Course title, code: Introduction to Information System Security, GAINBAN-INFBIZAL-1
Students should get to know all security strategies for the protection of IT systems, from simple workstations to corporate systems.
1. The concept and content of IT security. ITB12, IBSZ, Security strategy. 2. Safety classes (A, F, K), nature and types of damage, damage value levels. Reliable operation, availability. 3. Identification techniques: means of identifying users (barcode, knowledge-based, property-based and biometrics). Importance of passwords, password selection problems, preventing password hacks. 4. Corporate security. Aspects of client and server side security, centralized management, data protection, and the design of server rooms. IDS systems. 5. Encryption, authentication. Cryptography, steganography. Historical overview (de Vigenére, Enigma). Symmetric key encryption. Asymmetric key encryption. Encryption methods in operating systems. 6. Test 1. 7. Human factor in IT security. Social Engineering. Security of local machines, PC protection options. Options for data destruction. 8. Description, types and categories of firewalls. Proxy operation and features. Access lists of corporate routers. IDS systems, Honeypots. 9. Role and description of ITIL, ISO certificate. Laws in IT. 10. Internet dangers. Forms and types of attack. What forms of attack can be directed at children. Defense options. 11. Worldwide IT security problems, viruses, hackers. 12. Test 2. 13. Make-up/correction Test.
Course content - seminars:
Knowledge:
- Knowledge of the principles and methods of natural sciences (mathematics, physics, other natural sciences) relevant to the field of IT.
- He/she knows the operations of hardware and software elements, the technology of their implementation, how to solve problems related to their operation and the possibilities of the interconnection of IT and other technical systems.
- He/she posesses a basic knowledge and engineering approach to signal processing, modelling, simulation and control of systems and networks.
- He/she knows the main programming paradigms, programming languages, development tools. His/her knowledge covers the modelling of IT systems, creation of database based systems, as well as the structure, operation and implementation of computer networks. His/her knowledge covers the characteristics of intelligent systems, the specificity of mobile application development, the management of state-of-the art general purpose operating systems, as well as the aspects of IT security.
- He/she is familiar with the important software development methodologies, and the notation systems for IT designs and documentation.
- He/she has basic data security skills.
- He knows the vocabulary and special terms of the engineering profession in the Hungarian and English languages at least on the basic level.
- He/she uses the principles and methods of natural sciences (mathematics, physics, other natural sciences) relevant to the field of information technology in his/her engineering work for the design of information systems.
- Using the knowledge gained from his/her studies, he/she will be able to install and configure computer and telecommunications networks, troubleshoot network faults, operate and upgrade networks.
- He/she is able to develop enterprise information systems and implement previous developments.
He/she can apply his/her knowledge acquired during his/her study to acquire deeper knowledge in the field of information engineering and to process special literature and solve problems related to information technology.
- He/she is able to fulfill analytical, specification, planning, development and operation tasks, in addition, he/she applies the development methodology, debugging, testing and quality assurance methods in his/her field.
- He/she cooperates with other computer science engineers, electrical engineers during team work, and with other experts during the analysis and solution of a problems.
- He/she constantly improves his/her knowledge and keeps up with the development of the computer engineering profession.
- He/she genuinely represents the professional principles of engineering and information technology fields.
- He/she aims to see through the entire engineering system not only his/her own field.
- He/she is open to get to know other fields which employ information technology tools, and open to work out information technology soultions in cooperation with the experts of other areas.
- He/she makes decisions with full respect for the law and ethical standards in decision-making situations requiring a complex approach.
- He/she understands and embraces the ethical principles and legal implications of his/her profession.
- He/she makes an effort to work efficiently and to high standards.
- He/she keeps in mind and ensures the security of his/her employees' and customers' data and information.
- He/she reveals the weaknesses of the technologies applied, risks of processes and initiates measures which reduce them.
- He/she has a security-conscious attitude in posession of his/her professional knowledge, and is aware of potential threats and opportunities for attack, as well as is prepared to prevent them.
Mid-term study requirements:
Writing 2 tests during the semester, followed by an oral exam during the exam period.
Exam requirements:
Conditions for admission to the exam: successful writing of closed papers (50% - 50 points). In the oral exam, the students choose one item from the material of the lectures.
In addition to the recommended literature, a lecture sketch (can be downloaded from the location provided by the instructor). Internet resources are available in the computer service room reserved for students.
[1] Steinberg Joseph: Cybersecurity All-In-One for Dummies, For Dummies, ISBN 9781394152858, 2023 [2] Pascal Ackerman: Industrial Cybersecurity, ISBN 1800202091, 2021 [3] Virgilio Viegas, Oben Kuyucu: IT Security Controls, ISBN 1484277988, 2022