Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / INTRODUCTION TO INFORMATION SECURITY
Course: | INTRODUCTION TO INFORMATION SECURITY/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39161 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | |
Aims | |
Learning outcomes | |
Lecturer / Teaching assistant | |
Methodology |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | |
I week exercises | |
II week lectures | |
II week exercises | |
III week lectures | |
III week exercises | |
IV week lectures | |
IV week exercises | |
V week lectures | |
V week exercises | |
VI week lectures | |
VI week exercises | |
VII week lectures | |
VII week exercises | |
VIII week lectures | |
VIII week exercises | |
IX week lectures | |
IX week exercises | |
X week lectures | |
X week exercises | |
XI week lectures | |
XI week exercises | |
XII week lectures | |
XII week exercises | |
XIII week lectures | |
XIII week exercises | |
XIV week lectures | |
XIV week exercises | |
XV week lectures | |
XV week exercises |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | |
Consultations | |
Literature | |
Examination methods | |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / COMMUNICATIONS SECURITY AND PROTOCOLS
Course: | COMMUNICATIONS SECURITY AND PROTOCOLS/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39181 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | Students are introduced to basic communications security aspects, i.e. protection of modern communication systems, existing standards and recommendations in this area. Security challenges of wireless and wired communication systems, ways of monitoring and detection of attacks, security architectures, protocols and solutions from the physical layer to the application layer are elaborated in detail. Basic security challenges in cellular networks are studied, especially for the fourth, fifth and subsequent generations. Basic aspects of security in sensor networks, IoT systems, industrial and machine-type communications, as well as common attacks and techniques to reduce their security risks are also discussed. |
Learning outcomes | Understanding the basic principles of functioning and security problems of modern communication systems. Understanding the way to protect communications, especially the latest techniques at the physical layer, but also at other layers of the OSI reference model. Understanding the principles of functioning, security systems, and protection of cellular communication systems, especially fifth and next generation systems. Principles of protection of different types of IoT systems, IEEE 802.11-WiFi systems, as well as protection of industrial and machine-type communications. |
Lecturer / Teaching assistant | Asst. Prof. Uglješa Urošević |
Methodology | Lectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Fundamental principles of modern communication systems |
I week exercises | |
II week lectures | Fundamental security problems of communication systems |
II week exercises | |
III week lectures | Protection of communications at the physical layer of the OSI reference model |
III week exercises | |
IV week lectures | Protection of communications at the physical layer of the OSI reference model |
IV week exercises | |
V week lectures | Protection of communications at the physical layer of the OSI reference model |
V week exercises | |
VI week lectures | Protection of communications at the link layer of the OSI reference model |
VI week exercises | |
VII week lectures | Protection of communications at the network layer of the OSI reference model |
VII week exercises | |
VIII week lectures | Protection of communications at other levels of the OSI reference mode |
VIII week exercises | |
IX week lectures | Fundamental principles of cellular communication systems |
IX week exercises | |
X week lectures | Security problems of cellular communication systems - from the second to the fourth generation |
X week exercises | |
XI week lectures | Security problems of cellular communication systems - fifth and subsequent generations |
XI week exercises | |
XII week lectures | Protection of IoT systems, massive IoT systems, critical IoT systems |
XII week exercises | |
XIII week lectures | IEEE 802.11-WiFi system protection |
XIII week exercises | |
XIV week lectures | Protection of industrial and machine-type communications. |
XIV week exercises | |
XV week lectures | Protection of industrial and machine-type communications. |
XV week exercises |
Student workload | Weekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work) |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Students are required to attend classes and complete exams. |
Consultations | |
Literature | - H. Arslan, H. M. Furqan - Physical Layer Security for Wireless Sensing and Communication- The Institution of Engineering and Technology (2023) - S. Pramanik, D. Samanta, M. Vinay, A. Guha - Cyber Security and Network Security-Wiley- Scrivener (2022) - R. Tafazolli, C. Wang, P. Chatzimisios, M. Liyanage - The Wiley 5G REF_ Security-Wiley (2021) - X. Hei - Security, Data Analytics, and Energy-Aware Solutions in the IoT-Engineering Science Reference (2021) |
Examination methods | - Test (50 points) - Exam (50 points) |
Special remarks | None |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / DIGITAL DATA PROTECTION
Course: | DIGITAL DATA PROTECTION/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39182 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | |
Aims | |
Learning outcomes | |
Lecturer / Teaching assistant | |
Methodology |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | |
I week exercises | |
II week lectures | |
II week exercises | |
III week lectures | |
III week exercises | |
IV week lectures | |
IV week exercises | |
V week lectures | |
V week exercises | |
VI week lectures | |
VI week exercises | |
VII week lectures | |
VII week exercises | |
VIII week lectures | |
VIII week exercises | |
IX week lectures | |
IX week exercises | |
X week lectures | |
X week exercises | |
XI week lectures | |
XI week exercises | |
XII week lectures | |
XII week exercises | |
XIII week lectures | |
XIII week exercises | |
XIV week lectures | |
XIV week exercises | |
XV week lectures | |
XV week exercises |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | |
Consultations | |
Literature | |
Examination methods | |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / CRYPTOGRAPHY
Course: | CRYPTOGRAPHY/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39183 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | The goal of the course is to familiarize students with the basics of classic cryptography such as symmetric cryptography systems, as well as with basic cryptanalytic techniques. In the second part of the course we will mainly deal with asymmetric (public key) systems, factorization techniques, elliptic cryptography, and digital signature. Certain chapters from number theory are included as an integral part of this course in order to fully understand specific theoretical units. |
