Information Security for Economists 2400-ZEWW885
1. Lesson 1: Introduction to Information Security (1.5 hours)
a. Importance of information security in economics
b. Key concepts in information security
c. Information security challenges and threats
d. Exercise: Registering for TryHackMe and completing the "Introductory Networking" module
2. Lesson 2: Data Protection and Privacy (1.5 hours)
a. Data protection principles
b. Privacy regulations and compliance
c. Data classification and handling
d. Exercise: Exploring GDPR and data protection challenges on TryHackMe
3. Lesson 3: Risk Management in Information Security (1.5 hours)
a. Risk assessment and analysis
b. Risk mitigation strategies
c. Developing a risk management plan
d. Exercise: OverTheWire Bandit Levels 1-5 (introduction to basic Linux commands)
4. Lesson 4: ISO 27001: Overview and Benefits (1.5 hours)
a. Understanding ISO 27001
b. Benefits of implementing ISO 27001
c. ISO 27001 certification process
d. Exercise: Reviewing a sample ISO 27001 documentation package
5. Lesson 5: ISO 27001: Information Security Management System (ISMS) (1.5 hours)
a. ISMS framework and components
b. Developing an ISMS
c. Implementing and maintaining an ISMS
d. Exercise: Analyzing a case study on ISMS implementation
6. Lesson 6: Information Security Policies and Procedures (1.5 hours)
a. Developing and implementing security policies
b. Establishing procedures and guidelines
c. Monitoring and reviewing policies and procedures
d. Exercise: OWASP Juice Shop – exploring web application vulnerabilities and security best practices
7. Lesson 7: Access Control and Authentication (1.5 hours)
a. Principles of access control
b. Authentication methods
c. Implementing access control in an economic context
d. Exercise: Hack The Box – working on a free machine to practice access control and authentication concepts
8. Lesson 8: Data Encryption and Cryptography (1.5 hours)
a. Basics of cryptography
b. Encryption algorithms and techniques
c. Protecting sensitive economic data
d. Exercise: Root Me – completing a cryptography challenge
9. Lesson 9: Network Security (1.5 hours)
a. Fundamentals of network security
b. Securing wired and wireless networks
c. Protecting against network-based attacks
d. Exercise: TryHackMe – completing a network security module
10. Lesson 10: Endpoint Security (1.5 hours)
a. Endpoint security best practices
b. Securing devices and data
c. Managing and monitoring endpoint security
d. Exercise: CyberSecLabs – working on a free lab to practice endpoint security concepts
11. Lesson 11: Cloud students Security (1.5 hours)
a. Cloud security challenges and benefits
b. Securing data in the cloud
c. Selecting secure cloud service providers
d. Exercise: Analyzing cloud security case studies and discussing best practices
12. Lesson 12: Security Incident Management (1.5 hours)
a. Incident detection and response
b. Incident reporting and escalation
c. Post-incident analysis and improvement
d. Exercise: Role-playing a security incident response scenario
13. Lesson 13: Compliance and Auditing (1.5 hours)
a. Compliance with legislation and standards
b. Internal and external audits
c. Continual improvement in information security
d. Exercise: Preparing for a mock ISO 27001 audit
14. Lesson 14: Employee Awareness and Training (1.5 hours)
a. Developing security awareness programs
b. Training employees on security best practices
c. Reinforcing security culture in the workplace
d. Exercise: Designing a security awareness training program for an economic organization
15. Lesson 15: Course Review and Final Project (1.5 hours)
a. Review of course material and key takeaways
b. Final project: Developing an Information Security Plan for an economic organization, incorporating hands-on exercises completed throughout the course
c. Final thoughts and next steps for students
Type of course
Course coordinators
Learning outcomes
Course Objectives: By the end of this course, students will be able to:
• Understand the importance of information security in the field of economics
• Identify potential risks and vulnerabilities associated with economic data
• Develop and implement information security policies and procedures
• Ensure compliance with relevant legislation and standards, including ISO 27001
• Apply risk management principles to protect sensitive economic data
• Recognize and respond to information security incidents
Assessment criteria
Assessment in this course will be based on a combination of in-class participation (20%), completion of exercises and assignments (30%), and a final project which will involve the development of an Information Security Plan for an economic organization (50%). Students will be expected to apply the concepts and principles learned throughout the course to create a comprehensive and practical security plan, taking into account risk assessment, data protection, compliance with relevant legislation and standards (including ISO 27001), and employee awareness and training.
Bibliography
• Whitman, M. E., & Mattord, H. J. (2017). Principles of Information Security. Cengage Learning.
• Chapple, M., & Seidl, D. (2018). Information Security: Principles and Practices. Pearson IT Certification.
• Calder, A., & Watkins, S. (2019). An Introduction to Information Security and ISO 27001:2013: A Pocket Guide. IT Governance Publishing.
• TryHackMe (https://tryhackme.com/) TryHackMe is an online platform that provides a wide range of cybersecurity challenges and learning paths to help individuals improve their cybersecurity skills. The platform offers both free and paid content, with free access to several learning rooms and challenges.
• Hack The Box (https://www.hackthebox.eu/) Hack The Box is an online platform that provides a lab environment for individuals to test their penetration testing and ethical hacking skills. The platform offers several free machines to practice on, as well as paid access to more advanced machines and labs.
• OWASP Juice Shop (https://owasp.org/www-project-juice-shop/) OWASP Juice Shop is an intentionally vulnerable web application developed by the Open Web Application Security Project (OWASP). It provides a safe and legal environment for practicing web application security testing and learning about common vulnerabilities and attack techniques.
• OverTheWire (https://overthewire.org/wargames/) OverTheWire offers a series of wargames designed to help individuals improve their cybersecurity skills, ranging from basic Linux commands to advanced exploitation techniques. The wargames are free to play and provide a fun and challenging learning experience.
• CyberSecLabs (https://www.cyberseclabs.co.uk/) CyberSecLabs is a platform that offers hands-on labs for individuals to practice and develop their cybersecurity skills. Although some labs require a subscription, they provide several free labs for beginners to practice on.
• Root Me (https://www.root-me.org/) Root Me is a community-driven platform that offers a wide range of cybersecurity challenges, covering various topics such as web application security, network security, cryptography, and more. The platform is free to use and provides an engaging learning experience.
Additional information
Additional information (registration calendar, class conductors, localization and schedules of classes), might be available in the USOSweb system: