Home/ Majors directory/Cybersecurity/Information Security Management
Information Security Management
Major: Cybersecurity
Code of subject: 6.125.00.O.103
Credits: 4.00
Department: Information Security
Lecturer: Professor Romaka Volodymyr Afanasiiovych
Semester: 8 семестр
Mode of study: денна
Learning outcomes: ZN 3. Use the results of independent search, analysis and synthesis of information from various sources to effectively solve specialized problems of professional activity.
ZN 4. Analyze, argue, make decisions in solving complex specialized problems and practical problems in professional activities, which are characterized by complexity and incomplete definition of conditions, be responsible for decisions
ZN 7. Act on the basis of the legislative and regulatory framework of Ukraine and the requirements of relevant standards, including international in the field of information and / or cybersecurity
ZN 8. Prepare proposals for regulations to ensure information and / or cybersecurity
ZN 9. Implement processes based on national and international standards, identification, analysis and response to information and / or cybersecurity incidents.
ZN 3.8. Solve the problems of ensuring the continuity of business processes of the organization on the basis of risk theory and established information security management system, in accordance with domestic and international requirements and standards.
Required prior and related subjects: Regulatory and legal support.
Information and cyber security standards and policies.
Risk theory.
Emergency planning and recovery of information systems.
Summary of the subject: As a result of teaching the discipline, students develop an understanding of the role of improving the efficiency of business processes by detecting and eliminating cybersecurity incidents.
This discipline generates the necessary knowledge for students to effectively build security policy, as well as prompt response to cybersecurity incidents. Introduces students to the basics of cybersecurity incident management and incident investigation tools.
Physical security and infrastructure security. Aspects of cybersecurity business continuity management. Stages of cybersecurity incident management
Assessment methods and criteria: Current control, which consists of laboratory work and defense of reports, performance and defense of control work, oral examination.
1. Laboratory classes - 45 points.
2. Test, written and oral component - 55 points.
Recommended books: 1. Gulak GM, Grin AK, Melnik SV Methodology of information protection: a textbook. - Kyiv: Publishing House of the Security Service of Ukraine, 2015. - 251 p.
2. ND TZI 1.1-003-99, "Terminology in the field of protection of information in computer systems from unauthorized access", - 30 p.
3. Bogush VM, Information Security of the state. - K .: "MK-Press", 2005. - 432p.
4. Tsimbalyuk VS Information law (theory and practice). Monograph. - К .: 2009. 364 с.
5. Information and cybersecurity: socio-technical aspect: textbook / [V. L. Buryachok, VB Толубко, В.О. Хорошко, С.В. Tolyup]; for the head ed. Dr. Tech. Sciences, Professor VB Tolubka.— K .: DUT, 2015.— 288 p.
6. Kobozeva AA, Machalin IO, Khoroshko VO, Analysis of information systems security. Textbook. - К .: вид. DUICT, 2010. - 316 p.
Information Security Management
Major: Cybersecurity
Code of subject: 6.125.00.O.102
Credits: 4.00
Department: Information Technology Security
Lecturer: Associate Professor Nataliia Kukharska
Semester: 8 семестр
Mode of study: денна
Learning outcomes: Knowledge 3. To use the results of independent search, analysis, and synthesis of information from various sources to effectively solve specialized problems of professional activity.
Knowledge 4. To analyze, make arguments and decisions in solving complex specialized problems and practical problems in professional activities, which are characterized by complexity and incomplete definition of conditions, to be responsible for the made decisions.
Knowledge 7. To act based on the legislative and regulatory framework of Ukraine and the requirements of relevant standards, including international ones in the field of information and/or cybersecurity.
Knowledge 8. To prepare proposals for regulations on information and/or cybersecurity.
Knowledge 9. To implement processes based on national and international standards, identification, analysis, and response to information and/or cybersecurity incidents.
Knowledge 3.8. To solve the problems of ensuring the continuity of business processes of the organization based on risk theory and established information security management system, according to Ukrainian and international requirements and standards.
Required prior and related subjects: Prerequisites: basics of information and cyber security, regulatory and legal support and international cyber security standards.
Summary of the subject: Within the discipline:
• basic concepts related to information security management are presented;
• describes the IS management process and its components;
• features of the organization's IS management system, its field of application and documentation, including ISMS policy are considered;
• the stages of ISMS planning, implementation, verification, and improvement are described in detail;
• a detailed analysis of the current situation in the field of IS management standardization is carried out.
Assessment methods and criteria: Current control (40 marks), which consists of laboratory work and reports.
Final (examination) control is carried out as a test control (40 marks) and written survey (20 marks).
Recommended books: 1. DSTU ISO / IEC 27001: 2015. Information Technology. Methods of information security management system protection. Requirements. (ISO / IEC 27001: 2013; Cor 1: 2014, IDT) [Effective from 2017-01-01]. Publisher Kyiv, 2016. 28 p. (Information and documentation).
2. DSTU ISO / IEC 27002: 2015. Information Technology. Security techniques. Code of practice for information security controls. (ISO / IEC 27002: 2013; Cor 1: 2014, IDT) [Effective from 2017-01-01]. Publisher Kyiv, 2016. 66 p. (Information and documentation).
3. International Standart. ISO/IEC 27000:2018. Information technology. Security techniques. Information security management systems. Overview and vocabulary. 2018. 34 p.
4. International Standard. ISO/IEC 27003:2017. Information technology. Security techniques. Information security management systems. Guidance. 2017. 45 p.
5. International Standard. ISO/IEC 27003:2017. Information technology. Security techniques. Information security management systems. Guidance. 2017. 45 p.
5. Romaka V.A., Korzh R.O., Garasim Yu. R. Management in the field of information protection: textbook. Lviv: ZUKC, 2013. 462 p.
6. Grebennikov V. Information Security Management [URL:
http://dspace.uzhnu.edu.ua/jspui/bitstream/lib/10220/1/УІБ.docx