Learning outcomes

(mastered skills, acquired knowledge)

Formed general and professional competencies

Forms and methods of monitoring and assessing learning outcomes

The ability to classify protected information by type of secret and degree of confidentiality;

Ability to apply the basic rules and documents of the certification system of the Russian Federation;

Ability to classify the main threats to information security.

Knowledge of the essence and concept of information security, characteristics of its components;

Knowledge of the place of information security in the country’s national security system;

Knowledge of sources of information security threats and measures to prevent them;

Knowledge of the life cycles of confidential information in the process of its creation, processing, transmission;

Knowledge of modern means and methods of ensuring information security.

OK 1-OK 9

PC 1.9., PC 1.10.,

PC 2.6.

Expert assessment of student performance results when performing and defending results practical classes, testing, extracurricular independent work, other types of current control.

MINISTRY OF EDUCATION AND SCIENCE

RUSSIAN FEDERATION

Saratovsky State University name

Faculty of Computer Science and information technologies

I APPROVED

___________________________

"__" __________________20__

Work program of the discipline

Speciality

090301 Computer security

Specialization

Mathematical methods information protection

Graduate qualifications

Specialist

Form of study

Full-time

Saratov,

2012

1. Goals of mastering the discipline

C The goal of the discipline is to form the foundations of competence in ensuring the information security of the state.

Objectives of the discipline:

development of systems thinking in the field of ensuring information security of the state;

training in the methodology of creating information security systems, methods of assessing security and ensuring information security of computer systems;

the learner's mastery of the social role of an information security specialist.

2. The place of discipline in the structure of OOP

The competencies, knowledge, skills and readiness developed by students as a result of mastering this discipline are necessary for studying the following courses: “Protection in operating systems”, “Fundamentals of building secure computer networks”, “Fundamentals of building secure databases", "Protection of programs and data", "Software and hardware for ensuring information security", "Fundamentals of computer forensics", "Security models of computer systems".

3. Student competencies formed as a result of mastering the discipline

This discipline contributes to the formation of the following competencies:

ability to carry out its activities in various fields public life taking into account the moral and moral principles accepted in society legal norms, comply with the principles of professional ethics (OK-2);

the ability to logically correctly, reasonedly and clearly construct oral and written speech on Russian language, prepare and edit texts for professional purposes, publicly present your own and known scientific results, lead discussions (OK-7);

ability for written and oral business communication, reading and translation of texts on professional topics in one of the foreign languages(OK-8);

ability for logical and correct thinking, generalization, analysis, critical understanding of information, systematization, forecasting, setting research problems and choosing ways to solve them based on principles scientific knowledge(OK-9);

the ability to independently apply methods and means of cognition, training and self-control to acquire new knowledge and skills, including in new areas not directly related to the field of activity, develop social and professional competencies, change the type of one’s professional activity(OK-10);

the ability to identify the natural scientific essence of problems arising in the course of professional activity, and to apply the appropriate physical and mathematical apparatus for their formalization, analysis and working out a solution(PC-1);

the ability to use mathematics, including the use of computer technology, to solve professional problems (PC-2);

ability to understand the essence and significance of information in development modern society, apply the achievements of modern information technologies to search and process large volumes of information on the profile of activities in global computer systems, networks, library collections and other sources of information (PC-3)

ability to apply methodology scientific research in professional activities, including work on interdisciplinary and innovative projects(PC-4);

the ability to use regulatory and legal documents in one’s professional activities (PC-5);

the ability to take into account modern trends in the development of information science and computer technology, computer technologies in one’s professional activities (PC-7);

ability to work with application, system and special purpose(PC-8);

ability to use programming languages ​​and systems, tools to solve various professional, research and applied problems (PC-9);

the ability to formulate the result of research in the form of specific recommendations expressed in terms of the subject area of ​​the phenomenon being studied (PC-10);

ability to organize anti-virus protection of information when working with computer systems (PC-13);

ability to select, study and summarize scientific and technical information, regulatory and teaching materials on methods of ensuring information security of computer systems (PC-14);

ability to apply modern methods and research tools to ensure information security of computer systems (PC-15);

