Accesibility Adjustments

Choose the right accessibility profile for you
OFF ON
Highlight Links Highlights all the links on the site!
OFF ON
Pause Animations Animations will be paused on the site!
OFF ON
Dyslexia Font Dyslexia Font will be applied on the site!
OFF ON
Hide Images All images will be hidden on the site!
Choose the right accessibility profile for you
Adjust Font Sizing
Default
High Saturation
High Contrast
Light Contrast
Dark Contrast
Adjust Letter Spacing
Default
Adjust Line Height
Default
Speak Mode
Align Center
Align Left
Align Right

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / INTRODUCTION TO INFORMATION SECURITY

Course:INTRODUCTION TO INFORMATION SECURITY/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39161Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites
Aims
Learning outcomes
Lecturer / Teaching assistant
Methodology
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lectures
I week exercises
II week lectures
II week exercises
III week lectures
III week exercises
IV week lectures
IV week exercises
V week lectures
V week exercises
VI week lectures
VI week exercises
VII week lectures
VII week exercises
VIII week lectures
VIII week exercises
IX week lectures
IX week exercises
X week lectures
X week exercises
XI week lectures
XI week exercises
XII week lectures
XII week exercises
XIII week lectures
XIII week exercises
XIV week lectures
XIV week exercises
XV week lectures
XV week exercises
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations
Consultations
Literature
Examination methods
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / COMMUNICATIONS SECURITY AND PROTOCOLS

Course:COMMUNICATIONS SECURITY AND PROTOCOLS/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39181Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims Students are introduced to basic communications security aspects, i.e. protection of modern communication systems, existing standards and recommendations in this area. Security challenges of wireless and wired communication systems, ways of monitoring and detection of attacks, security architectures, protocols and solutions from the physical layer to the application layer are elaborated in detail. Basic security challenges in cellular networks are studied, especially for the fourth, fifth and subsequent generations. Basic aspects of security in sensor networks, IoT systems, industrial and machine-type communications, as well as common attacks and techniques to reduce their security risks are also discussed.
Learning outcomes Understanding the basic principles of functioning and security problems of modern communication systems. Understanding the way to protect communications, especially the latest techniques at the physical layer, but also at other layers of the OSI reference model. Understanding the principles of functioning, security systems, and protection of cellular communication systems, especially fifth and next generation systems. Principles of protection of different types of IoT systems, IEEE 802.11-WiFi systems, as well as protection of industrial and machine-type communications.
Lecturer / Teaching assistantAsst. Prof. Uglješa Urošević
MethodologyLectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesFundamental principles of modern communication systems
I week exercises
II week lecturesFundamental security problems of communication systems
II week exercises
III week lecturesProtection of communications at the physical layer of the OSI reference model
III week exercises
IV week lecturesProtection of communications at the physical layer of the OSI reference model
IV week exercises
V week lecturesProtection of communications at the physical layer of the OSI reference model
V week exercises
VI week lecturesProtection of communications at the link layer of the OSI reference model
VI week exercises
VII week lecturesProtection of communications at the network layer of the OSI reference model
VII week exercises
VIII week lecturesProtection of communications at other levels of the OSI reference mode
VIII week exercises
IX week lecturesFundamental principles of cellular communication systems
IX week exercises
X week lecturesSecurity problems of cellular communication systems - from the second to the fourth generation
X week exercises
XI week lecturesSecurity problems of cellular communication systems - fifth and subsequent generations
XI week exercises
XII week lecturesProtection of IoT systems, massive IoT systems, critical IoT systems
XII week exercises
XIII week lecturesIEEE 802.11-WiFi system protection
XIII week exercises
XIV week lecturesProtection of industrial and machine-type communications.
XIV week exercises
XV week lecturesProtection of industrial and machine-type communications.
XV week exercises
Student workloadWeekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work)
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Students are required to attend classes and complete exams.
Consultations
Literature- H. Arslan, H. M. Furqan - Physical Layer Security for Wireless Sensing and Communication- The Institution of Engineering and Technology (2023) - S. Pramanik, D. Samanta, M. Vinay, A. Guha - Cyber Security and Network Security-Wiley- Scrivener (2022) - R. Tafazolli, C. Wang, P. Chatzimisios, M. Liyanage - The Wiley 5G REF_ Security-Wiley (2021) - X. Hei - Security, Data Analytics, and Energy-Aware Solutions in the IoT-Engineering Science Reference (2021)
Examination methods- Test (50 points) - Exam (50 points)
Special remarksNone
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / DIGITAL DATA PROTECTION

Course:DIGITAL DATA PROTECTION/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39182Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites
Aims
Learning outcomes
Lecturer / Teaching assistant
Methodology
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lectures
I week exercises
II week lectures
II week exercises
III week lectures
III week exercises
IV week lectures
IV week exercises
V week lectures
V week exercises
VI week lectures
VI week exercises
VII week lectures
VII week exercises
VIII week lectures
VIII week exercises
IX week lectures
IX week exercises
X week lectures
X week exercises
XI week lectures
XI week exercises
XII week lectures
XII week exercises
XIII week lectures
XIII week exercises
XIV week lectures
XIV week exercises
XV week lectures
XV week exercises
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations
Consultations
Literature
Examination methods
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / CRYPTOGRAPHY

Course:CRYPTOGRAPHY/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39183Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims The goal of the course is to familiarize students with the basics of classic cryptography such as symmetric cryptography systems, as well as with basic cryptanalytic techniques. In the second part of the course we will mainly deal with asymmetric (public key) systems, factorization techniques, elliptic cryptography, and digital signature. Certain chapters from number theory are included as an integral part of this course in order to fully understand specific theoretical units.
Learning outcomes After the student passes this exam, he/she will be able to: - Describe the purpose of cryptography and list ways it is used in data communications. - Describe the following terms: cipher, cryptanalysis, cryptographic algorithm, and cryptology, and describe basic methods (ciphers) for transforming plaintext in cipher-text. - Explain how public key infrastructure supports digital signing and encryption and discuss the limitations and vulnerabilities - Describe which cryptographic protocols, tools and techniques are appropriate for a given situation. - Explain the goals of end-to-end data security.
Lecturer / Teaching assistantprof. dr Vladimir Božović
MethodologyLectures, exercises, consultations, independent work.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction to cryptography. Historical overview. Simple substitution cipher. Introduction to cryptanalysis.
I week exercisesIntroduction to cryptography. Historical overview. Simple substitution cipher. Introduction to cryptanalysis.
II week lecturesEncryption/decryption, sender authentication, data integrity, non-repudiation.
II week exercises Encryption/decryption, sender authentication, data integrity, non-repudiation.
III week lecturesAttack classification (cipher text-only, known plaintext, chosen plaintext, chosen cipher text).
III week exercisesAttack classification (cipher text-only, known plaintext, chosen plaintext, chosen cipher text).
IV week lecturesSecret key (symmetric), cryptography and public-key (asymmetric) cryptography.
IV week exercisesSecret key (symmetric), cryptography and public-key (asymmetric) cryptography.
V week lecturesMathematical background: Modular arithmetic, Primitive roots, discrete log problem, Primality testing, factoring large integers.
V week exercisesMathematical background: Modular arithmetic, Primitive roots, discrete log problem, Primality testing, factoring large integers.
VI week lecturesMathematical background: Fermat, Euler theorems.
VI week exercisesMathematical background: Fermat, Euler theorems.
VII week lecturesMathematical background: Elliptic curves, lattices and hard lattice problems, Abstract algebra, finite fields, and Information theory.
VII week exercisesMathematical background: Elliptic curves, lattices and hard lattice problems, Abstract algebra, finite fields, and Information theory.
VIII week lecturesInformation-theoretic security: one-time pad, Shannon Theorem, Computational security.
VIII week exercisesInformation-theoretic security: one-time pad, Shannon Theorem, Computational security.
IX week lecturesAdvanced concepts: Zero-knowledge proofs, Secret sharing, Commitment, Oblivious transfer, Secure multiparty computation.
IX week exercisesAdvanced concepts: Zero-knowledge proofs, Secret sharing, Commitment, Oblivious transfer, Secure multiparty computation.
X week lecturesAdvanced recent developments: fully homomorphic encryption, obfuscation, quantum cryptography, and KLJN scheme.
X week exercisesAdvanced recent developments: fully homomorphic encryption, obfuscation, quantum cryptography, and KLJN scheme.
XI week lecturesHistorical ciphers, Shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, and Hill cipher, Enigma machine, and others.
XI week exercisesHistorical ciphers, Shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, and Hill cipher, Enigma machine, and others.
XII week lecturesSymmetric (private key) ciphers. B block ciphers and stream ciphers (pseudo-random permutations, pseudo-random generators), Feistel networks, Data Encryption Standard (DES).
XII week exercisesSymmetric (private key) ciphers. B block ciphers and stream ciphers (pseudo-random permutations, pseudo-random generators), Feistel networks, Data Encryption Standard (DES).
XIII week lecturesSymmetric (private key) ciphers. Advanced Encryption Standard (AES), Modes of operation for block ciphers, Differential attack, linear attack, and Stream ciphers, linear feedback shift registers, RC4.
XIII week exercisesSymmetric (private key) ciphers. Advanced Encryption Standard (AES), Modes of operation for block ciphers, Differential attack, linear attack, and Stream ciphers, linear feedback shift registers, RC4.
XIV week lecturesAsymmetric (public-key) ciphers, Theoretical concepts (Computational complexity, one-way trapdoor functions), Naive RSA, Weakness of Naive RSA, padded RSA.
XIV week exercisesAsymmetric (public-key) ciphers, Theoretical concepts (Computational complexity, one-way trapdoor functions), Naive RSA, Weakness of Naive RSA, padded RSA.
XV week lecturesAsymmetric (public-key) ciphers, Diffie-Hellman protocol, El Gamal cipher, Other public-key ciphers, including Goldwasser-Micali, Rabin, Paillier, McEliece, and Elliptic curves ciphers
XV week exercisesAsymmetric (public-key) ciphers, Diffie-Hellman protocol, El Gamal cipher, Other public-key ciphers, including Goldwasser-Micali, Rabin, Paillier, McEliece, and Elliptic curves ciphers
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Responsibility of students during the semester: If the student is not able to take the exam in the defined terms, and there are no serious health reasons (substantiated documentation) reasons, he does not have the right to take the exam in a special term. If the student takes the corrective colloquium, then the result obtained on it will be taken as final for that part of the exam. A student who scored less than 20 points in colloquiums does not have the right to defend the project assignment. Class attendance is preferred but not mandatory.
ConsultationsAs agreed with the lecturer.
Literature1. An Introduction to Mathematical Cryptography, Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman, 2008, ISBN: 978-0-387-77993-5. 2. A Course in Number Theory and Cryptography, Neal Koblitz, 1994, ISBN: 0-387-94293-9.
Examination methods- 2 tests (30 points each) - Project assignment (work in groups) (30 points) - Special commitment and effort during class, as well as exceptional solutions to individual tasks, are valued up to 10 points.
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / CYBERCRIME

