Work program of the basis of information security university. Work program on the discipline of the basics of information security work program on informatics and ICT on the topic
Non-state accredited non-profit private educational institution of higher education
"Academy of Marketing and Social Information Technologies -IMSIT"
Krasnodar city
Faculty of secondary vocational education
APPROVE
NMS Chairman, Vice-Rector
for academic work, professor
N.N. Pavelko17.04.2017
OP.06 "Fundamentals of information security"
The program was developed on the basis of the main professional educational program of secondary vocational education for the training of mid-level specialists, developed on the basis of the Federal State Educational Standard in the specialty 10.02.01
Developer: V.V. Alferova,
Lecturer FSF, Academy IMSIT
_____________ (signature)
Reviewers:
_____________________________________
____________________________________________________________________
_______________________________
(signature)
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
_______________________________
(signature)
____________________________________________________________________
____________________________________________________________________
____________________________________________________________________
_______________________________
(signature)
1 Passport of the program of the academic discipline
3.3 Guidelines for students on mastering the academic discipline
The work program of the academic discipline was developed on the basis of the Federal State Educational Standard of Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805.
Guidelines for the discipline of the basics of information security are developed on the basis of the Federal State Educational Standard of Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include guidelines for performing practical exercises and independent work. Guidelines reviewed and approved̆ commissions ̆ technical profile.
3.4 Guidelines for laboratory exercises
There are no laboratory classes.
3.5 Guidelines for practical exercises
Guidelines for practical exercises in the discipline of information and communication systems and networks are developed on the basis of the Federal State Educational Standard of Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include material that is also necessary for performing practical exercises, requirements for the design of a report on practical exercises, and sample report design. Methodical instructions are considered and approved by the Subject-cycle commission of a technical profile.
3.6 Guidelines for course design and other types of independent work
Guidelines for independent work of students in the discipline of information and communication systems and networks are developed on the basis of the Federal State Educational Standard of Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include material required̆ to perform independent work, requirements for the preparation of a report on independent work. Methodical instructions are considered and approved by the Subject-cycle commission of a technical profile.
Course design is not provided
3.7 Software of modern information and communication technologies
Teaching and training of students involves the use of standard software for a personal computer:
No p / pName of technical and computer teaching aids
Microsoft Windows operating systemXP, 7
OfficepackageMicrosoft Office Professional
System ConsultantPlus
Browser for searching information on the discipline in the global INTERNET: MOZILLA FIREFOX, GOOGLE CHROME, OPERA,
INTERNET EXPLORER
3.8 Conditions for the implementation of the program for students with disabilities and persons with disabilities
The specificity of the resulting orientation (profile) of the educational program implies the possibility of training the following categories of people with disabilities and people with disabilities:
with limited motor functions;
with hearing impairments.
The organization of the educational process provides the possibility of unhindered access for students with disabilities and (or) disabled people to classrooms and other premises, there are ramps for this, handrails, elevators and extended doorways.
In classrooms and laboratories, it is possible to equip places for disabled students with various types of health disorders, including the musculoskeletal system and hearing. Illumination of educational places is established in accordance with the provisions of SNiP 23-05-95 "Natural and artificial lighting". All items necessary for the educational process are located in the zone of maximum reach of outstretched arms.
The premises provide training places for people with disabilities and disabled people with cardiovascular diseases, they are equipped with sun protection devices (blinds), they have a climate control system.
If necessary, for the disabled and people with disabilities, individual curricula and individual schedules are developed, studyingare provided with printed and electronic educational resources in forms adapted to their health limitations.
4 Characteristics of the main activities of students
PC 1.6. Ensure safety during organizational and technical activitiesBe able to:
Consider an example of an object-oriented approach to information security.
An overview of the legislative level of information security and why it is important, an overview of Russian legislation in the field of information security, the law "On Information, Informatization and Information Protection", other laws and regulations, an overview of foreign legislation in the field of information security.
Know:
List of topics:
The concept of component, class, family.
What is the legislative level of information security and why is it important.
Review of Russian legislation in the field of information security.
Other laws and regulations.
Review of foreign legislation in the field of information security.
PC 3.1. Apply software, hardware and technical means of information protection at the objects of professional activity
Be able to:
Develop security model architectures for information systems and networks.
Topics of laboratory/practical work:
Shielding.
The concept of privacy.
architectural aspects.
Know:
Basic software and hardware measures.
Basic concepts of the software and hardware level of information security.
List of topics:
Basic concepts.
Security policy.
Security program.