ability to conduct security analysis of computer systems using domestic and foreign standards in the field of computer security (PC-16);

ability to prepare scientific and technical reports, reviews, publications based on the results executed works(PC-17);

ability to develop mathematical models of security of protected computer systems (PC-18);

the ability to justify and select a rational decision on the level of security of a computer system, taking into account the specified requirements (PC-19);

ability to analyze and formalize assigned tasks in the field of computer security (PC-20);

ability to collect and analyze initial data for designing information security systems (PC-21);

ability to participate in development project documentation(PC-22);

ability to analyze design solutions to ensure the security of computer systems (PC-23);

ability to participate in the development of an enterprise (organization) information security system and a computer system information security subsystem (PC-24);

the ability to assess the degree of reliability of selected security mechanisms to solve a given task (PC-25);

the ability to participate in experimental research work during certification of an information security system, taking into account the requirements for the level of security of a computer system (PC-26);

ability to conduct experimental research computer systems to identify vulnerabilities (PC-27);

the ability to justify the correctness of the chosen model for solving a professional problem, to compare experimental data and theoretical solutions (PK-28);

the ability to assess the effectiveness of information security systems in computer systems (PC-29);

ability to develop proposals for improving the information security management system of a computer system (PC-32);

ability to develop draft normative and methodological materials regulating work to ensure information security of computer systems, as well as regulations, instructions and other organizational and administrative documents in the field of professional activity (PC-33);

ability to install, test software and software and hardware to ensure information security of computer systems (PC-34);

ability to take part in the operation of software and hardware and software to ensure information security of computer systems (PK-35);

ability to develop and compile instructions and user manuals for the operation of information security tools for computer systems and hardware and software for information security (PC-38).

ability to navigate modern and promising mathematical methods information security, assess the possibility and effectiveness of their use in specific information security tasks (PSK-2.1);

ability to build mathematical models to assess the security of computer systems and analyze components security systems using modern mathematical methods (PSK-2.2);

ability to develop computational algorithms that implement modern mathematical methods of information security (PSK-2.3);

the ability, based on the analysis of applied mathematical methods and algorithms, to evaluate the effectiveness of information security tools (PSK-2.5);

the ability to develop, analyze and justify the adequacy of mathematical models of processes that arise during the operation of software and hardware information security tools (PSK-2.6);

ability to conduct comparative analysis and make an informed choice of software and hardware for information security (PSK-2.7).

As a result of mastering the discipline, the student must:

Know:

means and methods for storing and transmitting authentication information;

mechanisms for implementing attacks in networks that implement Internet transport and network layer protocols;

basic protocols for identification and authentication of network subscribers;

means and methods for preventing and detecting intrusions;

the essence and concept of information, information security and characteristics of its components;

the place and role of information security in the national security system of the Russian Federation, the foundations of state information policy, the strategy for the development of the information society in Russia;

sources and classification of information security threats;

basic means and methods of ensuring information security, principles of constructing information security systems;

main types of access control policies and information flows in computer systems;

basic formal models of discretionary, mandatory, role-based access control, sandbox models and information security streams;

Be able to:

develop and maintain software taking into account the requirements for their security;

develop draft regulatory and organizational and administrative documents regulating the work on information protection;

formulate and configure the security policy of the main operating systems, as well as local computer networks built on their basis;

apply secure protocols, firewalls and intrusion detection tools to protect information on networks;

implement measures to counteract network security violations using various software and hardware protection tools;

analyze and assess threats to information facility security ;

determine the composition of the computer: type of processor and its parameters, type of memory modules and their characteristics, type of video card, composition and parameters of peripheral devices;

Own:

professional terminology in the field of information security;

skills in using technical and software testing tools to determine the health of a computer and evaluate its performance;

firewall configuration skills;

network traffic analysis techniques;

professional terminology in the field of information security.

4. Structure and content of the discipline

The total labor intensity of the discipline is 2 credit units, 72 hours.

Section 1 - “Theoretical foundations of information security.” Basic definitions. Information security threats, their classification. Disclosure, leakage, unauthorized access to information. Rules for working with computer storage media. Formal models of information security. Integrity control policy model. Clark-Wilson model. Identification and authentication. Types of password systems. Threats to the security of password systems. Attacks on password systems. Construction of password systems.