Course:CYBERCRIME/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39184Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites None.
Aims Learning outcomes: After successful completion of this course, the student will be able to: - demonstrate a comprehensive understanding of ICTs methods used to undertake criminal activities; - independently identifies emerging forms of computer crime; - systematically explain and apply the legislative provisions that regulate the offences covered in the module; - demonstrate a critical understanding of the regulatory and institutional challenges in the prosecution of criminal offenses in cyberspace; - understand the difference in the legal treatment of electronic and traditional forms of evidence; - critically evaluate the standards and good practices in the field of early detection, suppression and prevention of high-tech crime; - understand the mechanisms of transnational cybercrime and organized criminal networks.
Learning outcomes
Lecturer / Teaching assistantProf. Stefan Sütterlin, PhD, Prof. Thom Brooks, PhD, Andreja Mihailovic, PhD.
MethodologyThe course is conducted through a combination of lectures, exercises, and consultations, supported by independent student work. Teaching methods include theoretical instruction, practical application, and interactive discussions to ensure comprehensive understanding.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesPresentation of the teaching and learning methods, requirements for students, assignments and assessment methods.
I week exercises
II week lecturesThe theoretical foundation and characteristics of cybercrime.
II week exercises
III week lecturesThe evolution and emerging forms of cybercrime offenses.
III week exercises
IV week lecturesNational strategic and legal framework of computer crime.
IV week exercises
V week lecturesIllegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offenses related to child pornography, and offenses related to copyright rights
V week exercises
VI week lecturesInternational law role in securing suberspace. The Cyberthreat Landscape within the world of internet governance
VI week exercises
VII week lecturesBudapest Convention on Cybercrime ETS no. 185. I Additional Protocol to the Convention on Cybercrime, Concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed through Computer Systems. II Second Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence MS No.9/2022)
VII week exercises
VIII week lecturesTypology and main characteristics of cybercrime perpetrators
VIII week exercises
IX week lecturesCyberdefence, Cyberterrorism, Cyberweapons and Cyber warfare considerations.
IX week exercises
X week lecturesIntellectual property rights infringement in cyberspace.
X week exercises
XI week lecturesCase studies (spam, ransomware, phishing, identity theft).
XI week exercises
XII week lecturesCyber victimization.
XII week exercises
XIII week lecturesElectronic evidence, digital investigation and prosecution of cybercrime
XIII week exercises
XIV week lecturesState jurisdiction and the importance of international cooperation in combating high-tech crime (Interpol, Europol i European Union Agency for Cybersecurity (ENISA).
XIV week exercises
XV week lecturesFinal Exam
XV week exercises
Student workloadWeekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work)
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Students are required to regularly attend lectures and exercises, as well as participate in all forms of knowledge assessment throughout the semester.
Consultations
LiteratureCouncil of Europe – Budapest Convention on Cybercrime ETS No. 185 I Additional Protocol to the Convention on Cybercrime, Concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed through Computer Systems II Second Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence MS No.9/2022) Code of Criminal Procedure ("Official Gazette of Montenegro", no. 57/2009, 49/2010, 47/2014 - CC decision, 2/2015 - CC decision, 35/2015, 58/2015 - other law, 28/ 2018 - CC decision and 116/2020 - CC decision) Criminal Code of Montenegro ("Official Gazette of the Republic of Montenegro", no. 70/2003, 13/2004 - corrected and 47/2006 and "Official Gazette of Montenegro", no. 40/2008, 25/2010, 32/2011, 64/2011 - other laws, 40/2013, 56/2013 - amended, 14/2015, 42/2015, 58/2015 - other laws, 44/2017, 49/2018 and 3/2020) Wicki-Birchler, D. (2020). The Budapest Convention and the General Data Protection Regulation: acting in concert to curb cybercrime? International Cybersecurity Law Review, 1(1-2), 63–72. doi:10.1365/s43439-020-00012-5 Leukfeldt, R., Holt, T. J. (2020), The Human Factor of Cybercrime, Routledge Taylor&Francis Gruop. Nearchou N. (2023), Combating Crime on the Dark Web - Learn how to access the dark web safely and not fall victim to cybercrime, Packt Publishing, Birmingham. Ethem Ilbiz, Christian Kaunert (2023) The Sharing Economy for Tackling Cybercrime_ Uberization of Public-Private Partnerships, 2023, Springer. Kranenbarg, M. W., Leukfeldt, R. (2021), Cyberrime in context - The human factor in victimization, offending, and policing, Springer.
Examination methodsForms of knowledge testing and assessment: - Written examinations – 30 - Oral presentation/participation in exercises – 20 - Writing paper – 20 - Final exam – 30
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY ASPECTS OF THE SOFTWARE DEVELOPMENT

Course:SECURITY ASPECTS OF THE SOFTWARE DEVELOPMENT/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39185Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims The aim of the course is to acquire the necessary theoretical and practical knowledge of the fundamental design principles, including restrictive privilege, simplicity and methodology principles. Security requirements and their role in design, Implementation issues, Static and dynamic testing, Configuring and patching, and Ethics, especially in development, testing and vulnerability disclosure.
Learning outcomes After the student passes this exam: - He/she will be able to understand the principles that underlie both design and implementation of secure software. - He/she be able to include security considerations throughout the design of software. - He/she will be able to include security considerations throughout the implementation of software. - He/she will be able to explain testing considerations for validating that the software meets stated and unstated security requirements and specifications. - They will be able to understand security considerations in the use of software, and in its deployment, maintenance, and removal. - He/she will be able to include information about security considerations in configuration, use, and other aspects of using the software.
Lecturer / Teaching assistantProf. dr Aleksandar Popović, MSc Kosta Pavlović
MethodologyLectures, exercises, consultations, independent work.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesFundamental principles – restrictiveness principles. Least privilege (Software should be given only those privileges that it needs to complete its task). Fail-safe defaults (The initial state should be to deny access unless access is explicitly required). Complete mediation (Software should validate every access to objects to ensure that the access is allowed.)
I week exercises
II week lecturesFundamental principles – restrictiveness principles. Separation (Software should not grant access to a resource based on a single condition). Minimize trust (Software should check all inputs and the results of all security-relevant actions).
II week exercises
III week lecturesFundamental principles - simplicity principles. Economy of mechanism (Security features of software should be as simple as possible.).
III week exercises
IV week lecturesFundamental principles - simplicity principles. Minimize common mechanism (The sharing of resources should be reduced as much as possible). Least astonishment (Security mechanisms should be designed so that their operation is as logical and simple as possible.).
IV week exercises
V week lecturesFundamental principles – methodology principles. Open design (Security of software, and of what that software provides, should not depend on the secrecy of its design or implementation.). Layering (Organize software in layers). Abstraction (Hide the internals of each layer, making only the interfaces available). Modularity (Design and implement the software as a collection of co-operating modules).
V week exercises
VI week lecturesFundamental principles – methodology principles. Complete linkage (Tie software security design and implementation to the security specifications for that software). Design for iteration (Plan the design in such a way that it can be changed, if needed.).
VI week exercises
VII week lecturesDesign. Introduce techniques for including security considerations throughout the design of software. Derivation of security requirements (Beginning with business, mission, or other objectives, determine what security requirements are necessary to succeed). Specification of security requirements (Translate the security requirements into a form of formal specification, informal specifications, specifications for testing).
VII week exercises
VIII week lecturesDesign. Software development lifecycle/Security development lifecycle (waterfall model, agile development and security). Programming languages and type-safe languages (Discuss the problems that programming languages introduce, what type-safety does, and why it is important).
VIII week exercises
IX week lecturesImplementation. Introduce techniques for including security considerations throughout the implementation of software. Validating input and checking its representation. Using APIs correctly. Using security features. Checking time and state relationships. Handling exceptions and errors properly.
IX week exercises
X week lecturesImplementation. Programming robustly. Encapsulating structures and modules. Taking environment into account (dont put sensitive information in the source code).
X week exercises
XI week lecturesAnalysis and Testing. Static and dynamic analysis. Unit testing. Integration testing. Software testing.
XI week exercises
XII week lecturesDeployment and Maintenance. Configuring. Patching and the vulnerability lifecycle. Checking environment (ensuring the environment matches the assumptions made in the software).
XII week exercises
XIII week lecturesDeployment and Maintenance. DevOps (combine development and operation). Decommissioning/Retiring (how to remove software without causing security problems.).
XIII week exercises
XIV week lecturesDocumentation. Introduce and include information about security considerations in configuration, use, and other aspects of using the software and maintaining it. Installation documents. User guides and manuals. Assurance documentation. Security documentation.
XIV week exercises
XV week lecturesEthics. Code reuse (licensing). Professional responsibility. Social aspects of software development. Legal aspects of software development. Vulnerability disclosure. Ethical implications of testing.
XV week exercises
Student workloadWeekly: 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work)
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Regular attendance at classes, appropriate behavior, attending knowledge tests.
Consultations
Literature1. Computer Security, Dieter Gollman, 2011, ISBN: 978-0470741153 2. Software Security: Principles, Policies, and Protection, Mathias Payer, 2021 3. Computer Security: Principles and Practice, William Stallings, Lawrie Brown, 2017, ISBN: 978- 0134794105
Examination methods- Тwo tests worth 30 points each. Project assignment (work in groups) worth 30 points. Special commitment and effort during class, as well as exceptional solutions to individual tasks, are valued up to 10 points.) - The student will pass the exam if he accumulates at least 50 points
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / COMPUTER FORENSICS

Course:COMPUTER FORENSICS/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39186Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims Provides the opportunity to master the basics of Computer Forensics, the procedures, tools and methodologies of Computer Forensics, equips students to analyze computer systems and programs in order to collect forensic evidence.
Learning outcomes Explain the role and importance of computer forensics. Properly defines and lists appropriate examples of the application of computer forensics. Properly: collects, preserves, processes and presents computer-forensic evidence. Participates in all phases of computer forensics: prepares, plans and conducts computer forensics investigation. Prepares a report on the results of the forensic processing of the collected evidence.
Lecturer / Teaching assistantDr Srđan Kadić, MSc Nikola Pižurica
MethodologyLectures and exercises in the computer classroom with the use of appropriate virtual (online) platforms. Learning and independent preparation of practical tasks and seminar papers. Consultations.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction to computer forensics
I week exercisesIntroduction to computer forensics
II week lecturesConcept, methodologies, tools and technologies of computer forensics
II week exercises Concept, methodologies, tools and technologies of computer forensics
III week lecturesBranches of computer forensics
III week exercisesBranches of computer forensics
IV week lecturesOverview of computer forensics software/hardware tools
IV week exercisesOverview of computer forensics software/hardware tools
V week lecturesOpen-Source Forensic Tools
V week exercisesOpen-Source Forensic Tools
VI week lecturesForensics investigation procedure - systematic approach
VI week exercisesForensics investigation procedure - systematic approach
VII week lecturesData acquisition – Preservation, verification and authentication of evidence
VII week exercisesData acquisition – Preservation, verification and authentication of evidence
VIII week lecturesForensics analysis and validation
VIII week exercisesForensics analysis and validation
IX week lecturesWindows / Mac / Linux Forensics
IX week exercisesWindows / Mac / Linux Forensics
X week lecturesAdvanced Windows Forensics
X week exercisesAdvanced Windows Forensics
XI week lecturesData storage forensics (HDD-SSD-USB)
XI week exercisesData storage forensics (HDD-SSD-USB)
XII week lecturesPortable and embedded device forensics
XII week exercisesPortable and embedded device forensics
XIII week lecturesNetwork and Cloud Forensics
XIII week exercisesNetwork and Cloud Forensics
XIV week lecturesApplication & Database Forensics
XIV week exercisesApplication & Database Forensics
XV week lecturesProcessing of collected and identified evidence - Reporting
XV week exercisesProcessing of collected and identified evidence - Reporting
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Students are required to attend classes, do and hand in all homework, and complete all exercises.
Consultations
LiteratureIncident Response and Computer Forensics,3rd Edition, Luttgens, Pepe and Mandia, McGraw Hill; 2014
Examination methodsThe exam consists of a practical and a final part of the exam. The practical work is evaluated with 35 points, and the final exam with 65 points. A passing grade is obtained if at least 51 points are accumulated cumulatively.
Special remarksTeaching is conducted for a group of about 40 students. Teaching can be done online, with the help of distance learning platforms, and external platforms for testing practical skills.
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / PENETRATION TESTING