Basic concepts of the software and hardware level of information security.
Security services, security analysis, fault tolerance, secure recovery.
Basic concepts of registration information.
Active audit.
Encryption.
Integrity control.
Digital certificates.
PC 3.2. Participate in the operation of systems and means of protecting information of protected objects
Be able to:
Develop the architecture of the security model of information systems and networks.
Topics of laboratory/practical work:
Basic concepts, security mechanisms, security classes, information security of distributed systems, X.800 recommendations,
Preparatory stages of risk management, the main stages of risk management, creating a map of the organization's information system.
Know:
Management of risks.
List of topics:
Security mechanisms.
Security classes.
Information security of distributed systems. X.800 recommendations.
Security administration.
Basic concepts and preparatory stages of risk management.
Basic concepts, technical restrictions, password expiration management.
PC 3.3. Fix failures in the operation of protective equipment
Be able to:
Arrange physical protection of information.
Develop a recovery plan.
Limit access.
Topics of laboratory/practical work:
One time passwords, Kerberos authentication server. Identification/authentication using biometric data.
Access control in a Java environment.
Know:
The main classes of measures of the procedural level.
List of topics:
Personnel Management.
Physical protection.
Restoration planning.
PC 3.4. Identify and analyze possible threats to the information security of objects
Be able to:
Identify and analyze information security threats.
Topics of laboratory/practical work:
The concept of mobile agents, viruses, "worms" static and dynamic integrity.
Tunneling, management, multilevel manager/agent architecture, performance monitoring.
Know:
List of topics:
Some examples of accessibility threats.
5 Control and evaluation of the results of mastering the discipline
Control and evaluation of the results of mastering the discipline is carried out by the teacher in the process of conducting practical classes, testing, as well as the implementation of individual tasks, projects, and research by students.
Learning Outcomes(learned skills, acquired knowledge)
Forms and methods of monitoring and evaluating learning outcomes
As a result of mastering the discipline, the student should be able to:
Forms of learning control:
classify protected information by types of secrets and degrees of confidentiality, apply the basic rules and documents of the certification system of the Russian Federation, classify the main threats to information security.
As a result of mastering the discipline, the student should know:
the essence and concept of information security, the characteristics of its components, the place of information security in the national security system of the country, the sources of threats to information security and measures to prevent them, modern means and methods of ensuring information security
oral questioning, written testing; independent work, practical tasks, activity in the classroom
Questions for self-control
Law of the Russian Federation "On the legal protection of computer programs and databases"
Basic concepts
Law of the Russian Federation "On the legal protection of programs ...".Relations regulated by law
Law of the Russian Federation "On the legal protection of programs ...".Object of legal protection
Law of the Russian Federation "On the legal protection of programs ...".Terms of recognition of copyright
Law of the Russian Federation "On the legal protection of programs ...".Database copyright
Law of the Russian Federation "On the legal protection of programs ...".Copyright term
Law of the Russian Federation "On the legal protection of programs ...".Authorship
Law of the Russian Federation "On the legal protection of programs ...".Personal rights
Law of the Russian Federation "On the legal protection of programs ...".Exclusive right
Law of the Russian Federation "On the legal protection of programs ...".Transfer of exclusive right
Law of the Russian Federation "On the legal protection of programs ...".Ownership of the exclusive right to the program
Law of the Russian Federation "On the legal protection of programs ...".Right to register
Law of the Russian Federation "On the legal protection of programs ...".Using the program
Law of the Russian Federation "On the legal protection of programs ...".Free reproduction and adaptation of the program
Law of the Russian Federation "On the legal protection of programs ...".Counterfeit copies of the program
Law of the Russian Federation "On the legal protection of programs ...".Protection of rights to the program
The life cycle of a program instance and its “total cost of ownership.
Monopolization of services
Questions for offset
The concept of information security. Main components.
Extending the object-oriented approach to information security.
Basic definitions and criteria for classifying threats.
Legislative level of information security.
Malicious software.
Law "On Information, Informatization and Information Protection".
The concept of information security. Main components. The importance of the problem.
The most common threats
Standards and specifications in the field of information security.
Administrative level of information security.
Management of risks.
Procedural level of information security.
Basic software and hardware measures.
Identification and authentication, access control.
Modeling and auditing, encryption, integrity control.
Screening, security analysis.
Tunneling and management.
The concept of national security.
Types of security of the individual, society and the state.
The role of information security in ensuring the national security of the state.
Ensuring information security in normal and emergency situations.