Section 2 - " Information security methods" Usage checksums and hashing to control integrity. Protection from destructive software influences. Algorithms for the operation of anti-virus programs. Hiding information. Steganography.

Section 3 - " Information security software" Protecting programs from being studied. Protection of programs from unauthorized use. Firewalls. Setting up virtual private networks.

Section 4 - " Hardware information security" Devices for secure storage of information. Electronic locks. Access control using software and hardware. Biometric protection. Using GBSH to prevent information leakage through technical channels.

5. Educational technologies

Featured educational technology: laboratory classes, interactive survey, heuristic conversation, dialogue, speeches by experts and specialists to students, meetings with representatives of leading domestic information security firms, introductory conversations with representatives of potential employers, excursion to the museum regional office FSB.

6. Educational and methodological support for students' independent work. Assessment tools for ongoing progress monitoring, intermediate certification based on the results of mastering the discipline.

7. Educational and methodological Information Support disciplines

a) basic literature:

1) Yurin and practical fundamentals of information security.

2012.

http://library. *****/uch_lit/620.pdf

b) additional literature:

1) Sorokin drivers and security systems [Text]: textbook. allowance / , . - St. Petersburg. ; M.: BHV-Petersburg: Publishing house. , 2003.

2) Sobolev fundamentals of technical means of ensuring information security [Text]: textbook. manual for university students studying in specialties 075500 "Comprehensive information security automated systems" and 075200 "Computer Security" / , . - M.: Gelios ARV, 2004.

3) Gaidamakin, access to information in computer systems [Text] /. - Ekaterinburg: Ural Publishing House. University, 2003.

4) Malyuk safety: conceptual and methodological basis information protection [Text]: textbook. allowance / . - M.: Hotline - Telecom, 2004.

5) Cort basics of information security [Text]: textbook. allowance / . - M.: Gelios ARV, 2004.

c) software and Internet resources

Etc software and hardware complex "Accord 2000/ NT";

- software and hardware complex “Sobol”;

- hardware and software system " Esmart Access Box";

- biometric protection " Eyes OptiMouse";

- software " CryptoPro";

- antivirus programs.

8. Material and technical support of the discipline

Lecture hall with the ability to demonstrate electronic presentations at a lighting level sufficient for working with notes. A computer class equipped with personal computers and the necessary software and hardware.

The program is compiled in accordance with the requirements of the Federal State Educational Standard for Higher Professional Education, taking into account the recommendations and the Sample OOP of Higher Professional Education in the specialty 090301 “Computer Security” and the specialization “Mathematical Methods of Information Security”.

Senior Lecturer

The program was approved at a department meeting theoretical foundations computer security and cryptography dated "___" __________2012, protocol No. ___

Head department

theoretical foundations

computer security and cryptography

Professor

Dean of the Faculty

computer science

and information technology

Non-state accredited non-profit private educational institution higher education

"Academy of Marketing and Social Information Technologies - IMSIT"

Krasnodar city

Faculty of Secondary Vocational Education

I APPROVED

Chairman of the NMS, Vice-Rector

for academic work, professor

N.N. Pavelko17.04.2017

OP.06 “Fundamentals of information security”

The program was developed on the basis of the main professional educational program of secondary vocational education for the training of mid-level specialists, developed on the basis of the Federal State Educational Standard for specialty 10.02.01

Developer: V.V. Alferova, teacher of FSF, IMSIT Academy

_____________ (signature)

Reviewers:

_____________________________________

____________________________________________________________________

_______________________________

(signature)

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

_______________________________

(signature)

____________________________________________________________________

____________________________________________________________________

____________________________________________________________________

_______________________________

(signature)

1 Passport of the academic discipline program

3.3 Guidelines for students on mastering the academic discipline

The work program of the academic discipline was developed on the basis of the Federal State Educational Standard for Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805.

Guidelines in the discipline, the fundamentals of information security are developed on the basis of the Federal State Educational Standard of Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include methodological instructions for performing practical exercises and independent work. Guidelines were reviewed and approved̆ commissions ̆ technical profile.