Learning outcomes | After the student passes this exam, he/she will be able to: - Describe the purpose of cryptography and list ways it is used in data communications. - Describe the following terms: cipher, cryptanalysis, cryptographic algorithm, and cryptology, and describe basic methods (ciphers) for transforming plaintext in cipher-text. - Explain how public key infrastructure supports digital signing and encryption and discuss the limitations and vulnerabilities - Describe which cryptographic protocols, tools and techniques are appropriate for a given situation. - Explain the goals of end-to-end data security. |
Lecturer / Teaching assistant | prof. dr Vladimir Božović |
Methodology | Lectures, exercises, consultations, independent work. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction to cryptography. Historical overview. Simple substitution cipher. Introduction to cryptanalysis. |
I week exercises | Introduction to cryptography. Historical overview. Simple substitution cipher. Introduction to cryptanalysis. |
II week lectures | Encryption/decryption, sender authentication, data integrity, non-repudiation. |
II week exercises | Encryption/decryption, sender authentication, data integrity, non-repudiation. |
III week lectures | Attack classification (cipher text-only, known plaintext, chosen plaintext, chosen cipher text). |
III week exercises | Attack classification (cipher text-only, known plaintext, chosen plaintext, chosen cipher text). |
IV week lectures | Secret key (symmetric), cryptography and public-key (asymmetric) cryptography. |
IV week exercises | Secret key (symmetric), cryptography and public-key (asymmetric) cryptography. |
V week lectures | Mathematical background: Modular arithmetic, Primitive roots, discrete log problem, Primality testing, factoring large integers. |
V week exercises | Mathematical background: Modular arithmetic, Primitive roots, discrete log problem, Primality testing, factoring large integers. |
VI week lectures | Mathematical background: Fermat, Euler theorems. |
VI week exercises | Mathematical background: Fermat, Euler theorems. |
VII week lectures | Mathematical background: Elliptic curves, lattices and hard lattice problems, Abstract algebra, finite fields, and Information theory. |
VII week exercises | Mathematical background: Elliptic curves, lattices and hard lattice problems, Abstract algebra, finite fields, and Information theory. |
VIII week lectures | Information-theoretic security: one-time pad, Shannon Theorem, Computational security. |
VIII week exercises | Information-theoretic security: one-time pad, Shannon Theorem, Computational security. |
IX week lectures | Advanced concepts: Zero-knowledge proofs, Secret sharing, Commitment, Oblivious transfer, Secure multiparty computation. |
IX week exercises | Advanced concepts: Zero-knowledge proofs, Secret sharing, Commitment, Oblivious transfer, Secure multiparty computation. |
X week lectures | Advanced recent developments: fully homomorphic encryption, obfuscation, quantum cryptography, and KLJN scheme. |
X week exercises | Advanced recent developments: fully homomorphic encryption, obfuscation, quantum cryptography, and KLJN scheme. |
XI week lectures | Historical ciphers, Shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, and Hill cipher, Enigma machine, and others. |
XI week exercises | Historical ciphers, Shift cipher, affine cipher, substitution cipher, Vigenere cipher, ROT-13, and Hill cipher, Enigma machine, and others. |
XII week lectures | Symmetric (private key) ciphers. B block ciphers and stream ciphers (pseudo-random permutations, pseudo-random generators), Feistel networks, Data Encryption Standard (DES). |
XII week exercises | Symmetric (private key) ciphers. B block ciphers and stream ciphers (pseudo-random permutations, pseudo-random generators), Feistel networks, Data Encryption Standard (DES). |
XIII week lectures | Symmetric (private key) ciphers. Advanced Encryption Standard (AES), Modes of operation for block ciphers, Differential attack, linear attack, and Stream ciphers, linear feedback shift registers, RC4. |
XIII week exercises | Symmetric (private key) ciphers. Advanced Encryption Standard (AES), Modes of operation for block ciphers, Differential attack, linear attack, and Stream ciphers, linear feedback shift registers, RC4. |
XIV week lectures | Asymmetric (public-key) ciphers, Theoretical concepts (Computational complexity, one-way trapdoor functions), Naive RSA, Weakness of Naive RSA, padded RSA. |
XIV week exercises | Asymmetric (public-key) ciphers, Theoretical concepts (Computational complexity, one-way trapdoor functions), Naive RSA, Weakness of Naive RSA, padded RSA. |
XV week lectures | Asymmetric (public-key) ciphers, Diffie-Hellman protocol, El Gamal cipher, Other public-key ciphers, including Goldwasser-Micali, Rabin, Paillier, McEliece, and Elliptic curves ciphers |
XV week exercises | Asymmetric (public-key) ciphers, Diffie-Hellman protocol, El Gamal cipher, Other public-key ciphers, including Goldwasser-Micali, Rabin, Paillier, McEliece, and Elliptic curves ciphers |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Responsibility of students during the semester: If the student is not able to take the exam in the defined terms, and there are no serious health reasons (substantiated documentation) reasons, he does not have the right to take the exam in a special term. If the student takes the corrective colloquium, then the result obtained on it will be taken as final for that part of the exam. A student who scored less than 20 points in colloquiums does not have the right to defend the project assignment. Class attendance is preferred but not mandatory. |
Consultations | As agreed with the lecturer. |
Literature | 1. An Introduction to Mathematical Cryptography, Jeffrey Hoffstein, Jill Pipher, Joseph H. Silverman, 2008, ISBN: 978-0-387-77993-5. 2. A Course in Number Theory and Cryptography, Neal Koblitz, 1994, ISBN: 0-387-94293-9. |
Examination methods | - 2 tests (30 points each) - Project assignment (work in groups) (30 points) - Special commitment and effort during class, as well as exceptional solutions to individual tasks, are valued up to 10 points. |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / CYBERCRIME
Course: | CYBERCRIME/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39184 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | None. |
Aims | Learning outcomes: After successful completion of this course, the student will be able to: - demonstrate a comprehensive understanding of ICTs methods used to undertake criminal activities; - independently identifies emerging forms of computer crime; - systematically explain and apply the legislative provisions that regulate the offences covered in the module; - demonstrate a critical understanding of the regulatory and institutional challenges in the prosecution of criminal offenses in cyberspace; - understand the difference in the legal treatment of electronic and traditional forms of evidence; - critically evaluate the standards and good practices in the field of early detection, suppression and prevention of high-tech crime; - understand the mechanisms of transnational cybercrime and organized criminal networks. |
Learning outcomes | |
Lecturer / Teaching assistant | Prof. Stefan Sütterlin, PhD, Prof. Thom Brooks, PhD, Andreja Mihailovic, PhD. |