Basic legal and regulatory acts in the field of information security.
The concept of a class, component.
Structured programming, decompositions, structural approach.The main tool for dealing with complexity in an object-oriented approach.
concept mobile agents, viruses, worms" static and dynamic integrity.
Security mechanisms, security classes, information security of distributed systems.
Business programming
The importance of the problem.
Computer technologies in business
Business in programming
Program as a commodity
offshore programming. Advantages and disadvantages
Licensed software products. Basic rules of use
Obtaining a certificate from an authorized representative (Certification Authority). Class 2 and 3 certification Contents of the copyright (license) agreement. Royalties
"Wrap" licenses
Free software
The life cycle of a program instance and its "total cost of ownership"
Free and non-free models of commercial software
Non-free software
Non-free software. Monopolization of services
Savings from software freedom
The state as the owner of free software
Security administration.
ISO/IEC 15408 "Information technology security assessment criteria.
Harmonized criteria of European countries, interpretation of the "Orange Book" for network configurations.
Guiding documents of the State Technical Commission of Russia.
security program,roles and responsibilities, continuity of protection.
Synchronization of the security program with the life cycle of systems.
Preparatory stages of risk management.
The main stages of risk management.
creationsinformation system cardsorganizations.
threat identification,gradeprobabilities.
Personnel management, physical protection, recovery planning.
Basic concepts of the software and hardware level of information security.
security analysis,securityfault tolerance.
Identification and authentication.
Imposing technical restrictions, managing password expiration.
One time passwords, Kerberos authentication server.
Access control rules.
Logging and auditing. Basic concepts of registration information Active audit.
Functional components and architecture.
Encryption.
Integrity control.
Digital certificates.
Shielding.
The concept of privacy.
architectural aspects.
Security analysis.
Tunneling.
Layered architecture manager/agent.
Performance control.
6 Additions and changes in the work program
changes, the date the change was made; page number with the change;IT WAS
BECOME
Base:
Signature of the person who made the change
MINISTRY OF EDUCATION AND SCIENCE
RUSSIAN FEDERATION
Saratov State University named after
Faculty of Computer Science and information technologies
APPROVE
___________________________
"__" __________________ 20__
Work program of the discipline
Speciality
090301 Computer security
Specialization
Mathematical Methods information protection
Graduate Qualification
Specialist
Form of study
full-time
Saratov,
2012
1. The goals of mastering the discipline
C The purpose of the discipline is to form the foundations of competence in ensuring the information security of the state.
Discipline tasks:
development of systemic thinking in the field of information security of the state;
training in the methodology for creating information security systems, methods for assessing security and ensuring information security of computer systems;
mastering the social role of an information security specialist by the trainee.
2. The place of discipline in the structure of the OOP
The competencies, knowledge, skills and readiness formed by students as a result of mastering this discipline are necessary to study the following courses: "Protection in operating systems", "Fundamentals of building secure computer networks", "Fundamentals of building secure databases”, “Program and Data Protection”, “Information Security Hardware and Software”, “Basics of Computer Forensics”, “Computer Systems Security Models”.
3. Competences of the student, formed as a result of mastering the discipline
This discipline contributes to the formation of the following competencies:
the ability to carry out their activities in various spheres of public life, taking into account the moral and ethical and legal regulations, comply with the principles of professional ethics (OK-2);
the ability to logically correctly, reasonably and clearly build oral and written speech on in Russian, prepare and edit texts for professional purposes, publicly present their own and known scientific results, conduct discussions (OK-7);
the ability for written and oral business communication, for reading and translating texts on professional topics on one of foreign languages(OK-8);
the ability to logically correct thinking, generalization, analysis, critical understanding of information, systematization, forecasting, setting research problems and choosing ways to solve them based on the principles of scientific knowledge (OK-9);
the ability to independently apply methods and means of cognition, learning and self-control to acquire new knowledge and skills, including in new areas that are not directly related to the field of activity, develop social and professional competencies, change the type of one’s own professional activity(OK-10);
the ability to identify the natural science essence of problems that arise in the course of professional activity, and apply the appropriate physical and mathematical apparatus for their formalization, analysis and decision making(PC-1);
the ability to apply the mathematical apparatus, including the use of computer technology, to solve professional problems (PC-2);
the ability to understand the essence and significance of information in the development of modern society, to apply the achievements of modern information technologies to search and process large amounts of information on the profile of activities in global computer systems, networks, library collections and other sources of information (PC-3)
the ability to apply the methodology of scientific research in professional activities, including work on interdisciplinary and innovative projects(PC-4);
the ability to use regulatory and legal documents in their professional activities (PC-5);
the ability to take into account modern trends in the development of informatics and computer technology, computer technology in their professional activities (PC-7);
ability to work with software for applied, system and special purposes (PC-8);
the ability to use programming languages and systems, tools for solving various professional, research and applied tasks (PC-9);
