Core Course
BAN631 – Information Security Strategy for Business
Course Unit Code: BAN631
Type Of Unit: Elective
Level of Course Unit: Graduate
Year of Study: 1
Semester: Semester 3
Number of ECTS Credits: 10
Class Contact Hours: 12
Mode of Delivery
Distance Learning
Prerequisites
None
Course Objectives
The aims of this course is to teach to the students the fundamentals behind security engineering and principles that underpin today’s cyber world. The course introduces the concepts and issues related to security of systems, data and infrastructures and present the state-of-art techniques and policies used to protect these assets.
The course covers both technical, like cryptographic primitives and security designs, and managerial material that needed to be understood by a leader in an IT organization. Topics include the historical overview of security, security issues and trends, the threat landscape, cryptographic primitives as used to ensure confidentiality and integrity and the role of policy, people and processes in information security.
Upon completion, students will acquire the necessary understanding and critical thinking for assessing threats involved to the cyber world and suggest appropriate countermeasures for both detection and prevention.
Learning Outcomes
1: Understanding of the fundamental security requirements such as confidentiality, integrity and availability.
2: Demonstrate understanding regarding how to perform a risk analysis assessment on a given scenario.
3: Critically assess of the appropriateness of the selection of countermeasures to a given set of IT and WEB related threats.
4: Analyze which cryptographic primitives to use in systems design for effectively securing an architecture.
5: Autonomously manage and take responsibility for conducting risk assessments
6: Autonomously manage and take responsibility for selecting controls after risk assessment.
7: Autonomously analyze and evaluate the security challenges and opportunities associated with modern Information Technology architectures.
8: Autonomously manage and take responsibility for implementing an Information.
Course Content
1st Week: Introduction to fundamental Security Principles
• Security requirements
• Confidentiality, Integrity, Availability
• Open Standards vs Security through Obscurity
• Threats, Vulnerabilities, Controls
2nd Week: Threat Landscape and Controls
• Social Engineering
• Malware
• Phishing and spear-phishing attacks
• Trojan Horses,
• DDos
• Controls by aim and by nature
3rd Week: Risk Analysis and Risk Treatment
• Asset based methodology
• Qualitative, Quantitative and Hybrid methods for computing Risk
• Risk Identification
• Risk Computation
• Risk mitigation
• Residuals Risks
4th Week: Risk Analysis and Risk Treatment (continued)
• Applying risk assessment across different scenarios
5th Week: Introduction to Cryptography & Cryptanalysis
• Introduction to definitions
• Cryptanalytic scenarios
• Attackers Modelling
• Early stage cryptography attempts: Ceasar Cipher, ROT13, Vigenere
6th Week: Cryptographic Design
• Design principles
• Introduction to modular arithmetic
7th Week: Cryptographic Primitives
• Encryption protocols
• Hash Functions
• Message Authentication Codes
• Digital Signatures
8th Week: Cryptographic Primitives (continued)
• RSA Algorithm
• ElGamal Algorithm
9th Week: Authentication Techniques
• Human Computer Interaction
• Cryptography for Authentication
• Passwords, Partial Passwords
• Biometrics
10th Week: Industrial standards for security: ISO/IEC 27001
• Standards description
• GDPR and regulatory requirements
• ISO/IEC 27001 mandatory requirements
11th Week: Industrial standards for security: ISO/IEC 27001 (continued)
• Plan-Do-Check-Act (PDCA) project methodology
• Scope Definition
• Statement of Applicability
12th Week: Industrial standards for security: ISO/IEC 27001 (continued)
• Gap Analysis
• ISO 27001/Annex A Controls
Course Features
Weekly self-assessment activities :
On a weekly basis, students will have the possibility to engage in self-assessment activities to judge their own level of understanding of the concepts covered so far. The weekly self-assessment activities provide immediate feedback.
Weekly interactive activities (20%)
Weekly interactive activities account for 20% of the grade, and will be graded almost instantly by the instructor with appropriate feedback.
Project (30%) :
Students will be provided with a real world project towards assessing and implementing an Information Security Strategy for a real Business.
Final Exam (50%)
Written final exam
English (UK) 
Ελληνικά