EPOKA UNIVERSITY
FACULTY OF ECONOMICS AND ADMINISTRATIVE SCIENCES
DEPARTMENT OF BUSINESS ADMINISTRATION
COURSE SYLLABUS
2024-2025 ACADEMIC YEAR
COURSE INFORMATIONCourse Title: CYBER SECURITY MANAGEMENT |
| Code | Course Type | Regular Semester | Theory | Practice | Lab | Credits | ECTS |
|---|---|---|---|---|---|---|---|
| BINF 307 | B | 5 | 3 | 0 | 0 | 3 | 5 |
| Academic staff member responsible for the design of the course syllabus (name, surname, academic title/scientific degree, email address and signature) | Dr. Aida Bitri abitri@epoka.edu.al |
| Main Course Lecturer (name, surname, academic title/scientific degree, email address and signature) and Office Hours: | Dr. Aida Bitri abitri@epoka.edu.al , E203, Monday 13:30-14:30, Wednesday 10:30-11:30, 13:30-14:30, Friday 9:30-10:30 |
| Second Course Lecturer(s) (name, surname, academic title/scientific degree, email address and signature) and Office Hours: | NA |
| Language: | English |
| Compulsory/Elective: | Elective |
| Study program: (the study for which this course is offered) | Bachelor in Business Informatics (3 years) |
| Classroom and Meeting Time: | E313 |
| Teaching Assistant(s) and Office Hours: | NA |
| Code of Ethics: |
Code of Ethics of EPOKA University Regulation of EPOKA University "On Student Discipline" |
| Attendance Requirement: | 75% |
| Course Description: | - |
| Course Objectives: | Understand the Fundamentals of Cyber Security Develop Strategic Cybersecurity Policies Manage Cybersecurity Risk and Compliance Implement Security Operations and Technologies Lead and Manage Cybersecurity Teams Respond to Cybersecurity Incidents Promote Organizational Security Awareness Assess and Monitor Emerging Threats Conduct Ethical Hacking and Vulnerability Assessments Understand the Financial and Business Impact of Cybersecurity |
|
BASIC CONCEPTS OF THE COURSE
|
| 1 | Cyber security |
| 2 | Risk Management |
| 3 | Information Security |
| 4 | Cryptography |
| 5 | Business continuity |
| 6 | Recovery plan |
| 7 | Intrusion dedection systems |
| 8 | VPN |
| 9 | Encryption /decryption algorithms |
| 10 | Ethical hacking |
|
COURSE OUTLINE
|
| Week | Topics |
| 1 | Module 1—Introduction to Information Security The opening module establishes the foundation for understanding the broader field of information security. This is accomplished by defining key terms, explaining essential concepts, and reviewing the origins of the field and its impact on the understanding of information security. Pg.1-Pg.26 |
| 2 | Module 2—The Need for Information Security Module 2 examines the business drivers behind the design process of information security analysis. It examines current organizational and technological security needs while emphasizing and building on the concepts presented in Module 1. One principal concept presented in this module is that information security is primarily a management issue rather than a technological one. To put it another way, the best practices within the field of information security involve applying technology only after considering the business needs.Pg28-81 |
| 3 | Module 3—Information Security Management This module presents the different management functions within the field of information security and defines information security governance. It continues with management’s role in the development, maintenance, and enforcement of information security policy, standards, practices, procedures, and guidelines. Pg.82-pg.120 |
| 4 | Module 4—Risk Management. This module explains how to conduct a fundamental information security assessment by describing procedures for identifying and prioritizing threats and assets as well as procedures for identifying what controls are in place to protect these assets from threats. The module also discusses the various types of control mechanisms and identifies the steps involved in performing the initial risk assessment. Pg.122-Pg.175 |
| 5 | Module 5—Incident Response and Contingency Planning This module examines the planning process that supports business continuity, disaster recovery, and incident response; it also describes the organization’s role during incidents and specifies when the organization should involve outside law enforcement agencies. The module includes coverage of the subject of digital forensics. Pg.176-Pg.222 |
| 6 | Module 6—Legal, Ethical, and Professional Issues in Information Security. This module examines several key laws that shape the field of information security and examines the computer ethics to which those who implement security must adhere. This module also presents several common legal and ethical issues found in today’s organizations, as well as formal and professional organizations that promote ethics and legal responsibility.pg.224-pg.260 |
| 7 | Module 7 - Security and Personnel. Module 7 examines both sides of the personnel coin: security personnel and security of personnel. It examines staffing issues, professional security credentials, and the implementation of employment policies and practices. The module also discusses how information security policy affects and is affected by consultants, temporary workers, and outside business partners. Pg.262-pg.295 |
| 8 | Module 8—Security Technology: Access Controls, Firewalls, and VPNs Module 8 provides a detailed overview of the configuration and use of technologies designed to segregate the organization’s systems from the insecure Internet. This module examines the various definitions and categorizations of firewall technologies and the architectures under which firewalls may be deployed. pg.296-pg.336 |
| 9 | Mid term project |
| 10 | Module 9—Security Technology: Intrusion Detection and Prevention Systems and Other Security Tools Module 9 continues the discussion of security technologies by examining the concept of intrusion and the technologies necessary to prevent, detect, react, and recover from intrusions. Specific types of intrusion detection and prevention systems (IDPSs)—the host IDPS, network IDPS, and application IDPS—and their respective configurations and uses are presented and discussed. Pg.338-pg.384 |