Methodology | The course is conducted through a combination of lectures, exercises, and consultations, supported by independent student work. Teaching methods include theoretical instruction, practical application, and interactive discussions to ensure comprehensive understanding. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Presentation of the teaching and learning methods, requirements for students, assignments and assessment methods. |
I week exercises | |
II week lectures | The theoretical foundation and characteristics of cybercrime. |
II week exercises | |
III week lectures | The evolution and emerging forms of cybercrime offenses. |
III week exercises | |
IV week lectures | National strategic and legal framework of computer crime. |
IV week exercises | |
V week lectures | Illegal access, illegal interception, data interference, system interference, misuse of devices, computer-related forgery, computer-related fraud, offenses related to child pornography, and offenses related to copyright rights |
V week exercises | |
VI week lectures | International law role in securing suberspace. The Cyberthreat Landscape within the world of internet governance |
VI week exercises | |
VII week lectures | Budapest Convention on Cybercrime ETS no. 185. I Additional Protocol to the Convention on Cybercrime, Concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed through Computer Systems. II Second Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence MS No.9/2022) |
VII week exercises | |
VIII week lectures | Typology and main characteristics of cybercrime perpetrators |
VIII week exercises | |
IX week lectures | Cyberdefence, Cyberterrorism, Cyberweapons and Cyber warfare considerations. |
IX week exercises | |
X week lectures | Intellectual property rights infringement in cyberspace. |
X week exercises | |
XI week lectures | Case studies (spam, ransomware, phishing, identity theft). |
XI week exercises | |
XII week lectures | Cyber victimization. |
XII week exercises | |
XIII week lectures | Electronic evidence, digital investigation and prosecution of cybercrime |
XIII week exercises | |
XIV week lectures | State jurisdiction and the importance of international cooperation in combating high-tech crime (Interpol, Europol i European Union Agency for Cybersecurity (ENISA). |
XIV week exercises | |
XV week lectures | Final Exam |
XV week exercises |
Student workload | Weekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work) |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Students are required to regularly attend lectures and exercises, as well as participate in all forms of knowledge assessment throughout the semester. |
Consultations | |
Literature | Council of Europe – Budapest Convention on Cybercrime ETS No. 185 I Additional Protocol to the Convention on Cybercrime, Concerning the Criminalisation of Acts of a Racist and Xenophobic Nature Committed through Computer Systems II Second Additional Protocol to the Convention on Cybercrime on Enhanced Co-operation and Disclosure of Electronic Evidence MS No.9/2022) Code of Criminal Procedure ("Official Gazette of Montenegro", no. 57/2009, 49/2010, 47/2014 - CC decision, 2/2015 - CC decision, 35/2015, 58/2015 - other law, 28/ 2018 - CC decision and 116/2020 - CC decision) Criminal Code of Montenegro ("Official Gazette of the Republic of Montenegro", no. 70/2003, 13/2004 - corrected and 47/2006 and "Official Gazette of Montenegro", no. 40/2008, 25/2010, 32/2011, 64/2011 - other laws, 40/2013, 56/2013 - amended, 14/2015, 42/2015, 58/2015 - other laws, 44/2017, 49/2018 and 3/2020) Wicki-Birchler, D. (2020). The Budapest Convention and the General Data Protection Regulation: acting in concert to curb cybercrime? International Cybersecurity Law Review, 1(1-2), 63–72. doi:10.1365/s43439-020-00012-5 Leukfeldt, R., Holt, T. J. (2020), The Human Factor of Cybercrime, Routledge Taylor&Francis Gruop. Nearchou N. (2023), Combating Crime on the Dark Web - Learn how to access the dark web safely and not fall victim to cybercrime, Packt Publishing, Birmingham. Ethem Ilbiz, Christian Kaunert (2023) The Sharing Economy for Tackling Cybercrime_ Uberization of Public-Private Partnerships, 2023, Springer. Kranenbarg, M. W., Leukfeldt, R. (2021), Cyberrime in context - The human factor in victimization, offending, and policing, Springer. |
Examination methods | Forms of knowledge testing and assessment: - Written examinations – 30 - Oral presentation/participation in exercises – 20 - Writing paper – 20 - Final exam – 30 |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY ASPECTS OF THE SOFTWARE DEVELOPMENT
Course: | SECURITY ASPECTS OF THE SOFTWARE DEVELOPMENT/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39185 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | The aim of the course is to acquire the necessary theoretical and practical knowledge of the fundamental design principles, including restrictive privilege, simplicity and methodology principles. Security requirements and their role in design, Implementation issues, Static and dynamic testing, Configuring and patching, and Ethics, especially in development, testing and vulnerability disclosure. |
Learning outcomes | After the student passes this exam: - He/she will be able to understand the principles that underlie both design and implementation of secure software. - He/she be able to include security considerations throughout the design of software. - He/she will be able to include security considerations throughout the implementation of software. - He/she will be able to explain testing considerations for validating that the software meets stated and unstated security requirements and specifications. - They will be able to understand security considerations in the use of software, and in its deployment, maintenance, and removal. - He/she will be able to include information about security considerations in configuration, use, and other aspects of using the software. |
Lecturer / Teaching assistant | Prof. dr Aleksandar Popović, MSc Kosta Pavlović |
Methodology | Lectures, exercises, consultations, independent work. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Fundamental principles – restrictiveness principles. Least privilege (Software should be given only those privileges that it needs to complete its task). Fail-safe defaults (The initial state should be to deny access unless access is explicitly required). Complete mediation (Software should validate every access to objects to ensure that the access is allowed.) |
I week exercises | |
II week lectures | Fundamental principles – restrictiveness principles. Separation (Software should not grant access to a resource based on a single condition). Minimize trust (Software should check all inputs and the results of all security-relevant actions). |
II week exercises | |
III week lectures | Fundamental principles - simplicity principles. Economy of mechanism (Security features of software should be as simple as possible.). |
III week exercises | |
IV week lectures | Fundamental principles - simplicity principles. Minimize common mechanism (The sharing of resources should be reduced as much as possible). Least astonishment (Security mechanisms should be designed so that their operation is as logical and simple as possible.). |
IV week exercises | |