the ability to formulate the result of the conducted research in the form of specific recommendations expressed in terms of the subject area of the studied phenomenon (PC-10);
the ability to organize anti-virus protection of information when working with computer systems (PC-13);
the ability to select, study and generalize scientific and technical information, regulatory and methodological materials on methods for ensuring information security of computer systems (PC-14);
the ability to apply modern methods and research tools to ensure the information security of computer systems (PC-15);
the ability to analyze the security of computer systems using domestic and foreign standards in the field of computer security (PC-16);
ability to prepare scientific and technical reports, reviews, publications based on the results executed works(PC-17);
ability to develop mathematical security models for protected computer systems (PC-18);
the ability to justify and select a rational solution for the level of security of a computer system, taking into account the specified requirements (PC-19);
the ability to analyze and formalize the tasks in the field of computer security (PC-20);
the ability to collect and analyze initial data for the design of information security systems (PC-21);
ability to participate in the development project documentation(PK-22);
the ability to analyze design solutions to ensure the security of computer systems (PC-23);
the ability to participate in the development of the information security system of an enterprise (organization) and the information security subsystem of a computer system (PC-24);
the ability to assess the degree of reliability of the selected security mechanisms for solving the task (PC-25);
the ability to participate in the conduct of experimental research during the certification of the information security system, taking into account the requirements for the level of security of a computer system (PC-26);
the ability to conduct an experimental study of computer systems in order to identify vulnerabilities (PC-27);
the ability to justify the correctness of the chosen model for solving a professional problem, to compare experimental data and theoretical solutions (PC-28);
the ability to evaluate the effectiveness of information security systems in computer systems (PC-29);
the ability to develop proposals for improving the information security management system of a computer system (PC-32);
the ability to develop draft regulatory and methodological materials governing the work to ensure the information security of computer systems, as well as regulations, instructions and other organizational and administrative documents in the field of professional activity (PC-33);
ability to install, test software and software and hardware to ensure information security of computer systems (PC-34);
the ability to take part in the operation of software and hardware and software to ensure information security of computer systems (PC-35);
the ability to develop and compile instructions and user manuals for the operation of information security tools for computer systems and hardware and software information protection tools (PC-38).
ability to navigate modern and future mathematical methods information security, evaluate the possibility and effectiveness of their application in specific tasks of information security (PSK-2.1);
ability to build mathematical models to assess the security of computer systems and analyze components security systems using modern mathematical methods (PSK-2.2);
the ability to develop computational algorithms that implement modern mathematical methods of information security (PSK-2.3);
the ability, based on the analysis of the applied mathematical methods and algorithms, to evaluate the effectiveness of information security tools (PSK-2.5);
the ability to develop, analyze and justify the adequacy of mathematical models of processes that occur during the operation of software and hardware information protection tools (PSK-2.6);
the ability to conduct a comparative analysis and make a reasonable choice of software and hardware information protection (PSK-2.7).
As a result of mastering the discipline, the student must:
Know:
means and methods of storage and transmission of authentication information;
mechanisms for implementing attacks in networks that implement Internet transport and network layer protocols;
main protocols for identification and authentication of network subscribers;
means and methods for preventing and detecting intrusions;
essence and concept of information, information security and characteristics of its components;
the place and role of information security in the national security system of the Russian Federation, the foundations of the state information policy, the strategy for the development of the information society in Russia;
sources and classification of information security threats;
the main means and methods of ensuring information security, the principles of building information security systems;
main types of access and information flow control policies in computer systems;
the main formal models of discretionary, mandatory, role-based access control, isolated software environment models and information security flows;
Be able to:
develop and maintain software, taking into account the requirements for their security;
develop drafts of normative and organizational and administrative documents regulating the work on information protection;
formulate and configure the security policy of the main operating systems, as well as local computer networks built on their basis;
apply secure protocols, firewalls and intrusion detection tools to protect information in networks;
implement measures to counter network security violations using various software and hardware protection tools;
analyze and evaluate threats to information facility security ;
determine the composition of the computer: the type of processor and its parameters, the type of memory modules and their characteristics, the type of video card, the composition and parameters of peripheral devices;
Own:
professional terminology in the field of information security;
skills in using technical and software testing tools to determine the health of the computer and evaluate its performance;
skills in setting up firewalls;
network traffic analysis techniques;
professional terminology in the field of information security.
