International Cybersecurity Standards

Major: Administration of Cybersecurity Systems
Code of subject: 7.125.04.E.037
Credits: 4.00
Department: Information Security
Lecturer: Professor Opirskyy Ivan
Semester: 2 семестр
Mode of study: денна
Learning outcomes: 1. use the current legal and regulatory framework for the organization of protection of information with limited access; 2. regulate the relationship between the subjects of information security, determine their rights, duties and responsibilities. 3. normatively ensure the actions of the subjects of information security at all levels, namely - man, society, state. 4. establish the procedure for the use of various forces and means of information security. 5. in accordance with the future specialty to evaluate the effectiveness of these measures and determine the necessary actions to improve them; 6. know a set of standards, orders, regulations that provide organizational and legal, engineering and operational measures aimed at preventing the disclosure and leakage of information with limited access; 7. understand information and cybersecurity policies; 8. Possession of sufficient knowledge in areas related to information technology, cybersecurity, information security, which will allow to critically analyze the situation in these areas and identify key trends in their development; 9. understanding of tools, scientific principles and strategies relevant to diagnosing and analyzing the state of development of cybersecurity at a level that will allow employment in the specialty, the ability to effectively use in practice theoretical knowledge in information security management. 10. possession of methods of general scientific analysis in the field of information technology and cybersecurity, possession of facts, their understanding and interpretation of research results in the form of reports, publications in the state and one of the foreign languages; 11. possession of legal and scientific-organizational bases of licensing, attestation and certification of objects of information protection. 12. knowledge of basic models of vulnerabilities, threats and attacks to justify options for building an automated information security monitoring system for information and communication systems and its main components; 13. possession of standard approaches and methodologies to the design and modernization of protected objects of information activities in accordance with the regulatory requirements of applicable standards and specifications. 14. Acquisition of adequate knowledge and understanding related to the specialty 125 "Cybersecurity", the scale of which will be sufficient to successfully organize and conduct research on information security, to form and represent the results of professional activities. 15. Be able to assess the compliance of the information protection system of the automated system to its purpose in accordance with the requirements of applicable standards. 16. ability to use various methods, in particular information technology to communicate effectively on professional and social levels. 17. the ability to realize the need for learning throughout all life in order to deepen the acquired and gain new ones professional knowledge
Required prior and related subjects: Fundamentals of information and cyber security Information security of the state Regulatory and legal support, standards and policies of information and cybersecurity Organizational support of information cybersecurity
Summary of the subject: Introductory lecture. Introduction to the Information Security Management System (ISMS) and ISO / IEC 27001 Goals and structure of the training course Standards and regulations Certification process Basic concepts and principles of information security Information Security Management System (ISMS) Basic concepts and principles of audit Influence of trends and technologies on audit Evidence-based audit Risk-based audit Beginning of the audit process Stage 1 audit Preparation for stage 2 audit Stage 2 audit Communication during the audit Audit procedures Creating audit audit plans Preparation of audit conclusions and reports on non-compliance Audit documentation and quality control Closing the audit Auditor's assessment of action plans After the initial audit Internal audit program management Closing of the training course
Assessment methods and criteria: Execution and defense of laboratory work is evaluated by a maximum score of 5 points per lesson - the maximum number of points - 30. Successful completion of the test forms the admission to the test. Credit (Written component) (3 levels of questions): • 1 level - 20 points (10 questions of 2 points); • Level 2 20 points (4 questions of 5 points); • Level 3 30 points (2 questions of 15 points); The maximum number of points is 70. Total for the discipline - 100 points.
Recommended books: 1. Educational and methodological course at the National Academy of Sciences https://vns.lpnu.ua/course/view.php?id=9126 2. Study guide. Ensuring the information security of the state [Text]: training. manual / V. S. Zachepilo, I.R. Opirsky and others; National Lviv Polytechnic University. — L.: Lviv Publishing House. polytechnics, 2017 3. Protection of state secrets: education. manual / V.S. Zachepilo, Z.A. Shandra, I.R. Opirskyi, I.Ya. Tyshyk, L.V. Frost. – Lviv: Publishing House of Lviv Polytechnic, 2015. – 168 p. (IBSN 978-617-607-850-0). 4. International standard for cyber security DSTU ISO/IEC 27001; 5. DSTU International Cyber Security Standard ISO/IEC 27002:2015; 6. International standard for cyber security DSTU ISO/IEC 27005:2015;. 7. International standard for cyber security DSTU ISO/IEC 27000; 8. DSTU International Cyber Security Standard ISO/IEC 27007:2015; 9. Cyber security risk management and audit standards: ISO 15408, 10. Cyber security risk management and auditing standards: NIST SP 800-61, 11. Cyber security risk management and auditing standards: ANSI/ISA-62443 and IEC 62443 12. Standards of the ISO 27000 2022 series. 13. Information protection methodology. Aspects of cyber security: textbook/ AHEM. Gulak - K.: NA SB Publishing House of Ukraine, 2020 14. Lisovska Yu.P. Cyber security: risks and measures: education. manual. — K.: Kondor Publishing House, 2019. — 272 p.