V week lectures | Fundamental principles – methodology principles. Open design (Security of software, and of what that software provides, should not depend on the secrecy of its design or implementation.). Layering (Organize software in layers). Abstraction (Hide the internals of each layer, making only the interfaces available). Modularity (Design and implement the software as a collection of co-operating modules). |
V week exercises | |
VI week lectures | Fundamental principles – methodology principles. Complete linkage (Tie software security design and implementation to the security specifications for that software). Design for iteration (Plan the design in such a way that it can be changed, if needed.). |
VI week exercises | |
VII week lectures | Design. Introduce techniques for including security considerations throughout the design of software. Derivation of security requirements (Beginning with business, mission, or other objectives, determine what security requirements are necessary to succeed). Specification of security requirements (Translate the security requirements into a form of formal specification, informal specifications, specifications for testing). |
VII week exercises | |
VIII week lectures | Design. Software development lifecycle/Security development lifecycle (waterfall model, agile development and security). Programming languages and type-safe languages (Discuss the problems that programming languages introduce, what type-safety does, and why it is important). |
VIII week exercises | |
IX week lectures | Implementation. Introduce techniques for including security considerations throughout the implementation of software. Validating input and checking its representation. Using APIs correctly. Using security features. Checking time and state relationships. Handling exceptions and errors properly. |
IX week exercises | |
X week lectures | Implementation. Programming robustly. Encapsulating structures and modules. Taking environment into account (dont put sensitive information in the source code). |
X week exercises | |
XI week lectures | Analysis and Testing. Static and dynamic analysis. Unit testing. Integration testing. Software testing. |
XI week exercises | |
XII week lectures | Deployment and Maintenance. Configuring. Patching and the vulnerability lifecycle. Checking environment (ensuring the environment matches the assumptions made in the software). |
XII week exercises | |
XIII week lectures | Deployment and Maintenance. DevOps (combine development and operation). Decommissioning/Retiring (how to remove software without causing security problems.). |
XIII week exercises | |
XIV week lectures | Documentation. Introduce and include information about security considerations in configuration, use, and other aspects of using the software and maintaining it. Installation documents. User guides and manuals. Assurance documentation. Security documentation. |
XIV week exercises | |
XV week lectures | Ethics. Code reuse (licensing). Professional responsibility. Social aspects of software development. Legal aspects of software development. Vulnerability disclosure. Ethical implications of testing. |
XV week exercises |
Student workload | Weekly: 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work) |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Regular attendance at classes, appropriate behavior, attending knowledge tests. |
Consultations | |
Literature | 1. Computer Security, Dieter Gollman, 2011, ISBN: 978-0470741153 2. Software Security: Principles, Policies, and Protection, Mathias Payer, 2021 3. Computer Security: Principles and Practice, William Stallings, Lawrie Brown, 2017, ISBN: 978- 0134794105 |
Examination methods | - Тwo tests worth 30 points each. Project assignment (work in groups) worth 30 points. Special commitment and effort during class, as well as exceptional solutions to individual tasks, are valued up to 10 points.) - The student will pass the exam if he accumulates at least 50 points |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / COMPUTER FORENSICS
Course: | COMPUTER FORENSICS/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39186 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | Provides the opportunity to master the basics of Computer Forensics, the procedures, tools and methodologies of Computer Forensics, equips students to analyze computer systems and programs in order to collect forensic evidence. |
Learning outcomes | Explain the role and importance of computer forensics. Properly defines and lists appropriate examples of the application of computer forensics. Properly: collects, preserves, processes and presents computer-forensic evidence. Participates in all phases of computer forensics: prepares, plans and conducts computer forensics investigation. Prepares a report on the results of the forensic processing of the collected evidence. |
Lecturer / Teaching assistant | Dr Srđan Kadić, MSc Nikola Pižurica |
Methodology | Lectures and exercises in the computer classroom with the use of appropriate virtual (online) platforms. Learning and independent preparation of practical tasks and seminar papers. Consultations. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction to computer forensics |
I week exercises | Introduction to computer forensics |
II week lectures | Concept, methodologies, tools and technologies of computer forensics |
II week exercises | Concept, methodologies, tools and technologies of computer forensics |
III week lectures | Branches of computer forensics |
III week exercises | Branches of computer forensics |
IV week lectures | Overview of computer forensics software/hardware tools |
IV week exercises | Overview of computer forensics software/hardware tools |
V week lectures | Open-Source Forensic Tools |
V week exercises | Open-Source Forensic Tools |
VI week lectures | Forensics investigation procedure - systematic approach |
VI week exercises | Forensics investigation procedure - systematic approach |
VII week lectures | Data acquisition – Preservation, verification and authentication of evidence |
VII week exercises | Data acquisition – Preservation, verification and authentication of evidence |
VIII week lectures | Forensics analysis and validation |
VIII week exercises | Forensics analysis and validation |
IX week lectures | Windows / Mac / Linux Forensics |
IX week exercises | Windows / Mac / Linux Forensics |
X week lectures | Advanced Windows Forensics |
X week exercises | Advanced Windows Forensics |
XI week lectures | Data storage forensics (HDD-SSD-USB) |
XI week exercises | Data storage forensics (HDD-SSD-USB) |
XII week lectures | Portable and embedded device forensics |
XII week exercises | Portable and embedded device forensics |
XIII week lectures | Network and Cloud Forensics |
XIII week exercises | Network and Cloud Forensics |
XIV week lectures | Application & Database Forensics |
XIV week exercises | Application & Database Forensics |
XV week lectures | Processing of collected and identified evidence - Reporting |
XV week exercises | Processing of collected and identified evidence - Reporting |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Students are required to attend classes, do and hand in all homework, and complete all exercises. |
Consultations | |
Literature | Incident Response and Computer Forensics,3rd Edition, Luttgens, Pepe and Mandia, McGraw Hill; 2014 |
Examination methods | The exam consists of a practical and a final part of the exam. The practical work is evaluated with 35 points, and the final exam with 65 points. A passing grade is obtained if at least 51 points are accumulated cumulatively. |
