BI425 – Information Security Management for Business
Master in Business Administration
Core Course
BI425 – Information Security Management for Business
Course Unit Code: BI425
Type Of Unit: Elective
Level of Course Unit: Second cycle
Year of Study: First/second year
Semester: On demand
Number of ECTS Credits: 6
Class Contact Hours: 28
Mode of Delivery
Face to Face
Prerequisites
None
Course Objectives
The aims of this course is to teach the students the fundamentals behind security engineering principles that underpin today’s cyber world. The course introduces the concepts and issues related to security of systems, data and infrastructures and presents the state-of-art techniques for mitigating cyber threats and ensuring compliance with regulations and policies. The course covers both technical, like cryptographic primitives and security designs, and managerial material that needed to be understood by a leader in an IT organization. Upon completion of this course, students will acquire the necessary understanding and critical thinking for assessing threats based on widely-used risk-assessment methodologies and being in position to lead the implementation of an Information Security Management System (ISMS) in their enterprise or organization.
Learning Outcomes
- Understand fundamental security notions such as confidentiality, integrity, availability, threat, vulnerability and risk.
- Acquire skills regarding applications of information security risk assessment on a given scenario for mitigating a threat and the implementation of security policies.
- Develop communication skills regarding communicating the results of a technical risk assessment analysis to the executive business team (CEO, CIO, CFO, COO).
- Understand notions underpinning digital infrastructures from a security point of view; authentication, fingerprinting, backup, passwords, security policies.
- Understand technical cryptographic primitives
and how they are combined to secure an
IT infrastructure; hash functions, encryption
algorithms, digital signatures,
message authentication codes, PKI. - Understanding the human-computer interaction and
its implications to today’s security. - Develop the appropriate knowledge and build
sufficient skills to provide leadership in the implementation
of an Information Security Management
System (ISMS) in an enterprise organization.
Course Content
Course Features
Planned learning activities and teaching methods
Lectures, group work, lab work, role playing, project-based learning, homework
Assessment methods and criteria
10% Class participation
30% Group assignment and presentation
60% In-class examination
Language of Instruction
English
Work Placement(s)
Not applicable
Readings
Required Reading:
1. Charles P. Pfleeger, Shari Lawrence Pfleeger and Jonathan Marguilies. Security in Computing. Prentice Hall (5th Edition), 2015.
Recommended Reading:
Textbooks
2. Bruce Schneier. Applied Cryptography: Protocols, Algorithms and Source Code in C. Wiley (2015 Special Edition), 2015.
3. Ross J. Anderson. Security Engineering: A Guide to Building Dependable Distributed Systems. Wiley (2nd Edition), 2008.
Research Articles
4. Stefan Bauer, Edward Bernroider and Katharina Chudzikowski. Prevention is better than cure! Designing information security awareness programs to overcome users’ non-compliance with information security policies in banks. Computers & Security, Jul2017, Vol. 68, p145-159, 2017.
5. Yan Chen, K. Ramamurth and Kuang-Wei Wen. Organizations’ Information Security Policy Compliance. Stick or Carrot Approach. Journal of Management Information Systems, Vol 29(3), 2012.
6. Adel Yazdanmehr and Jingguo Wang. Employees’ Information Security Policy Compliance: A norm activation Perspective. Decision Support Systems Vol 92, 2016.
English (UK) 
Ελληνικά