4. Structure and content of the discipline
The total labor intensity of the discipline is 2 credits, 72 hours.
Section of discipline | Semester | Semester week | Types of educational work, including independent work of students and labor intensity (in hours) | Forms of current progress control (per week of the semester) |
||||
Theoretical foundations of information security | ||||||||
Information security methods | Test No. 1 at week 10 |
|||||||
Information security software | ||||||||
Information security hardware | Test No. 2 at week 18 |
|||||||
Intermediate certification | ||||||||
Section 1 - "Theoretical Foundations of Information Security". Basic definitions. Threats to information security, their classification. Disclosure, leakage, unauthorized access to information. Rules for working with machine storage media. Formal models of information security. Integrity Control Policy Model. Clark-Wilson model. Identification and authentication. Types of password systems. Password security threats. Attacks on password systems. Building password systems.
Section 2 - " Information security methods". Usage checksums and hashing for integrity control. Protection from destructive program influences. Algorithms for the operation of anti-virus programs. Hiding information. Steganography.
Section 3 - " Information security software". Protection of programs from study. Protection of programs from unauthorized use. Firewalls. Setting up virtual private networks.
Section 4 - " Information security hardware". Devices for secure storage of information. Electronic locks. Access control using software and hardware. Biometric protection. The use of GBSH to prevent information leakage through technical channels.
5. Educational technologies
Recommended educational technologies: laboratory classes, interactive survey, heuristic conversation, dialogue, presentations by experts and specialists to students, meetings with representatives of leading domestic information security firms, introductory conversations with representatives of potential employers, an excursion to the museum of the regional Department of the Federal Security Service.
6. Educational and methodological support for independent work of students. Evaluation tools for ongoing monitoring of progress, intermediate certification based on the results of mastering the discipline.
7. Educational and methodical Information Support disciplines
a) basic literature:
1) Yurin and the practical foundations of information security.
2012.
http://library. *****/uch_lit/620.pdf
b) additional literature:
1) Sorokin drivers and security systems [Text]: textbook. allowance / , . - St. Petersburg. ; M. : BHV-Petersburg: Ed. , 2003.
2) Sobolev basics of technical means of ensuring information security [Text]: textbook. manual for university students studying in the specialties 075500 "Integrated information security automated systems" and 075200 "Computer Security" /, . - M .: Helios ARV, 2004.
3) Gaidamakin, access to information in computer systems [Text] / . - Yekaterinburg: Ural Publishing House. un-ta, 2003.
4) Malyuk security: conceptual and methodological foundations of information security [Text]: textbook. allowance / . - M. : Hot line - Telecom, 2004.
5) Court of the basics of information security [Text]: textbook. allowance / . - M. : Helios ARV, 2004.
c) software and Internet resources
Etc gram-hardware complex "Accord 2000/ NT";
- software and hardware complex "Sobol";
- hardware and software system " Esmart Access Box";
- biometric security " Eyes OptiMouse";
- software " CryptoPro";
- antivirus programs.
8. Logistics of discipline
Lecture room with the ability to demonstrate electronic presentations at a level of illumination sufficient for working with abstracts. Computer class equipped with personal computers and the necessary software and hardware.
The program was compiled in accordance with the requirements of the Federal State Educational Standard of the Higher Professional Education, taking into account the recommendations and the Approximate OOP of the Higher Professional Education in the specialty 090301 "Computer Security" and the specialization "Mathematical Methods of Information Security".
Senior Lecturer
The program was approved at a meeting of the Department of Theoretical Foundations of Computer Security and cryptography dated "___" __________2012, protocol No. ___
Head department
theoretical foundations
computer security and cryptography
Professor
Dean of the Faculty
computer science
and information technology
State budgetary educational institution of secondary vocational education of the city of Moscow
MOSCOW STATE COLLEGE OF ELECTROMECHANICS AND INFORMATION TECHNOLOGIES
ACADEMIC PROGRAM
Fundamentals of information security
for the specialty
230401 Information systems (by industry)
2014
page |
|
| |
| |
| |
|
1. PASSPORT OF THE WORKING PROGRAM OF THE EDUCATIONAL DISCIPLINE
1.1. Scope of the program
The work program of the academic discipline is part of the main professional educational program, introduced at the expense of the variable component of the standard in the specialty.