3.4 Guidelines for laboratory exercises

There are no laboratory classes provided.

3.5 Methodological instructions for practical exercises

Guidelines for practical training in the discipline information and communication systems and networks were developed on the basis of the Federal State Educational Standard for Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include the material necessary for performing practical exercises, requirements for preparing a report on practical exercises, and sample report formatting. The guidelines were reviewed and approved by the Subject Cycle Technical Commission.

3.6 Guidelines for course design and other types of independent work

Guidelines for independent work of students in the discipline information and communication systems and networks were developed on the basis of the Federal State Educational Standard for Secondary Vocational Education, specialty 10.02.01 "Organization and technology of information security", approved by order of the Ministry of Education and Science of the Russian Federation dated July 28, 2014 No. 805. The instructions include the material required̆ to perform independent work, requirements for preparing a report on independent work. The guidelines were reviewed and approved by the Subject Cycle Technical Commission.

Course design is not provided

3.7 Software of modern information and communication technologies

Teaching and training students involves the use of standard software for a personal computer:

Name of technical and computer training tools

operating system Microsoft WindowsXP, 7

Officeplastic bagMicrosoft Office Professional

System ConsultantPlus

Browser for searching information on the discipline on the global INTERNET: MOZILLA FIREFOX, GOOGLE CHROME, OPERA,

INTERNET EXPLORER

3.8 Conditions for the implementation of the program for disabled students and persons with limited health capabilities

The specificity of the received orientation (profile) of the educational program implies the possibility of training the following categories of disabled people and persons with disabilities disabilities health:

with limited motor functions;

with hearing impairment.

Organization educational process provides the possibility of unimpeded access for students with disabilities and (or) disabled people to classrooms and other premises; there are ramps for this purpose, handrails, elevators and widened doorways.

In classrooms and laboratories it is possible to equip places for disabled students with various types health disorders, including the musculoskeletal system and hearing. The illumination of classrooms is established in accordance with the provisions of SNiP 23-05-95 “Natural and artificial lighting”. All items needed for educational process, are located in the zone of maximum reach of outstretched arms.

The premises provide training spaces for people with disabilities and people with cardiovascular diseases, they are equipped with sun-protection devices (blinds), and they have a climate control system.

If necessary, individual curricula and individual schedules are developed for disabled people and persons with limited health capabilities, studentsprovided by printed and electronic educational resources in forms adapted to their health limitations.

4 Characteristics of the main types of activities of students

Be able to:

Consider an example of an object-oriented approach to information security.

Review of the legislative level of information security and why it is important, review of Russian legislation in the field of information security, the law "On Information, Informatization and Information Protection", other laws and regulations, review of foreign legislation in the field of information security.

Know:

List of topics:

The concept of component, class, family.

What is the legislative level of information security and why is it important?.

Review of Russian legislation in the field of information security.

Other laws and regulations.

Review of foreign legislation in the field of information security.

PC 3.1. Apply software, hardware and technical means of information security at professional sites

Be able to:

Develop architectures for the security model of information systems and networks.

Subjects of laboratory/practical work:

Shielding.

Privacy concept.

Architectural aspects.

Know:

Basic software and hardware measures.

Basic concepts of software and hardware level of information security.

List of topics:

Basic concepts.

Security policy.

Security program.

Basic concepts of software and hardware level of information security.

Security services, security analysis, ensuring fault tolerance, ensuring safe recovery.

Basic concepts of registration information.

Active audit.

Encryption.

Integrity control.

Digital certificates.

PC 3.2. Participate in the operation of systems and means of protecting information of protected objects

Be able to:

Develop an architecture for a security model of information systems and networks.

Subjects of laboratory/practical work:

Basic concepts, security mechanisms, security classes, information security of distributed systems, X.800 recommendations,

Preparatory stages of risk management, main stages of risk management, creating a map of the organization's information system.

Know:

Management of risks.

List of topics:

Security mechanisms.

Security classes.

Information security of distributed systems. X.800 Recommendations.

Security management.