Special remarks | Teaching is conducted for a group of about 40 students. Teaching can be done online, with the help of distance learning platforms, and external platforms for testing practical skills. |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / PENETRATION TESTING
Course: | PENETRATION TESTING/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39187 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | This course provides a mastering technique that involves information gathering, preparing, and planning system vulnerability testing to properly execute specific attacks and create follow-up reports on system vulnerability testing. Students can identify and exploit system vulnerabilities, creating a basis for making recommendations for mitigating identified risks. |
Learning outcomes | After the student passes this exam, student will be able to: Properly plan and prepare for a penetration test Active and passive information gathering Execute testing and exploit target system Develop and deliver final report and recommendation |
Lecturer / Teaching assistant | Srđan Kadić, Savo Tomović |
Methodology | Lectures and exercises in the computer classroom with the use of appropriate virtual (online) platforms. Learning and independent preparation of practical tasks and seminar papers. Consultations. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction to Pen Testing and Ethical hacking |
I week exercises | Introduction to Pen Testing and Ethical hacking |
II week lectures | Concept, methodologies, tools and technologies |
II week exercises | Concept, methodologies, tools and technologies |
III week lectures | Overview of vulnerabilities and exploits techniques |
III week exercises | Overview of vulnerabilities and exploits techniques |
IV week lectures | Pen Test Planning, Scoping, and Recon |
IV week exercises | Pen Test Planning, Scoping, and Recon |
V week lectures | Active and passive information gathering and system scanning |
V week exercises | Active and passive information gathering and system scanning |
VI week lectures | Prepare and execute initial access |
VI week exercises | Prepare and execute initial access |
VII week lectures | Post Exploitation |
VII week exercises | Post Exploitation |
VIII week lectures | Core infrastructure attacks |
VIII week exercises | Core infrastructure attacks |
IX week lectures | Network based attacks |
IX week exercises | Network based attacks |
X week lectures | Web based attacks |
X week exercises | Web based attacks |
XI week lectures | Mobile and portable device |
XI week exercises | Mobile and portable device |
XII week lectures | IoT and Cloud |
XII week exercises | IoT and Cloud |
XIII week lectures | Portable and embedded devices |
XIII week exercises | Portable and embedded devices |
XIV week lectures | Non-traditional devices |
XIV week exercises | Non-traditional devices |
XV week lectures | Analyzing and reporting pen test results |
XV week exercises | Analyzing and reporting pen test results |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Weekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work) |
Consultations | |
Literature | Ethical Hacking - A Hands-on Introduction to Breaking In, Daniel G. Graham, NoStarchPress, 2021 Real-World Bug Hunting - A Field Guide to Web Hacking, Peter Yaworski, NoStarchPress, 2019 Attacking Network Protocols - A Hackers Guide to Capture, Analysis, and Exploitation, James Forshaw, NoStarchPress, 2017 Metasploit, 2nd Edition, David Kennedy, Mati Aharoni, Devon Kearns, Jim O’Gorman, and Daniel Graham, NoStarchPress, November 2023 |
Examination methods | The exam consists of a practical and a final part of the exam. The practical work is evaluated with 35 points, and the final exam with 65 points. A passing grade is obtained if at least 51 points are accumulated cumulatively |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SYSTEM SECURITY
Course: | SYSTEM SECURITY/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39188 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | Through this course, students are introduced to general terms related to the security of computer systems. They will be introduced to the importance of looking at the system as a whole. They will be able to recognize risks and adequately respond to them. |
Learning outcomes | After the student passes this exam: - He/she will be able to recognize risks in computer systems - He/she will know the methods of authentication and authorization - He/she will be aware of the importance of sharing responsibility - He/she will be able to recognize and analyze security risks in web and mobile applications - They will get to know the basic defense techniques against these threats |
Lecturer / Teaching assistant | Prof. dr Slobodan Đukanović, Doc. dr Stefan Vujović |
Methodology | Lectures, exercises, consultations, independent work |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction. Holistic approaches. System parts. |
I week exercises | Introduction. Holistic approaches. System parts. |
II week lectures | Threat models |
II week exercises | Threat models |
III week lectures | Division of privileges and responsibilities |
III week exercises | Division of privileges and responsibilities |
IV week lectures | Authentication methods: human-to-system, system-to- system |
IV week exercises | Authentication methods: human-to-system, system-to- system |
V week lectures | Network security and protocols |
V week exercises | Network security and protocols |
VI week lectures | Identity on web, private browsing |
VI week exercises | Identity on web, private browsing |
VII week lectures | Test |
VII week exercises | Test |
VIII week lectures | Security of web applications |
VIII week exercises | Security of web applications |
IX week lectures | Security of web applications |
IX week exercises | Security of web applications |
X week lectures | Security of mobile applications |
X week exercises | Security of mobile applications |
XI week lectures | Data tracking |
XI week exercises | Data tracking |
XII week lectures | Defense against attacks: ASLR, IP hopping |
XII week exercises | Defense against attacks: ASLR, IP hopping |
XIII week lectures | Hardware security |
XIII week exercises | Hardware security |
XIV week lectures | System organization and procedures |
XIV week exercises | System organization and procedures |
XV week lectures | Advanced defense techniques |
XV week exercises | Advanced defense techniques |
Student workload | |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Regular attendance at classes, appropriate behavior, attending knowledge tests |
Consultations | After the classes, or upon a request. |
Literature | |
Examination methods | - Test (50 points) - Exam (50 points) |
Special remarks | None |
Comment | None |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / ORGANIZATIONAL SECURITY, HUMAN SECURITY
Course: | ORGANIZATIONAL SECURITY, HUMAN SECURITY/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39189 | Obavezan | 6 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | |
Aims | The aim of the course is to develop the critical thinking and analytical skills necessary for an comprehensive understanding of the concept of information security in the light of modern challenges in cyberspace, as well as its implications for the national, regional and global security context. Special objectives refer to the acquisition of knowledge about strategic and legislative instruments that define risks and the protection of critical information infrastructure, rights, obligations and responsibilities in the domain of personal data protection, the implementation of the concept of corporate security, as well as the development of a security culture in organizations. |
Learning outcomes | After successful completion of the module, the student will be able to: - demonstrate a critical understanding of the concept of information security and a comprehensive overview of its implications in the national, regional and global security contexts; - independently identifies emerging forms of information security threats; - systematically interprets and applies the legal framework of the personal data protection; - understand the regulatory and institutional challenges for the critical information infrastructure protection; - recognize social engineering methods; - critically evaluate standards and good practices for the cybersecurity development; - show an awareness of the importance of the organizational security culture for mitigation of internal risks. |
Lecturer / Teaching assistant | Prof. Stefan Sütterlin, PhD, Prof. Thom Brooks, PhD, Andreja Mihailovic, PhD |
Methodology | Lectures, exercises, consultations, case studies, etc. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Presentation of the teaching and learning methods, requirements for students, assignments and assessment methods. |
I week exercises | |
II week lectures | The digital transformation and the importance of ICTs in societys needs. |
II week exercises | |
III week lectures | Definition of the concept of security, functions, principles. Social values and interests of importance for individual and collective security. |
III week exercises | |
IV week lectures | Information security and importance in the national security system. Globalization of security and the dynamics of contemporary geopolitical relations (asymmetric and hybrid conflicts). |
IV week exercises | |
V week lectures | Contemporary security challenges in cyberspace. Sources, forms, subjects and implications of threats in cyberspace. |
V week exercises | |
VI week lectures | Strategic framework of information security. National cyber security strategy. The EUs Cybersecurity Strategy for the Digital Decade. |
VI week exercises | |
VII week lectures | Protection of critical information infrastructure. Directive on the security of network and information systems (NIS 2 Directive). |
VII week exercises | |
VIII week lectures | National legislative framework of information security. Information Security Law. |
VIII week exercises | |
IX week lectures | Corporate governance and corporate security in cyberspace. Organizational security challenges. |
IX week exercises | |
X week lectures | Protection of human rights and freedoms in cyberspace (ePrivacy, hate speech and freedom of expression on the Internet). |
X week exercises | |
XI week lectures | Rights, obligations and responsibility in the field of personal data protection. General EU Regulation on Personal Data Protection GDPR 2016/679 (General Data Protection Regulation). |
XI week exercises | |
XII week lectures | Social engineering. Development of the organizational security culture through education and raising awareness initiatives. |
XII week exercises | |
XIII week lectures | International cooperation in information security development (institutional framework, standards and examples of good practice). |
XIII week exercises | |
XIV week lectures | The role of private-public partnerships in defining national cybersecurity strategy. |
XIV week exercises | |
XV week lectures | Final exam. |
XV week exercises |
Student workload | Weekly 6 credits x 40/30 = 8 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 5 hours of independent work, including consultation During the semester Classes and final exam: (8 hours) x 16 = 128 hours Necessary preparations before the beginning of the semester (administration, registration, certification) 2 x (8 hours) = 16 hours Total workload for the course 6x30 = 180 hours Supplementary work for exam preparation in the make-up exam period, including taking the make-up exam from 0 to 36 hours (remaining time from the first two items to the total workload for the course 180 hours) Load structure : 128 hours (Teaching) + 16 hours (Preparation) + 36 hours (Supplementary work) |
Per week | Per semester |
6 credits x 40/30=8 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 4 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
8 hour(s) i 0 minuts x 16 =128 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 8 hour(s) i 0 minuts x 2 =16 hour(s) i 0 minuts Total workload for the subject: 6 x 30=180 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 36 hour(s) i 0 minuts Workload structure: 128 hour(s) i 0 minuts (cources), 16 hour(s) i 0 minuts (preparation), 36 hour(s) i 0 minuts (additional work) |
Student obligations | Students are required to regularly attend classes and participate in all forms of knowledge assessment throughout the semester. |
Consultations | |
Literature | Buckland, B., Schreier, F., Winkler, T., (2010). Democratic Governance Challenges of Cybersecurity, Security and democracy Forum, Beograd. DCAF (2019). Guide to Good Governance in Cybersecurity, Genève. Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, Official Journal of the European Union L 194/1. ENISA (2017). Public-Private Partnerships in Cyberspace, Available at: https://www. enisa.europa.eu/publications/public-private-partnerships-ppp-cooperative-models/at_download/fullReport GDPR.eu. Complete Guide to GDPR Compliance, Available at: https://gdpr.eu/ Kovacevic, A., Nikolic, D. (2015). Cyber attacks on critical infrastructure: Review and challenges. In Handbook of Research on Digital Crime, Cyberspace Security, and Information Assurance (pp. 1-18). Hershey: IGI Globa. Njenga, K. (2022). Information Systems Security in Small and Medium-Sized Enterprises: Emerging Cybersecurity Threats in Times of Turbulence, Nova Science Publishers, Inc. Regulation (EU) 2016/679 of The European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) Cyber Security Strategy of Montenegro 2022-2026. The EU’s Cybersecurity Strategy for the Digital Decade, Commission and the High Representative of the Union for Foreign Affairs and Security Policy, Joint communication to the European Parliament and the Council, Brussels, 16.12.2020, JOIN (2020) 18 final, p. 3. Information Security Law ("Official Gazette of Montenegro", no. 14/2010 and 40/2016). Personal Data Protection Law ("Official Gazette of Montenegro", No. 079/08 dated 23.12.2008, 070/09 dated 21.10.2009, 044/12 dated 09.08.2012, 022/17 dated 03.04.2017). |
Examination methods | Forms of knowledge testing and assessment: - Written examinations – 30 - Oral presentation/participation in exercises – 20 - Writing paper – 20 - Final exam – 30 |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / MODERN COMPUTER SYSTEM PROTECTION TECHNIQUES