The program of the discipline can be usedin additional vocational education in the implementation of programs for advanced training and professional training in the profession of workers 16199 Operator of electronic computers
1.2. The place of discipline in the structure of the main professional educational program
The academic discipline is included in the professional cycle as a general professional discipline
1.3. Goals and objectives of the academic discipline - requirements for the results of mastering the academic discipline:
As a result of mastering the academic discipline, the student should have the following general and professional competencies:
OK 1. Understand the essence and social significance of your future profession, show a steady interest in it.
OK 2. Organize their own activities, choose standard methods and methods for performing professional tasks, evaluate their effectiveness and quality.
OK 3. Make decisions in standard and non-standard situations and be responsible for them.
OK 4. Search and use the information necessary for the effective implementation of professional tasks, professional and personal development.
OK 5. Use information and communication technologies in professional activities.
OK 6. Work in a team and in a team, communicate effectively with colleagues, management, consumers.
OK 7. Take responsibility for the work of team members (subordinates), for the result of completing tasks.
OK 8. Independently determine the tasks of professional and personal development, engage in self-education, consciously plan advanced training.
OK 9. Navigate in conditions of frequent change of technologies in professional activity.
PC 1.9. Follow the regulations for updating, technical support and data recovery of the information system, work with technical documentation.
PC 1.10. Ensure the organization of access for users of the information system within its competence.
PC 2.6. Use criteria for assessing the quality and reliability of the information system.
be able to :
Classify protected information by types of secrets and degrees of confidentiality;
Apply the basic rules and documents of the certification system of the Russian Federation;
Classify the main threats to information security;
As a result of mastering the academic discipline, the student must
know :
Essence and concept of information security, characteristics of its components;
The place of information security in the national security system of the country;
Sources of threats to information security and measures to prevent them;
Life cycles of confidential information in the process of its creation, processing, transmission;
Modern means and methods of ensuring information security.
90 ____ hours, including:obligatory classroom workload of a student ___
60 __ hours;student's independent work _ 30 _ hours.
2. STRUCTURE AND CONTENT OF THE EDUCATIONAL DISCIPLINE
2.1. Volume of academic discipline and types of educational work
3.2. Information support of training.
Main sources:
- Kleymenov S.A., Melnikov V.P. Information Security. Textbook for students of institutions of secondary vocational education. Vulture of the Ministry of Defense of the Russian Federation. 7th ed. - M.: Publisher: Academy, 2012. - 336 p.
Additional sources:
- Popov V.B. Fundamentals of information and telecommunication technologies. Fundamentals of Information Security: Textbook - M.: Finance and Statistics, 2005. - 176 p.
- S. P. Rastorguev Fundamentals of information security - M .: Academy, 2007. - 192 p.
- E. B. Belov, V. P. Los, R. V. Meshcheryakov, A. A. Shelupanov Fundamentals of information security - M .: Hot Line - Telecom, 2006. - 544 p.
4 . Tsirlov V.L. Fundamentals of information security: a short course/Professional education. - M.: Phoenix, 2008. - 400 p.
Internet resources:
- http://fcior.edu.ru/ - Federal Center for Information and Educational Resources
- http://www.edu.ru/ - Federal educational resources
3. http://www.adinf.ru - Web site of ADinf antivirus developers.
4. http:// www.dials.ru – anti-virus laboratory server.
5.http:// www.symantec.ru – Russian Internet representative office of Symantec, which produces the anti-virus package Norton AntiVirus.