| 11 | Module 10 (part I)—Cryptography Module 10 continues the study of security technologies by describing the underlying foundations of modern cryptosystems as well as their architectures and implementations. The module begins by summarizing the history of cryptography and discussing the various types of ciphers that played key roles in that history. The module also examines some Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. of the mathematical techniques that comprise cryptosystems, including hash functions. The module then extends this discussion by comparing traditional symmetric encryption systems with more modern asymmetric encryption systems and examining the role of asymmetric systems as the foundation of public-key encryption systems. Also covered are the cryptography-based protocols used in secure communications, including HTTPS, S/MIME, and SET. The module then discusses steganography and its emerging role as an effective means of hiding information. The module concludes by revisiting attacks on information security that are specifically targeted at cryptosystems. pg.384-pg.416 |
| 12 | Module 10 (part II)—Cryptography Module 10 continues the study of security technologies by describing the underlying foundations of modern cryptosystems as well as their architectures and implementations. The module begins by summarizing the history of cryptography and discussing the various types of ciphers that played key roles in that history. The module also examines some Copyright 2022 Cengage Learning. All Rights Reserved. May not be copied, scanned, or duplicated, in whole or in part. Due to electronic rights, some third party content may be suppressed from the eBook and/or eChapter(s). Editorial review has deemed that any suppressed content does not materially affect the overall learning experience. Cengage Learning reserves the right to remove additional content at any time if subsequent rights restrictions require it. of the mathematical techniques that comprise cryptosystems, including hash functions. The module then extends this discussion by comparing traditional symmetric encryption systems with more modern asymmetric encryption systems and examining the role of asymmetric systems as the foundation of public-key encryption systems. Also covered are the cryptography-based protocols used in secure communications, including HTTPS, S/MIME, and SET. The module then discusses steganography and its emerging role as an effective means of hiding information. The module concludes by revisiting attacks on information security that are specifically targeted at cryptosystems.pg.384-pg.416 |
| 13 | Module 11—Implementing Information Security The preceding modules provide guidelines for how an organization might design its information security program. Module 11 examines the elements critical to implementing this design. Pg.418-Pg.448 |
| 14 | Review session |
| Prerequisite(s): | - |
| Textbook(s): | Lecture notes |
| Additional Literature: | Principles of Information Security, 7th Edition Michael E. Whitman and Herbert J. Mattord, 2022 |
| Laboratory Work: | - |
| Computer Usage: | - |
| Others: | No |
|
COURSE LEARNING OUTCOMES
|
| 1 | Students will be able to explain core concepts and principles of cybersecurity, including threats, vulnerabilities, and risk management strategies. |
| 2 | Students will be able to explain core concepts and principles of cybersecurity, including threats, vulnerabilities, and risk management strategies. |
| 3 | Students will gain the skills to create and implement security policies aligned with legal, ethical, and compliance standards, such as GDPR, HIPAA, and ISO/IEC 27001. |
| 4 | Students will learn how to develop and manage an incident response plan, as well as apply disaster recovery and business continuity strategies in the event of a security breach. |
| 5 | Students will be equipped to lead security initiatives by establishing governance structures and fostering a security-conscious organizational culture. |
| 6 | Students will acquire knowledge of key cybersecurity tools and technologies, including firewalls, intrusion detection/prevention systems (IDS/IPS), and encryption techniques. |
| 7 | Students will demonstrate the ability to conduct ethical hacking and penetration testing to identify vulnerabilities in systems and networks. |
| 8 | Students will analyze emerging cybersecurity threats, trends, and technological advancements, and assess their potential impact on organizational security strategies. |
| 9 | Students will develop the skills to communicate cybersecurity concepts effectively to both technical and non-technical stakeholders, and collaborate with cross-functional teams to enhance security posture. |
| 10 | Students will understand the legal, ethical, and regulatory aspects of cybersecurity, and how to ensure compliance while managing security risks. |
|
COURSE CONTRIBUTION TO... PROGRAM COMPETENCIES
(Blank : no contribution, 1: least contribution ... 5: highest contribution) |
| No | Program Competencies | Cont. |
| Bachelor in Business Informatics (3 years) Program | ||
| 1 | Identify activities, tasks, and skills in management, marketing, accounting, finance, and economics. | 4 |
| 2 | Apply key theories to practical problems within the global business context. | 4 |
| 3 | Demonstrate ethical, social, and legal responsibilities in organizations. | 5 |
| 4 | Develop an open minded-attitude through continuous learning and team-work. | 1 |
| 5 | Integrate different skills and approaches to be used in decision making and data management. | 3 |
| 6 | Combine computer skills with managerial skills, in the analysis of large amounts of data. | 1 |
| 7 | Provide solutions to complex information technology problems. | 2 |
| 8 | Recognize, analyze, and suggest various types of information-communication systems/services that are encountered in everyday life and in the business world. | 5 |
|
COURSE EVALUATION METHOD
|
| Method | Quantity | Percentage |
| Project |
1
|
30
|
| Final Exam |
1
|
50
|
| Other |
1
|
20
|
| Total Percent: | 100% |
|
ECTS (ALLOCATED BASED ON STUDENT WORKLOAD)
|
| Activities | Quantity | Duration(Hours) | Total Workload(Hours) |
| Course Duration (Including the exam week: 16x Total course hours) | 16 | 4 | 64 |
| Hours for off-the-classroom study (Pre-study, practice) | 16 | 2.5 | 40 |
| Mid-terms | 1 | 3 | 3 |
| Assignments | 5 | 3 | 15 |
| Final examination | 1 | 3 | 3 |
| Other | 0 | ||
|
Total Work Load:
|
125 | ||
|
Total Work Load/25(h):
|
5 | ||
|
ECTS Credit of the Course:
|
5 | ||
|
CONCLUDING REMARKS BY THE COURSE LECTURER
|
|
Concluding Remarks: Students should uphold the code of ethics in all academic endeavors. Cheating in any form is strictly prohibited. Please be aware that any misbehavior report will result in an automatic evaluation of zero points for the respective exam. |