michael E., Mattord, Herbert J; Principles of Information Security; Cengage Learning (2012)
Kouns, B., Kouns J; The Chief Information Security Officer; IT Governance Publishing (2011)
Serge Gutwirth, Yves Poullet, Paul de Hert; Data Protection in a Profiled World; Springer Science + Business Media (2010)
David I. Bainbridge; Introduction to Information Technology Law; Pearson Education (2007)
Direktiva 2013/40/EU Europskog Parlamenta i Vijeća od 12. kolovoza 2013. o napadima na informacijske sustave i o zamjeni Okvirne odluke Vijeća 2005/222/PUP;
Zakon o elektroničkim komunikacijama (NN 73/08, 90/11);
Zakon o zaštiti osobnih podataka (NN 103/03, 118/06, 41/08, 130/11);
Kazneni zakon, glava XXV (NN 125/11, 144/12);
Zakon o elektroničkoj trgovini (NN 173/03, 67/08, 36/09, 130/11);
Zakon o informacijskoj sigurnosti (NN 79/07);
Zakon o tajnosti podataka (NN 79/07, 86/12);
Description
Definition of information security. Aspects of information security. Information security in the digital domain. - 2 hrs
Information security in Croatian law. Confidentiality, integrity and availability of information systems and data. - 2 hrs
Key concepts of information systems and access control. Cryptography and information systems. Biometrics. - 2 hr
Vulnerabilities of information systems. Threats and attacks on information systems. - 2 hrs
Security policy. Technological and organization aspects of managing access rights. Operating system and application protection from unauthorized access. - 2 hours
Information Security Law - 4 hrs
Data Confidentiality Law - 4 hrs
Personal data protection Law - 2 hrs
Institutional and regulatory framework of information security in the Republic of Croatia - 2 hrs
Self-regulation. Information security standards overview. BS7799 standard. PCI DSS standards. - 4 hrs
ISO 27000 family of information security standards. Basic tenets and concepts. - 2 hrs
State information infrastructure - institutions and legal framework - 2 hrs
Exam dates
20. 04. 2020.
01. 06. 2020.
15. 06. 2020.
29. 06. 2020.
31. 08. 2020.
14. 09. 2020.
Detailed data
Cognitive Skills:

Knowledge and understanding

After successfully completing the course, students will be able to:

- define information security,

- indicate methods and approaches to protection of information systems and data,

- explain security risks in the environment of information technology,

- explain institutional and regulatory framework of information security,

- indicate legal solutions from domestic and comparative legislation.

Application

After successfully completing the course, students will be able to:

- apply legal regulations about information security,

- use acquired knowledge in order to provide a better interpretation of the data protection,

- conduct research about efficiency of protection of information security and application of legislative self-regulatory standards,

- use acquired knowledge to ensure a high level of security of business information systems

Analysis

After successfully completing the course, students will be able to:

- connect the influence of high technologies on information security,

- indicate vulnerabilities of information systems

- examine procedures within business environment which can lead to vulnerability

- indicate standards of information security

- analyse legislative framework of information security

- analyse self-regulatory and institutional framework of information security

Synthesis

After successfully completing the course, students will be able to:

- propose legislative solutions for the purpose of better regulation

- pšpropose application of individual methods to realise a higher level of security

- formulate security policy

- propose changes in the existing institutional framework

Evaluation

After successfully completing the course, students will be able to:

- examine procedures and manner of regulation of information security

- compare legal regulation of information security in the Republic of Croatia, EU and other legal orders

- compare the institutional framework

Practical and Generic Skills:

After successfully completing the course, students will be able to:

- publicly present learning outcomes

- express themselves in a clear, well structured text explaining their standpoints,

- develop communication skills.

- develop presentation skills

- develop the ability of data analysis

- develop the ability of finding and selecting relevant data

- develop the ability of team work

Matching Assessments to Learning Outcomes:

Oral examination will be used for testing learning ouitcomes.

Oral examination comprises testing of theoretical knowledge from the area of legal regulation of information security, knowledge about legal regulation and regulatory framework, understanding the work of institutions and bodies with regard to protection of information security, knowledge about the most important results of self-regulation, industrial standards of information security, the ostructure of state information infrastructure, the development, implementation and assessment of the information security policy.