4. CONTROL AND EVALUATION OF THE RESULTS OF MASTERING THE EDUCATIONAL DISCIPLINE
Learning Outcomes (learned skills, acquired knowledge) | Formed general and professional competencies | Forms and methods of monitoring and evaluating learning outcomes |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Ability to classify protected information by types of secrets and degrees of confidentiality; Ability to apply the basic rules and documents of the certification system of the Russian Federation; Ability to classify the main threats to information security. Knowledge of the essence and concept of information security, characteristics of its components; Knowledge of the place of information security in the national security system of the country; Knowledge of sources of threats to information security and measures to prevent them; Knowledge of the life cycles of confidential information in the process of its creation, processing, transmission; Knowledge of modern means and methods of ensuring information security. | OK 1-OK 9 PC 1.9., PC 1.10., PC 2.6. | Expert evaluation of the results of students' activities in the implementation and protection of the results of practical classes, testing, extracurricular independent work, and other types of current control. THE RUSSIAN FEDERATION STATE EDUCATIONAL INSTITUTION HIGHER PROFESSIONAL EDUCATION "APPROVE" Vice Rector for Academic Affairs _______________ / L.M. Volosnikova "___" _______________ 2011 Training and metodology complex. Work program for full-time students training profile "Safety of automated systems" « » ____________ 2011 Considered at a meeting of the Department of Information Security on April 20, 2011, protocol No. 8. Meets the requirements for content, structure and design. Volume __ page Head department __________________________________________ / A.A. Zakharov/ « » ____________ 2011 Considered at the meeting of the CMC of the Institute of Mathematics, Natural Sciences and Information Technologies on May 15, 2011, Protocol No. 2. Corresponds to the Federal State Educational Standard of Higher Professional Education and the curriculum of the educational program. "AGREED": Chairman of the CMD _____________________________________ / I.N. deaf/ « » ___________ 2011 "AGREED": Head methodological department of the UMU _________________________ / S.A. Fedorova/ "_____" _______________ 2011 THE RUSSIAN FEDERATION MINISTRY OF EDUCATION AND SCIENCEState educational institution higher professional education TYUMEN STATE UNIVERSITY Institute of Mathematics, Natural Sciences and Information TechnologyDepartment of Information SecurityKALININ A.S. Fundamentals of information security Training and metodology complex. Work program for full-time students, specialty training profile: "Safety of automated systems" Tyumen State University A.S. Kalinin. Fundamentals of information security. Training and metodology complex. Work program for full-time students of the specialty 090301.65 "Computer security", training profile "Safety of automated systems". Tyumen, 2011, 13 p. The work program was drawn up in accordance with the requirements of the Federal State Educational Standard of the Higher Professional Education, taking into account the recommendations and the ProOP of the Higher Professional Education in the direction and profile of training. Approved by Vice-Rector for Academic Affairs of Tyumen State University Managing editor: A.A. Zakharov, head Department of Information Security, Doctor of Technical Sciences, prof. © GOU VPO Tyumen State University, 2011 © Kalinin A.S., 2011 Explanatory note Goals and objectives of the discipline The discipline "Fundamentals of Information Security" implements the requirements of the federal state educational standard of higher professional education in the direction of training 090301.65 "Computer Security". aim studying the discipline "Fundamentals of information security" is to familiarize students with the basics of information security. Information threats, their neutralization, issues of organizing measures to protect information resources, regulatory documents governing information activities, cryptography, and other issues related to ensuring the security of computer networks are studied. The tasks of the discipline are: Statement of the main provisions of the Doctrine of information security of the Russian Federation. To give knowledge of the basics of an integrated information security system; To give knowledge of the basics of organizational and legal support for information protection. Formation of the basis for further independent study of issues of ensuring computer and information security Thus, the discipline "Fundamentals of Information Security" is an integral part of professional training in the direction of training 090301 "Computer Security". Together with other disciplines of the cycle of professional disciplines, the study of this discipline is intended to form a specialist, and in particular, to develop such quality, as: rigor in judgment creative thinking, organization and performance discipline, independence and responsibility. 1.2. The place of discipline in the structure of the OOP: The discipline belongs to the cycle of Humanitarian, social and economic disciplines. The knowledge gained in the study of the discipline "Fundamentals of Information Security" is used in the study of disciplines Information security audit, Wireless Security Virtualization Security 1.3. Requirements for the results of mastering the discipline: The process of studying the discipline is aimed at the formation of the following competencies: General cultural competencies (OK): the ability to act in accordance with the Constitution of the Russian Federation, to fulfill their civil and professional duty, guided by the principles of legality and patriotism (OK-1); the ability to carry out their activities in various spheres of public life, taking into account the moral and legal norms accepted in society, to comply with the principles of professional ethics (OK-2); Professional competencies (PC): the ability to use the basic methods of protecting production personnel and the population from the possible consequences of accidents, catastrophes, natural disasters (PC-6); the ability to use programming languages and systems, tools for solving various professional, research and applied problems (PC-9); As a result of studying the discipline, the student must: Know: sources of information security threats; methods for assessing the vulnerability of information; methods of creation, organization and maintenance of the functioning of systems of complex information protection; methods of preventing the disclosure of confidential information; types and signs of computer crimes Be able to: search for the necessary regulatory legal acts and informational legal norms in the system of current legislation, including with the help of legal information systems; apply the current legal framework in the field of information security; develop draft regulations, instructions and other organizational and administrative documents regulating the work on information protection. The structure and complexity of the discipline. Table 1.