Course:PENETRATION TESTING/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39187Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims This course provides a mastering technique that involves information gathering, preparing, and planning system vulnerability testing to properly execute specific attacks and create follow-up reports on system vulnerability testing. Students can identify and exploit system vulnerabilities, creating a basis for making recommendations for mitigating identified risks.
Learning outcomes After the student passes this exam, student will be able to: Properly plan and prepare for a penetration test Active and passive information gathering Execute testing and exploit target system Develop and deliver final report and recommendation
Lecturer / Teaching assistantSrđan Kadić, Savo Tomović
MethodologyLectures and exercises in the computer classroom with the use of appropriate virtual (online) platforms. Learning and independent preparation of practical tasks and seminar papers. Consultations.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction to Pen Testing and Ethical hacking
I week exercisesIntroduction to Pen Testing and Ethical hacking
II week lecturesConcept, methodologies, tools and technologies
II week exercises Concept, methodologies, tools and technologies
III week lecturesOverview of vulnerabilities and exploits techniques
III week exercisesOverview of vulnerabilities and exploits techniques
IV week lecturesPen Test Planning, Scoping, and Recon
IV week exercisesPen Test Planning, Scoping, and Recon
V week lecturesActive and passive information gathering and system scanning
V week exercisesActive and passive information gathering and system scanning
VI week lecturesPrepare and execute initial access
VI week exercisesPrepare and execute initial access
VII week lecturesPost Exploitation
VII week exercisesPost Exploitation
VIII week lecturesCore infrastructure attacks
VIII week exercisesCore infrastructure attacks
IX week lecturesNetwork based attacks
IX week exercisesNetwork based attacks
X week lecturesWeb based attacks
X week exercisesWeb based attacks
XI week lecturesMobile and portable device
XI week exercisesMobile and portable device
XII week lecturesIoT and Cloud
XII week exercisesIoT and Cloud
XIII week lecturesPortable and embedded devices
XIII week exercisesPortable and embedded devices
XIV week lecturesNon-traditional devices
XIV week exercisesNon-traditional devices
XV week lecturesAnalyzing and reporting pen test results
XV week exercisesAnalyzing and reporting pen test results
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Weekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work)
Consultations
LiteratureEthical Hacking - A Hands-on Introduction to Breaking In, Daniel G. Graham, NoStarchPress, 2021 Real-World Bug Hunting - A Field Guide to Web Hacking, Peter Yaworski, NoStarchPress, 2019 Attacking Network Protocols - A Hackers Guide to Capture, Analysis, and Exploitation, James Forshaw, NoStarchPress, 2017 Metasploit, 2nd Edition, David Kennedy, Mati Aharoni, Devon Kearns, Jim O’Gorman, and Daniel Graham, NoStarchPress, November 2023
Examination methodsThe exam consists of a practical and a final part of the exam. The practical work is evaluated with 35 points, and the final exam with 65 points. A passing grade is obtained if at least 51 points are accumulated cumulatively
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SYSTEM SECURITY

Course:SYSTEM SECURITY/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39188Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims Through this course, students are introduced to general terms related to the security of computer systems. They will be introduced to the importance of looking at the system as a whole. They will be able to recognize risks and adequately respond to them.
Learning outcomes After the student passes this exam: - He/she will be able to recognize risks in computer systems - He/she will know the methods of authentication and authorization - He/she will be aware of the importance of sharing responsibility - He/she will be able to recognize and analyze security risks in web and mobile applications - They will get to know the basic defense techniques against these threats
Lecturer / Teaching assistantProf. dr Slobodan Đukanović, Doc. dr Stefan Vujović
MethodologyLectures, exercises, consultations, independent work
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction. Holistic approaches. System parts.
I week exercisesIntroduction. Holistic approaches. System parts.
II week lecturesThreat models
II week exercises Threat models
III week lecturesDivision of privileges and responsibilities
III week exercisesDivision of privileges and responsibilities
IV week lecturesAuthentication methods: human-to-system, system-to- system
IV week exercisesAuthentication methods: human-to-system, system-to- system
V week lecturesNetwork security and protocols
V week exercisesNetwork security and protocols
VI week lecturesIdentity on web, private browsing
VI week exercisesIdentity on web, private browsing
VII week lecturesTest
VII week exercisesTest
VIII week lecturesSecurity of web applications
VIII week exercisesSecurity of web applications
IX week lecturesSecurity of web applications
IX week exercisesSecurity of web applications
X week lecturesSecurity of mobile applications
X week exercisesSecurity of mobile applications
XI week lecturesData tracking
XI week exercisesData tracking
XII week lecturesDefense against attacks: ASLR, IP hopping
XII week exercisesDefense against attacks: ASLR, IP hopping
XIII week lecturesHardware security
XIII week exercisesHardware security
XIV week lecturesSystem organization and procedures
XIV week exercisesSystem organization and procedures
XV week lecturesAdvanced defense techniques
XV week exercisesAdvanced defense techniques
Student workload
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Regular attendance at classes, appropriate behavior, attending knowledge tests
ConsultationsAfter the classes, or upon a request.
Literature
Examination methods- Test (50 points) - Exam (50 points)
Special remarksNone
CommentNone
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / ORGANIZATIONAL SECURITY, HUMAN SECURITY