Course: | MODERN COMPUTER SYSTEM PROTECTION TECHNIQUES / |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39190 | Obavezan | 7.5 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | None. |
Aims | Acquaintance of students with the basic methods and techniques for the protection of computer systems in terms of data protection, communications and access to the system. Identification of weak points that reduce the security of the computer system. |
Learning outcomes | After the student passes this exam, she/he will be able to: - Knows the elements of a computer system that affect its security. - Apply protection methods on server computer systems. - Apply protection methods on user devices. - Performs system-user training in order to increase security. |
Lecturer / Teaching assistant | Prof. dr Miloš Daković, doc. dr Isidora Stanković |
Methodology | Lectures, exercises, consultations, independent work. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction |
I week exercises | Introduction |
II week lectures | Methods of protection of computer systems |
II week exercises | Methods of protection of computer systems |
III week lectures | Data protection |
III week exercises | Data protection |
IV week lectures | Protection of communications |
IV week exercises | Protection of communications |
V week lectures | Protection of server computers |
V week exercises | Protection of server computers |
VI week lectures | Methods and techniques of server computers protection |
VI week exercises | Methods and techniques of server computers protection |
VII week lectures | Protection of user devices used for accessing the computer system |
VII week exercises | Protection of user devices used for accessing the computer system |
VIII week lectures | Methods and techniques for protecting user devices |
VIII week exercises | Methods and techniques for protecting user devices |
IX week lectures | Mechanisms of identification and authentication of computer system users |
IX week exercises | Mechanisms of identification and authentication of computer system users |
X week lectures | Authorization of computer system users |
X week exercises | Authorization of computer system users |
XI week lectures | Test |
XI week exercises | Test |
XII week lectures | User training in computer system protection |
XII week exercises | User training in computer system protection |
XIII week lectures | Advanced protection techniques |
XIII week exercises | Advanced protection techniques |
XIV week lectures | Case studies |
XIV week exercises | Case studies |
XV week lectures | Case studies |
XV week exercises | Case studies |
Student workload | |
Per week | Per semester |
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 6 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts Total workload for the subject: 7.5 x 30=225 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 45 hour(s) i 0 minuts Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work) |
Student obligations | Regular monitoring of classes, doing homework and checking knowledge. |
Consultations | After the classes. |
Literature | 1. William Stallings, Lawrie Brown, Computer Security: Principles and Practice, Pearson, 2017. 2. Dieter Gollman, Computer Security, Willey, 2011. 3. Matt Bishop, Introduction to Computer Security, Addison-Wesley, 2004. |
Examination methods | Homework and exercises: 15 points; Test: 40 points; Final exam: 45 points. |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / ADVANCED COMPUTER FORENSICS
Course: | ADVANCED COMPUTER FORENSICS/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39191 | Obavezan | 7.5 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | |
Aims | This course provides an introduction to the advanced computer forensic topics. Provides the opportunity to master the fundamentals of Advance Computer Forensics, the procedures, tools and methodologies in order to analyze specific systems and programs to collect forensic evidence. |
Learning outcomes | • Upoznaje studente s najsavremenijim tehnikama napredne računarske forenzike za računarske sisteme и netradicionalne uređaje. • Upoznaje studente sa специфичностима datotečnih sistema и њиховим оперативним артефактима (Windows, Mac и Linux OS). • Обухваћене теме могу укључивати: напредно издвајање и реконструкцију датотека (file carving), мрежну и Cloud forenziku, forenziku mobilnih уређаја, memorijsku forenziku и антифорензику. |
Lecturer / Teaching assistant | Asst. prof. Srđan Kadić, Velibor Došljak |
Methodology |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Introduction to Advanced Computer Forensics |
I week exercises | Introduction to Advanced Computer Forensics |
II week lectures | Concept, methodologies, tools and technologies of advanced computer forensics |
II week exercises | Concept, methodologies, tools and technologies of advanced computer forensics |
III week lectures | Overview of Attacker techniques and incident responses |
III week exercises | Overview of Attacker techniques and incident responses |
IV week lectures | Volatile memory forensics, RAM and CACHE |
IV week exercises | Volatile memory forensics, RAM and CACHE |
V week lectures | NonVolatile data forensics |
V week exercises | NonVolatile data forensics |
VI week lectures | Advance Windows forensics – Registry, Event Logs and system files |
VI week exercises | Advance Windows forensics – Registry, Event Logs and system files |
VII week lectures | Advance Mac/Linux forensics |
VII week exercises | Advance Mac/Linux forensics |
VIII week lectures | Browser forensiscs |
VIII week exercises | Browser forensiscs |
IX week lectures | Email, Social Media forensics |
IX week exercises | Email, Social Media forensics |
X week lectures | Mobile forensics |
X week exercises | Mobile forensics |
XI week lectures | Network and Cloud Forensics |
XI week exercises | Network and Cloud Forensics |
XII week lectures | Non-traditional devices forensics – IoT, drones and camera |
XII week exercises | Non-traditional devices forensics – IoT, drones and camera |
XIII week lectures | GPS systems forensics |
XIII week exercises | GPS systems forensics |
XIV week lectures | Malware Analysis |
XIV week exercises | Malware Analysis |
XV week lectures | Threat Hunting and Incident Response |
XV week exercises | Threat Hunting and Incident Response |
Student workload | |
Per week | Per semester |
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 6 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts Total workload for the subject: 7.5 x 30=225 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 45 hour(s) i 0 minuts Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work) |
Student obligations | |
Consultations | |
Literature | |
Examination methods | |
Special remarks | |
Comment |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY INCIDENTS, PREVENTION AND RECOVERY
Course: | SECURITY INCIDENTS, PREVENTION AND RECOVERY/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39192 | Obavezan | 7.5 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | The aim of the course is to acquire the necessary theoretical and practical knowledge for dealing with cyber security incidents in organizations. |