Thematic plan. Table 2.
Table 3 Types and forms of valuation tools during the current control period
Table 4 Planning for independent work of students
Sections of the discipline and interdisciplinary links with the provided (subsequent) disciplines Subjects of the discipline necessary for the study of the provided (subsequent) disciplines
Topic 1. Information threats. The concept of information threats. The concept of information. information wars. The main definitions of information, its values, information threats are studied. Information security threats R.F. Doctrine of information security. The issues of building an information structure in the Russian Federation, various problems arising in connection with this process, the participation of the Russian Federation in the international information exchange are considered. Types of opponents. Hackers. The socio-psychological portrait of the violator of information security, its capabilities and methods of action are being studied. Types of possible violations of the information system. General classification of information threats. IS violations are studied, a classification of IS threats is introduced, possible subjects and objects of access to IS, threats implemented at the level of a local (isolated) computer system are considered. Causes of computer network vulnerabilities. Topic 2. Computer viruses. Malicious programs are studied, the history of their development, responsibility for the creation and distribution, types, principles of operation of viruses, unmasking signs.Topic 3. Legal regulation of information protection (analysis of articles of the Criminal Code, other regulations). IS standards Normative documents regulating information activity in the Russian Federation and in the world. Information security standardsTopic 4. Organizational measures to ensure information security of computer systems. The role of the task and responsibilities of the security administrator, the definition of approaches to risk management, the structuring of countermeasures, the procedure for certification for compliance with information security standardsTopic 5. Data protection by cryptographic methods. Encryption methods and algorithms, cipher requirements, most common fontsTopic 6. Information security policy. Models of information protection in the CS Security policy and its main components, models of information protection in computer systems, technologies for protecting and delimiting access to information.Topic 7. Attacks on the ARP protocol, ICMP protocol, DNS protocol, TCP protocol, types of attacks.Seminars. Topic 1. Data protection by cryptographic methods. Encryption methods and algorithms. Writing the most common fonts. Topic 2. Information security policy. Information security models in CS Security policy and its main components, Information security models in computer systems, Technologies of protection and differentiation of access to information. Causes, types, channels of leakage and distortion of information Topic 3. Typical remote attacks using vulnerabilities in network protocols.
Educational and methodological support for students' independent work. Evaluation tools for current monitoring of progress, intermediate certification based on the results of mastering the discipline (module). Checking the quality of preparation during the semester involves the following types of intermediate control: a) conducting oral theoretical surveys (colloquia), one in each training module; b) preparation of a report by a student. c) carrying out control work on a theoretical course Current and intermediate control of development and assimilation of the material of the discipline is carried out within the framework of the rating (100-point) system of assessments. Approximate topics of reports:
Questions for offset
A combination of traditional types of educational activity is provided, such as taking notes of lectures and monitoring the assimilation of theoretical material in the form of colloquia, answers at seminars, preparing reports, conducting classroom tests, and interactive technologies, such as interviews, performing and discussing reports and calculations. The preparation and defense of reports by students on topics not included in the lecture plan allows students to expand their scientific horizons, improve their skills in working with educational and scientific domestic and foreign literature, develop language skills, improve mathematical preparation, strengthen interdisciplinary ties, improve programming skills, develop skills systematize and freely present material to the audience on a given topic 9. Literature 9.1. Main literature Rastorguev S.P. Fundamentals of information security: textbook. allowance for students. universities, education according to special "Computer security", "Integrated information security of automatic systems" and "Information security of telecom systems" / S. P. Rastorguev. -M.: Academy, 2007 .-192 p. Fundamentals of information security: textbook. allowance for students. universities / comp. E. B. Belov. -M.: Hotline - Telecom, 2006 .-544 s V.G. Olifer, N.A. Olifer Computer networks. Principles, technologies, protocols. - St. Petersburg: St. Petersburg, 2001. - 672 p. Yarochkin V.I. Information security.- M.: Academic project, 2003.-639 p. Galatenko V.A. Fundamentals of Information Security: A Course of Lectures. - M.: Internet University of Information Technologies, 2003. - 239 p. 9.2. additional literature Ufimtsev Yu.S. et al. Methodology of information security. - M .: Exam, 2004. - 543 p. INFORMATION SECURITY Topic 1. The concept ... Did not find an answer to your question? Look at here
| |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Two heads and six legs; four walk, and two lie still
Self-esteem - what is it: concept, structure, types and levels
Cassandra's Path, or Pasta Adventures War on Earth and Underground