Course:ORGANIZATIONAL SECURITY, HUMAN SECURITY/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39189Obavezan63+1+0
ProgramsCYBER SECURITY
Prerequisites
Aims The aim of the course is to develop the critical thinking and analytical skills necessary for an comprehensive understanding of the concept of information security in the light of modern challenges in cyberspace, as well as its implications for the national, regional and global security context. Special objectives refer to the acquisition of knowledge about strategic and legislative instruments that define risks and the protection of critical information infrastructure, rights, obligations and responsibilities in the domain of personal data protection, the implementation of the concept of corporate security, as well as the development of a security culture in organizations.
Learning outcomes After successful completion of the module, the student will be able to: - demonstrate a critical understanding of the concept of information security and a comprehensive overview of its implications in the national, regional and global security contexts; - independently identifies emerging forms of information security threats; - systematically interprets and applies the legal framework of the personal data protection; - understand the regulatory and institutional challenges for the critical information infrastructure protection; - recognize social engineering methods; - critically evaluate standards and good practices for the cybersecurity development; - show an awareness of the importance of the organizational security culture for mitigation of internal risks.
Lecturer / Teaching assistantProf. Stefan Sütterlin, PhD, Prof. Thom Brooks, PhD, Andreja Mihailovic, PhD
MethodologyLectures, exercises, consultations, case studies, etc.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesPresentation of the teaching and learning methods, requirements for students, assignments and assessment methods.
I week exercises
II week lecturesThe digital transformation and the importance of ICTs in societys needs.
II week exercises
III week lecturesDefinition of the concept of security, functions, principles. Social values and interests of importance for individual and collective security.
III week exercises
IV week lecturesInformation security and importance in the national security system. Globalization of security and the dynamics of contemporary geopolitical relations (asymmetric and hybrid conflicts).
IV week exercises
V week lecturesContemporary security challenges in cyberspace. Sources, forms, subjects and implications of threats in cyberspace.
V week exercises
VI week lecturesStrategic framework of information security. National cyber security strategy. The EUs Cybersecurity Strategy for the Digital Decade.
VI week exercises
VII week lecturesProtection of critical information infrastructure. Directive on the security of network and information systems (NIS 2 Directive).
VII week exercises
VIII week lecturesNational legislative framework of information security. Information Security Law.
VIII week exercises
IX week lecturesCorporate governance and corporate security in cyberspace. Organizational security challenges.
IX week exercises
X week lecturesProtection of human rights and freedoms in cyberspace (ePrivacy, hate speech and freedom of expression on the Internet).
X week exercises
XI week lecturesRights, obligations and responsibility in the field of personal data protection. General EU Regulation on Personal Data Protection GDPR 2016/679 (General Data Protection Regulation).
XI week exercises
XII week lecturesSocial engineering. Development of the organizational security culture through education and raising awareness initiatives.
XII week exercises
XIII week lecturesInternational cooperation in information security development (institutional framework, standards and examples of good practice).
XIII week exercises
XIV week lecturesThe role of private-public partnerships in defining national cybersecurity strategy.
XIV week exercises
XV week lecturesFinal exam.
XV week exercises
Student workloadWeekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work)
Per weekPer semester
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
4 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts
Total workload for the subject:
6 x 30=180 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
36 hour(s) i 0 minuts
Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work)
Student obligations Students are required to regularly attend classes and participate in all forms of knowledge assessment throughout the semester.
Consultations
LiteratureBuckland, B., Schreier, F., Winkler, T., (2010). Democratic Governance Challenges of Cybersecurity, Security and democracy Forum, Beograd. DCAF (2019). Guide to Good Governance in Cybersecurity, Genève. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, Official Journal of the European Union L 194/1. ENISA (2017). Public-Private Partnerships in Cyberspace, Available at: https://www. enisa.europa.eu/publications/public-private-partnerships-ppp-cooperative-models/at_download/fullReport GDPR.eu. Complete Guide to GDPR Compliance, Available at: https://gdpr.eu/ Kovacevic, A., Nikolic, D. (2015). Cyber attacks on critical infrastructure: Review and challenges. In Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance (pp. 1-18). Hershey: IGI Globa. Njenga, K. (2022). Information Systems Security in Small and Medium-Sized Enterprises: Emerging Cybersecurity Threats in Times of Turbulence, Nova Science Publishers, Inc. Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Cyber Security Strategy of Montenegro 2022-2026. The EU’s Cybersecurity Strategy for the Digital Decade, Commission and the High Representative of the Union for Foreign Affairs and Security Policy, Joint communication to the European Parliament and the Council, Brussels, 16.12.2020, JOIN (2020) 18 final, p. 3. Information Security Law ("Official Gazette of Montenegro", no. 14/2010 and 40/2016). Personal Data Protection Law ("Official Gazette of Montenegro", No. 079/08 dated 23.12.2008, 070/09 dated 21.10.2009, 044/12 dated 09.08.2012, 022/17 dated 03.04.2017).
Examination methodsForms of knowledge testing and assessment: - Written examinations – 30 - Oral presentation/participation in exercises – 20 - Writing paper – 20 - Final exam – 30
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / MODERN COMPUTER SYSTEM PROTECTION TECHNIQUES

Course:MODERN COMPUTER SYSTEM PROTECTION TECHNIQUES /
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39190Obavezan7.53+1+0
ProgramsCYBER SECURITY
Prerequisites None.
Aims Acquaintance of students with the basic methods and techniques for the protection of computer systems in terms of data protection, communications and access to the system. Identification of weak points that reduce the security of the computer system.
Learning outcomes After the student passes this exam, she/he will be able to: - Knows the elements of a computer system that affect its security. - Apply protection methods on server computer systems. - Apply protection methods on user devices. - Performs system-user training in order to increase security.
Lecturer / Teaching assistantProf. dr Miloš Daković, doc. dr Isidora Stanković
MethodologyLectures, exercises, consultations, independent work.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction
I week exercisesIntroduction
II week lecturesMethods of protection of computer systems
II week exercises Methods of protection of computer systems
III week lecturesData protection
III week exercisesData protection
IV week lecturesProtection of communications
IV week exercisesProtection of communications
V week lecturesProtection of server computers
V week exercisesProtection of server computers
VI week lecturesMethods and techniques of server computers protection
VI week exercisesMethods and techniques of server computers protection
VII week lecturesProtection of user devices used for accessing the computer system
VII week exercisesProtection of user devices used for accessing the computer system
VIII week lecturesMethods and techniques for protecting user devices
VIII week exercisesMethods and techniques for protecting user devices
IX week lecturesMechanisms of identification and authentication of computer system users
IX week exercisesMechanisms of identification and authentication of computer system users
X week lecturesAuthorization of computer system users
X week exercisesAuthorization of computer system users
XI week lecturesTest
XI week exercisesTest
XII week lecturesUser training in computer system protection
XII week exercisesUser training in computer system protection
XIII week lecturesAdvanced protection techniques
XIII week exercisesAdvanced protection techniques
XIV week lecturesCase studies
XIV week exercisesCase studies
XV week lecturesCase studies
XV week exercisesCase studies
Student workload
Per weekPer semester
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
6 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts
Total workload for the subject:
7.5 x 30=225 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
45 hour(s) i 0 minuts
Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work)
Student obligations Regular monitoring of classes, doing homework and checking knowledge.
ConsultationsAfter the classes.
Literature1. William Stallings, Lawrie Brown, Computer Security: Principles and Practice, Pearson, 2017. 2. Dieter Gollman, Computer Security, Willey, 2011. 3. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2004.
Examination methodsHomework and exercises: 15 points; Test: 40 points; Final exam: 45 points.
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / ADVANCED COMPUTER FORENSICS