Basic concepts and preparatory stages risk management.

Basic concepts, imposing technical restrictions, managing password expiration.

PC 3.3. Record failures in the operation of protective equipment

Be able to:

Organize physical protection of information.

Develop a work restoration plan.

Will restrict access.

Subjects of laboratory/practical work:

One-time passwords, Kerberos authentication server. Identification/authentication using biometrics.

Access control in the Java environment.

Know:

Main classes of procedural level measures.

List of topics:

Personnel Management.

Physical protection.

Planning of restoration work.

PC 3.4. Identify and analyze possible threats to the information security of objects

Be able to:

Identifies and analyzes threats to information security.

Subjects of laboratory/practical work:

The concept of mobile agents, viruses, worms with static and dynamic integrity.

Tunneling, management, multi-level manager/agent architecture, performance monitoring.

Know:

List of topics:

Some examples of accessibility threats.

5 Monitoring and evaluation of the results of mastering the discipline

Monitoring and evaluation of the results of mastering the discipline is carried out by the teacher in the process of conducting practical classes, testing, as well as students completing individual assignments, projects, and research.

(mastered skills, acquired knowledge)

Forms and methods of monitoring and assessing learning outcomes

As a result of mastering the discipline, the student should be able to:

Forms of training control:

classify protected information by type of secret and degree of confidentiality, apply the basic rules and documents of the certification system of the Russian Federation, classify the main threats to information security.

As a result of mastering the discipline, the student should know:

the essence and concept of information security, characteristics of its components, the place of information security in the country's national security system, sources of threats to information security and measures to prevent them, modern means and methods of ensuring information security

oral questioning, written testing; independent work, practical tasks, activity in class

Questions for self-control

Law of the Russian Federation "On legal protection computer programs and databases"

Basic Concepts

Law of the Russian Federation "On the legal protection of programs...".Relations regulated by Law

Law of the Russian Federation "On the legal protection of programs...".Object of legal protection

Law of the Russian Federation "On the legal protection of programs...".Conditions for recognizing copyright

Law of the Russian Federation "On the legal protection of programs...".Database copyright

Law of the Russian Federation "On the legal protection of programs...".Duration of copyright

Law of the Russian Federation "On the legal protection of programs...".Authorship

Law of the Russian Federation "On the legal protection of programs...".Personal rights

Law of the Russian Federation "On the legal protection of programs...".Exclusive right

Law of the Russian Federation "On the legal protection of programs...".Transfer of exclusive right

Law of the Russian Federation "On the legal protection of programs...".Ownership of the exclusive right to the program

Law of the Russian Federation "On the legal protection of programs...".Right to registration

Law of the Russian Federation "On the legal protection of programs...".Using the program

Law of the Russian Federation "On the legal protection of programs...".Free reproduction and adaptation of the program

Law of the Russian Federation "On the legal protection of programs...".Counterfeit copies of the program

Law of the Russian Federation "On the legal protection of programs...".Protecting rights to the program

The life cycle of a program instance and the “total cost of ownership.

Monopolization of services

Questions for testing

The concept of information security. Main components.

Extending the object-oriented approach to information security.

Basic definitions and criteria for classifying threats.

Legislative level of information security.

Malicious software.

Law "On Information, Informatization and Information Protection".

The concept of information security. Main components. The importance of the problem.

The most common threats.

Standards and specifications in the field of information security.

Administrative level of information security.

Management of risks.

Procedural level of information security.

Basic software and hardware measures.

Identification and authentication, access control.

Modeling and auditing, encryption, integrity control.

Shielding, security analysis.

Tunneling and management.

The concept of national security.

Types of security of the individual, society and state.

The role of information security in ensuring the national security of the state.

Ensuring information security in normal and emergency situations.

Basic legal and regulatory acts in the field of information security.

The concept of a class, component.

Structured programming, decompositions, structural approach.The main tool for dealing with complexity in the object-oriented approach.

Concept mobile agents, viruses, worms" static and dynamic integrity.

Security mechanisms, security classes, information security of distributed systems.

Programming for business

The importance of the problem.

