Information Systems Security Management
Conceptual foundation: assets, threats, vulnerabilities, risk, availability, integrity, confidentiality. Managing information security in the digital era. Information security governance frameworks for organizations: ISO 27001, COBIT and other security standards (ISO 27002, ISO 27005). Information security risk assessment and management: information security requirements, risk analysis methods (OCTAVE, CRAMM, SBA scenario). Information security countermeasures: security policies and regulations, access control and authentication policies, advanced authorization policies, network security policies. Users‘ compliance with information security policies: relevant research and non-compliance factors, social engineering, personal internet use at workplace, passwords‘ behavior. Business continuity management, IT disaster recovery planning. Personal data protection directives and regulation
| Code | Semester | Type | Hours | Labs | ECTS | ΗΥ360 | 8 | Compulsory I.S | 4 | 5 |
|---|
Bibliography:
- “Διαχείριση Ασφάλειας Πληροφοριών, Σωκράτης Κάτσικας”eudoxus link
- “Ασφάλεια Πληροφοριακών Συστημάτων, Σωκτ. Κάτσικας - Δ. Γκρίτζαλης - Στεφ. Γκρίτζαλης”eudoxus link