Course:ADVANCED COMPUTER FORENSICS/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39191Obavezan7.53+1+0
ProgramsCYBER SECURITY
Prerequisites
Aims This course provides an introduction to the advanced computer forensic topics. Provides the opportunity to master the fundamentals of Advance Computer Forensics, the procedures, tools and methodologies in order to analyze specific systems and programs to collect forensic evidence.
Learning outcomes • Upoznaje studente s najsavremenijim tehnikama napredne računarske forenzike za računarske sisteme и netradicionalne uređaje. • Upoznaje studente sa специфичностима datotečnih sistema и њиховим оперативним артефактима (Windows, Mac и Linux OS). • Обухваћене теме могу укључивати: напредно издвајање и реконструкцију датотека (file carving), мрежну и Cloud forenziku, forenziku mobilnih уређаја, memorijsku forenziku и антифорензику.
Lecturer / Teaching assistantAsst. prof. Srđan Kadić, Velibor Došljak
Methodology
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesIntroduction to Advanced Computer Forensics
I week exercisesIntroduction to Advanced Computer Forensics
II week lecturesConcept, methodologies, tools and technologies of advanced computer forensics
II week exercises Concept, methodologies, tools and technologies of advanced computer forensics
III week lecturesOverview of Attacker techniques and incident responses
III week exercisesOverview of Attacker techniques and incident responses
IV week lecturesVolatile memory forensics, RAM and CACHE
IV week exercisesVolatile memory forensics, RAM and CACHE
V week lecturesNonVolatile data forensics
V week exercisesNonVolatile data forensics
VI week lecturesAdvance Windows forensics – Registry, Event Logs and system files
VI week exercisesAdvance Windows forensics – Registry, Event Logs and system files
VII week lecturesAdvance Mac/Linux forensics
VII week exercisesAdvance Mac/Linux forensics
VIII week lecturesBrowser forensiscs
VIII week exercisesBrowser forensiscs
IX week lecturesEmail, Social Media forensics
IX week exercisesEmail, Social Media forensics
X week lecturesMobile forensics
X week exercisesMobile forensics
XI week lecturesNetwork and Cloud Forensics
XI week exercisesNetwork and Cloud Forensics
XII week lecturesNon-traditional devices forensics – IoT, drones and camera
XII week exercisesNon-traditional devices forensics – IoT, drones and camera
XIII week lecturesGPS systems forensics
XIII week exercisesGPS systems forensics
XIV week lecturesMalware Analysis
XIV week exercisesMalware Analysis
XV week lecturesThreat Hunting and Incident Response
XV week exercisesThreat Hunting and Incident Response
Student workload
Per weekPer semester
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
6 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts
Total workload for the subject:
7.5 x 30=225 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
45 hour(s) i 0 minuts
Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work)
Student obligations
Consultations
Literature
Examination methods
Special remarks
Comment
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY INCIDENTS, PREVENTION AND RECOVERY

Course:SECURITY INCIDENTS, PREVENTION AND RECOVERY/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39192Obavezan7.53+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims The aim of the course is to acquire the necessary theoretical and practical knowledge for dealing with cyber security incidents in organizations.
Learning outcomes After the student passes this exam, the student will be able to: - independently identifies types of security incidents; - explain and analyze the basic principles of cyber security incident management - understand and discuss the importance of a cyber incident response plan - look at the distribution of responsibility and the role of external experts for cyber incidents; - understand and analyze the role of hardware and software in cyber security incidents - critically assess adequate communication strategies during a cyber incident - explain and analyze ways to detect and identify cyber incidents - analyze and critically evaluate the mechanisms of containment, eradication and recovery from a cyber incident - explain and analyze the significance and ways of monitoring, reporting and evaluating cyber incidents for future actions
Lecturer / Teaching assistantProfessor Ljiljana Kašćelan, PhD Sunčica Vuković, PhD
MethodologyLectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesConcept and types of cyber security incidents
I week exercisesConcept and types of cyber security incidents
II week lecturesBasic principles of cyber security incident management
II week exercises Basic principles of cyber security incident management
III week lecturesCyber security incident response plan
III week exercisesCyber security incident response plan
IV week lecturesAssigning responsibilities and creating a cyber incident response team
IV week exercisesAssigning responsibilities and creating a cyber incident response team
V week lecturesThe role of the cyber incident response experts
V week exercisesThe role of the cyber incident response experts
VI week lecturesHardware and software for cyber incident management
VI week exercisesHardware and software for cyber incident management
VII week lecturesCommunication strategy
VII week exercisesCommunication strategy
VIII week lecturesCyber insurance
VIII week exercisesCyber insurance
IX week lecturesDetection and identification of potential cyber incidents
IX week exercisesDetection and identification of potential cyber incidents
X week lecturesContainment of the current incident
X week exercisesContainment of the current incident
XI week lecturesEradication and recovery from the current incident
XI week exercisesEradication and recovery from the current incident
XII week lecturesCommunication during the current incident
XII week exercisesCommunication during the current incident
XIII week lecturesIncident monitoring and reporting
XIII week exercisesIncident monitoring and reporting
XIV week lecturesEvaluation and future actions
XIV week exercisesEvaluation and future actions
XV week lecturesCase study and summary of the study material
XV week exercisesCase study and summary of the study material
Student workload7,5 credits x 40/30 = 10 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 7 hours of independent work, including consultation
Per weekPer semester
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
6 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts
Total workload for the subject:
7.5 x 30=225 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
45 hour(s) i 0 minuts
Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work)
Student obligations Regular attendance at classes, appropriate behavior, attending knowledge tests
ConsultationsTBA
LiteratureThompson, EC (2018). Cybersecurity incident response: How to contain, eradicate, and recover from incidents . Apress. Center for Cyber Security Belgium (2019). Cyber security incident management guide . Trim, P. & Lee, Y. (2022). Strategic Cyber Security Management. Routledge
Examination methodsForms of knowledge testing and assessment: - Mid term exam – 30 points - Class activity – 10 points - Seminar paper – 20 points Final exam – 40 points
Special remarks/
Comment/
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points

Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY RISK MANAGEMENT

Course:SECURITY RISK MANAGEMENT/
Course IDCourse statusSemesterECTS creditsLessons (Lessons+Exercises+Laboratory)
39193Obavezan7.53+1+0
ProgramsCYBER SECURITY
Prerequisites The subject is not conditioned by other subjects.
Aims The aim of the course is to acquire the necessary theoretical and practical knowledge for dealing with cyber security risk management in organizations and institutions.
Learning outcomes After the student passes this exam, the student will be able to: - independently identifies types of security risks, - describe risk management and its role in the organization, - describe risk management techniques to identify and prioritize risk factors for information assets and how risk is assessed, - discuss the strategy options used to treat risk and be prepared to select from them when given background information, - explain and analyze the basic principles of cyber security risk management, - understand and discuss the importance of cyber sercurity risk management in organizations and intitutions, - understand and analyze the role of hardware and software in risk management process, - explain and analyze ways to detect and identify cyber security risks, - explain and analyze the significance and ways of cyber risk identification, cyber risk assesment and cyber risk mitigation, - understand the link between security risk management and individual, group and organizational performance, - develop strategic thinking about cybersecurity risk management, - analyze critical decisions and processes in cybersecurity risk management process, - improve managerial decision-making capabilities with regard to security risk management and human capital issues in a modern organizations and institutions, - instill ethical and sustainability consideration in management decisions, - understand process of monitoring, reporting and evaluating cyber incidents for future actions.
Lecturer / Teaching assistantIvan Radević, Assistant Professor
MethodologyLectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc.
Plan and program of work
Preparing weekPreparation and registration of the semester
I week lecturesConcept of Risk Management and Cyber Security Risk Management.
I week exercisesConcept of Risk Management and Cyber Security Risk Management.
II week lecturesCyber Threats and Organizational Risk.
II week exercises Cyber Threats and Organizational Risk.
III week lecturesContext Establishment, Corporate Risk Environment and Cyber Risk.
III week exercisesContext Establishment, Corporate Risk Environment and Cyber Risk.
IV week lecturesCybersecurity Enterprise Risk Management.
IV week exercisesCybersecurity Enterprise Risk Management.
V week lecturesStandards, Regulations and Security Measures (Data-Driven Security).
V week exercisesStandards, Regulations and Security Measures (Data-Driven Security).
VI week lecturesCyber Risk Identification.
VI week exercisesCyber Risk Identification.
VII week lecturesCyber Risk Assessment.
VII week exercisesCyber Risk Assessment.
VIII week lecturesCyber Risk Mitigation.
VIII week exercisesCyber Risk Mitigation.
IX week lecturesCyber Risk Monitoring, Detection and Reporting.
IX week exercisesCyber Risk Monitoring, Detection and Reporting.
X week lecturesCyber Attack Response and Recovery.
X week exercisesCyber Attack Response and Recovery.
XI week lecturesVulnerability Management.
XI week exercisesVulnerability Management.
XII week lecturesRisk Management Practice – Case Studies.
XII week exercisesRisk Management Practice – Case Studies.
XIII week lecturesCorporate Risk Environment.
XIII week exercisesCorporate Risk Environment.
XIV week lecturesStrategic Cybersecurity Risk Management.
XIV week exercisesStrategic Cybersecurity Risk Management.
XV week lecturesEvaluation and Recapitulation.
XV week exercisesEvaluation and Recapitulation.
Student workload
Per weekPer semester
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes
0 sat(a) practical classes
1 excercises
6 hour(s) i 0 minuts
of independent work, including consultations
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts
Necessary preparation before the beginning of the semester (administration, registration, certification):
10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts
Total workload for the subject:
7.5 x 30=225 hour(s)
Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item)
45 hour(s) i 0 minuts
Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work)
Student obligations Regular attendance at classes, appropriate behavior, attending knowledge tests.
ConsultationsDuring the regular consultation hours of the course professor, before and after classes, as well as via email radevic@ucg.ac.me.
Literature1. Oh, K-B., Ho, B. & Slade, B. (2022). Cybersecurity Risk Management: An Enterprise Risk Management Approach. Nova Science Publishers, USA. 2. Vellani, K. H. (2020). Strategic Security Management: A Risk Assessment Guide for Decision Makers. Taylor and Francis Group, USA. 3. Kissoon, T. (2022). Optimal Spending on Cybersecurity Measures. Routledge, UK. 4. Refsdal, T., Solhaug, B. & Stølen, K. (2015). Cyber-Risk Management. Springer, UK. 5. Hodson, C. J. (2019). Cyber Risk Management: Prioritize threats, idenrtify vulnerabilities and apply controls. Kogan Page Limited, UK. 6. Brumfield, C. & Haugli, B. (2022). Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework. Wiley, USA. 7. Leirvik, R. (2022). Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program. Apress, USA. 8. Hubbard, D. W. & Seiersen, R. (2016). How to Measure Anything in Cybersecurity Risk. Wiley, USA. 9. Trim, P. & Lee, Y. (2022). Strategic Cyber Security Management. Routledge, UK.
Examination methods1. Mid term exam – 30 points 2. Class activity – 10 points 3. Seminar paper – 20 points 4. Final exam – 40 points
Special remarks/
Comment/
Grade:FEDCBA
Number of pointsless than 50 pointsgreater than or equal to 50 points and less than 60 pointsgreater than or equal to 60 points and less than 70 pointsgreater than or equal to 70 points and less than 80 pointsgreater than or equal to 80 points and less than 90 pointsgreater than or equal to 90 points
//