Computer technology in business

Business in programming

Program as a product

Offshore programming. Advantages and disadvantages

Licensed software products. Basic rules of use

Obtaining a certificate from an authorized representative (Certification Authority). Class 2 and 3 certification Contents of the copyright (license) agreement. License fees

"Wrap" licenses

Free software

Life cycle of a program instance and its “total cost of ownership”

Free and proprietary commercial software models

Proprietary software

Proprietary software. Monopolization of services

Saving opportunities through software freedom

The state as the copyright holder of free software

Security management.

Standard ISO/IEC 15408 "Criteria for assessing the security of information technology.

Harmonized criteria European countries, an interpretation of the Orange Book for network configurations.

Guiding documents of the State Technical Commission of Russia.

Security programroles and responsibilities, continuity of protection.

Synchronizing the security program with the life cycle of systems.

Preparatory stages of risk management.

Main stages of risk management.

Creaturesinformation system cardsorganizations.

Threat identification,gradeprobabilities.

Personnel management, physical protection, restoration planning.

Basic concepts of software and hardware level of information security.

Security analysis,securityfault tolerance.

Identification and authentication.

Imposing technical restrictions, managing password expiration dates.

One-time passwords, Kerberos authentication server.

Access control rules.

Recording and auditing. Basic concepts of registration information Active audit.

Functional components and architecture.

Encryption.

Integrity control.

Digital certificates.

Shielding.

Privacy concept.

Architectural aspects.

Security analysis.

Tunneling.

Layered architecture manager/agent.

Performance monitoring.

6 Additions and changes to the work program

WAS

BECAME

Base:

Signature of the person making the change

RUSSIAN FEDERATION

STATE EDUCATIONAL INSTITUTION

HIGHER PROFESSIONAL EDUCATION

"APPROVED"

Vice Rector for Academic Affairs

_______________/ L.M. Volosnikova

"___" _______________ 2011

Training and metodology complex.

Work program for full-time students
specialty 090301.65 “Computer security”,

training profile “Security of automated systems”

" " ____________ 2011

Considered at a meeting of the Information Security Department on April 20, 2011, protocol No. 8.

Meets the requirements for content, structure and design.

Volume __ pages

Head department __________________________________________/A.A. Zakharov/

" " ____________ 2011

Considered at a meeting of the educational committee of the Institute of Mathematics, natural sciences and information technologies 05/15/2011, protocol No. 2.

Corresponds to the Federal State Educational Standard for Higher Professional Education and the curriculum of the educational program.

"AGREED":

Chairman of the Educational Committee _____________________________________/ I.N. Deaf/

" "___________ 2011

"AGREED":

Head methodological department of UMU ______________________________/S.A. Fedorova/

"_____" _______________ 2011

RUSSIAN FEDERATION

MINISTRY OF EDUCATION AND SCIENCE

State educational institution

higher professional education

TYUMEN STATE UNIVERSITY

Institute of Mathematics, Natural Sciences and Information Technologies

Department of Information Security

KALININ A.S.

Information Security Basics

Training and metodology complex.

Work program for full-time students,

specialty training profile: “Security of automated systems”

Tyumen State University

A.S. Kalinin. Fundamentals of information security.

Training and metodology complex. Work program for full-time students of the specialty 090301.65 “Computer security”, training profile “Security of automated systems”. Tyumen, 2011, 13 pages.

The work program is drawn up in accordance with the requirements of the Federal State Educational Standard for Higher Professional Education, taking into account the recommendations and ProOOP of Higher Professional Education in the direction and profile of training.

Approved by the Vice-Rector for Academic Affairs of Tyumen State University

Responsible editor: A.A. Zakharov, head Department of Information Security, Doctor of Technical Sciences, Prof.

© State Educational Institution of Higher Professional Education Tyumen State University, 2011

© Kalinin A.S., 2011

Explanatory note

Goals and objectives of the discipline

The discipline "Fundamentals of Information Security" implements the requirements of the federal state educational standard of higher professional education in the field of training 090301.65 "Computer Security".

Purpose studying the discipline “Fundamentals of Information Security” is to familiarize students with the basics of information security. Information threats, their neutralization, issues of organizing measures to protect information resources, regulatory documents regulating information activities, cryptography, and other issues related to ensuring the security of computer networks are studied.

The objectives of the discipline are:

Outline of the main provisions of the Information Security Doctrine of the Russian Federation.

Provide knowledge of the basics of a comprehensive information security system;

Provide knowledge of the basics of organizational and legal support for information security.

Forming the basis for further self-study issues of computer and information security

Thus, the discipline "Fundamentals of Information Security" is an integral integral part professional training in the direction of training 090301 “Computer security”. Together with other disciplines in the cycle of professional disciplines, the study of this discipline is intended to form a specialist, and in particular, to develop in him such quality, How:

rigor in judgment,

creative thinking,

organization and efficiency,

discipline,

independence and responsibility.

1.2. Place of discipline in the structure of OOP:

The discipline belongs to the cycle of Humanitarian, Social and

economic disciplines.

The knowledge gained in studying the discipline "Fundamentals of Information Security" is used in the study of disciplines

Information security audit,

Wireless Communications Security

Virtualization Security

1.3. Requirements for the results of mastering the discipline:

The process of studying the discipline is aimed at developing the following competencies:

General cultural competencies (GC):

the ability to act in accordance with the Constitution of the Russian Federation, to fulfill one’s civic and professional duty, guided by the principles of legality and patriotism (OK-1);

the ability to carry out their activities in various spheres of public life, taking into account the moral and legal norms accepted in society, to comply with the principles of professional ethics (OK-2);

Professional competencies (PC):

ability to use basic methods to protect production personnel and the public from possible consequences accidents, catastrophes, natural disasters (PC-6);

the ability to use programming languages ​​and systems, tools to solve various professional, research and applied problems (PC-9);

As a result of studying the discipline, the student must:

Know:

sources of information security threats;

methods for assessing information vulnerability;

methods of creating, organizing and ensuring the functioning of integrated information security systems;

methods of suppressing the disclosure of confidential information;

types and signs of computer crimes

Be able to:

find the necessary regulatory legal acts and information legal norms in the system of current legislation, including with the help of legal information systems;

apply the current legislative framework in the field of information security;

develop draft regulations, instructions and other organizational and administrative documents regulating work on information protection.

Structure and labor intensity of the discipline.

Table 1.

Thematic plan.

Table 2.

Table 3.

Types and forms of assessment tools during the period of current control

Table 4.

Planning students' independent work

Sections of the discipline and interdisciplinary connections with the provided (subsequent) disciplines

Topics of the discipline necessary for studying the provided (subsequent) disciplines

Topic 1. Information threats. The concept of information threats. Concept of information. Information wars. The basic definitions of information, its value, and information threats are studied. Information threats to the security of R.F. Information security doctrine. The issues of building an information structure in the Russian Federation are considered, various problems arising in connection with this process, the participation of the Russian Federation in international information exchange. Types of opponents. Hackers. The socio-psychological portrait of an information security violator, his capabilities and methods of action are studied. Types of possible violations of the information system. General classification information threats. Disturbances in the operation of information systems are studied, a classification of threats to information systems is introduced, possible subjects and objects of access to information systems, and threats implemented at the level of a local (isolated) computer system are considered. Causes of computer network vulnerabilities.

Topic 2. Computer viruses. Malicious programs, the history of their development, responsibility for their creation and distribution, types, principles of operation of viruses, and unmasking signs are studied.

Topic 3. Legal regulation of information protection (analysis of articles of the Criminal Code, other regulations). Information security standards Regulatory documents regulating information activities in the Russian Federation and the world. Information Security Standards

Topic 4. Organizational measures to ensure information security of computer systems. The role of the tasks and responsibilities of the security administrator, the definition of approaches to risk management, the structuring of countermeasures, the procedure for certification for compliance with information security standards

Topic 5. Data protection using cryptographic methods. Encryption methods and algorithms, cipher requirements, most common fonts

Topic 6. Information security policy. Models of information protection in the CS Security policy and its main components, models of information protection in computer systems, technologies for protecting and restricting access to information.

Topic 7. Attacks on the ARP protocol, ICMP protocol, DNS protocol, TCP protocol, types of attacks.

Seminar classes.

Topic 1. Data protection using cryptographic methods.

 Encryption methods and algorithms.

Writing the most common fonts.

Topic 2. Information security policy.

 Models of information security in CS

 Security policy and its main components,

 Models of information security in computer systems,

 Technologies for protecting and restricting access to information.

 Reasons, types, channels of information leakage and distortion

Topic 3. Typical remote attacks using network protocol vulnerabilities.

• Remote attacks on the ARP protocol,

• Remote attacks on ICMP – protocol,

• Remote attacks on DNS protocol,

• Remote attacks on TCP protocol.

Educational and methodological support for students' independent work. Assessment tools for ongoing monitoring of progress, interim certification based on the results of mastering the discipline (module).

Checking the quality of preparation during the semester involves the following types of intermediate control:

a) conducting oral theoretical surveys (colloquia) one in each training module;

b) preparation of a report by the student.

c) conducting a test on a theoretical course

Current and intermediate control of mastering and mastering the discipline material is carried out within the framework of a rating (100-point) grading system.

Sample topics of reports:

2. Definition of information security policy (Definition of the governing documents and standards used. Determination of approaches to risk management).

3. Determining the boundaries of information security management (Description of the existing structure of the AS. Placement of equipment and supporting infrastructure)

8. Typical remote attacks using network protocol vulnerabilities. Classification of remote attacks.

Questions for testing

1. The concept of information threats.

2. Information wars.

3. Information threats to the security of the Russian Federation. Doctrine of information security of the Russian Federation.

4. Types of opponents. Hackers.

5. Computer viruses. Story. Definition according to the Criminal Code of the Russian Federation.

6. Types, principles of action of viruses, unmasking signs.

7. Types of possible violations of the information system. General classification of information threats.

8. Threats to computer security resources. Threats implemented at the level of the local computer system. Human factor.

9. Threats to computer information implemented at the hardware level.

10. Remote attacks on computer systems. Causes of computer network vulnerabilities.

11. Legal regulation of information protection.

12. Role, tasks and responsibilities of the CS security administrator.

13. Data protection using cryptographic methods. Encryption methods.

14. Data protection using cryptographic methods. Encryption algorithms.

15. Requirements for ciphers. Comparison of DES and GOST 28147-89

16. Typical remote attacks using network protocol vulnerabilities. Classification of remote attacks.

17. Security policy and its components.

18. Models of information security in CS.

19. Technologies of protection and access control.

20. Information security standards.

1. Educational technology

A combination of traditional types of educational activities is provided, such as taking notes of lectures and monitoring the assimilation of theoretical material in the form of colloquia, answers at seminars, preparing reports, conducting classroom tests, and interactive technologies, such as interviews, execution and discussion of reports and calculation work.

Students’ preparation and defense of reports on topics not included in the lecture plan allows students to expand their scientific horizons, improve their skills in working with educational and scientific domestic and foreign literature, develop language skills, improve mathematical preparation, strengthen interdisciplinary connections, improve programming skills, develop the ability to systematize and freely present material on a given topic to an audience

9. Literature

9.1. Main literature

Rastorguev S.P. Fundamentals of information security: textbook. aid for students universities, educational according to special "Computer security", "Comprehensive provision of information security of automatic systems" and "Information security of telecommunication systems" / S. P. Rastorguev. -M.: Academy, 2007 .-192 p.

Fundamentals of information security: textbook. aid for students universities / comp. E. B. Belov. -M.: Hotline - Telecom, 2006 .-544 p.

V.G. Olifer, N.A. Olifer Computer networks. Principles, technologies, protocols. - St. Petersburg: Peter, 2001. - 672 p.

Yarochkin V.I. Information security.- M.: Academic project, 2003.-639 p.

Galatenko V.A. Fundamentals of information security: Course of lectures. - M.: Internet University Information technologies, 2003. – 239 p.

9.2. additional literature

Ufimtsev Yu.S. and others. Methodology of information security. – M.: Exam, 2004.- 543 p.

information security Topic 1. Concept...