Learning outcomes | After the student passes this exam, the student will be able to: - independently identifies types of security incidents; - explain and analyze the basic principles of cyber security incident management - understand and discuss the importance of a cyber incident response plan - look at the distribution of responsibility and the role of external experts for cyber incidents; - understand and analyze the role of hardware and software in cyber security incidents - critically assess adequate communication strategies during a cyber incident - explain and analyze ways to detect and identify cyber incidents - analyze and critically evaluate the mechanisms of containment, eradication and recovery from a cyber incident - explain and analyze the significance and ways of monitoring, reporting and evaluating cyber incidents for future actions |
Lecturer / Teaching assistant | Professor Ljiljana Kašćelan, PhD Sunčica Vuković, PhD |
Methodology | Lectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Concept and types of cyber security incidents |
I week exercises | Concept and types of cyber security incidents |
II week lectures | Basic principles of cyber security incident management |
II week exercises | Basic principles of cyber security incident management |
III week lectures | Cyber security incident response plan |
III week exercises | Cyber security incident response plan |
IV week lectures | Assigning responsibilities and creating a cyber incident response team |
IV week exercises | Assigning responsibilities and creating a cyber incident response team |
V week lectures | The role of the cyber incident response experts |
V week exercises | The role of the cyber incident response experts |
VI week lectures | Hardware and software for cyber incident management |
VI week exercises | Hardware and software for cyber incident management |
VII week lectures | Communication strategy |
VII week exercises | Communication strategy |
VIII week lectures | Cyber insurance |
VIII week exercises | Cyber insurance |
IX week lectures | Detection and identification of potential cyber incidents |
IX week exercises | Detection and identification of potential cyber incidents |
X week lectures | Containment of the current incident |
X week exercises | Containment of the current incident |
XI week lectures | Eradication and recovery from the current incident |
XI week exercises | Eradication and recovery from the current incident |
XII week lectures | Communication during the current incident |
XII week exercises | Communication during the current incident |
XIII week lectures | Incident monitoring and reporting |
XIII week exercises | Incident monitoring and reporting |
XIV week lectures | Evaluation and future actions |
XIV week exercises | Evaluation and future actions |
XV week lectures | Case study and summary of the study material |
XV week exercises | Case study and summary of the study material |
Student workload | 7,5 credits x 40/30 = 10 hours Structure: 2 hours 15 minutes of lectures 45 minutes of computational exercises 7 hours of independent work, including consultation |
Per week | Per semester |
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 6 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts Total workload for the subject: 7.5 x 30=225 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 45 hour(s) i 0 minuts Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work) |
Student obligations | Regular attendance at classes, appropriate behavior, attending knowledge tests |
Consultations | TBA |
Literature | Thompson, EC (2018). Cybersecurity incident response: How to contain, eradicate, and recover from incidents . Apress. Center for Cyber Security Belgium (2019). Cyber security incident management guide . Trim, P. & Lee, Y. (2022). Strategic Cyber Security Management. Routledge |
Examination methods | Forms of knowledge testing and assessment: - Mid term exam – 30 points - Class activity – 10 points - Seminar paper – 20 points Final exam – 40 points |
Special remarks | / |
Comment | / |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |
Institute for Interdisciplinary and Multidisciplinary Studies / CYBER SECURITY / SECURITY RISK MANAGEMENT
Course: | SECURITY RISK MANAGEMENT/ |
Course ID | Course status | Semester | ECTS credits | Lessons (Lessons+Exercises+Laboratory) |
39193 | Obavezan | 7.5 | 3+1+0 |
Programs | CYBER SECURITY |
Prerequisites | The subject is not conditioned by other subjects. |
Aims | The aim of the course is to acquire the necessary theoretical and practical knowledge for dealing with cyber security risk management in organizations and institutions. |
Learning outcomes | After the student passes this exam, the student will be able to: - independently identifies types of security risks, - describe risk management and its role in the organization, - describe risk management techniques to identify and prioritize risk factors for information assets and how risk is assessed, - discuss the strategy options used to treat risk and be prepared to select from them when given background information, - explain and analyze the basic principles of cyber security risk management, - understand and discuss the importance of cyber sercurity risk management in organizations and intitutions, - understand and analyze the role of hardware and software in risk management process, - explain and analyze ways to detect and identify cyber security risks, - explain and analyze the significance and ways of cyber risk identification, cyber risk assesment and cyber risk mitigation, - understand the link between security risk management and individual, group and organizational performance, - develop strategic thinking about cybersecurity risk management, - analyze critical decisions and processes in cybersecurity risk management process, - improve managerial decision-making capabilities with regard to security risk management and human capital issues in a modern organizations and institutions, - instill ethical and sustainability consideration in management decisions, - understand process of monitoring, reporting and evaluating cyber incidents for future actions. |
Lecturer / Teaching assistant | Ivan Radević, Assistant Professor |
Methodology | Lectures, exercises, consultations, case studies, essays, seminar papers, examples from practice, etc. |
Plan and program of work | |
Preparing week | Preparation and registration of the semester |
I week lectures | Concept of Risk Management and Cyber Security Risk Management. |
I week exercises | Concept of Risk Management and Cyber Security Risk Management. |
II week lectures | Cyber Threats and Organizational Risk. |
II week exercises | Cyber Threats and Organizational Risk. |
III week lectures | Context Establishment, Corporate Risk Environment and Cyber Risk. |
III week exercises | Context Establishment, Corporate Risk Environment and Cyber Risk. |
IV week lectures | Cybersecurity Enterprise Risk Management. |
IV week exercises | Cybersecurity Enterprise Risk Management. |
V week lectures | Standards, Regulations and Security Measures (Data-Driven Security). |
V week exercises | Standards, Regulations and Security Measures (Data-Driven Security). |
VI week lectures | Cyber Risk Identification. |
VI week exercises | Cyber Risk Identification. |
VII week lectures | Cyber Risk Assessment. |
VII week exercises | Cyber Risk Assessment. |
VIII week lectures | Cyber Risk Mitigation. |
VIII week exercises | Cyber Risk Mitigation. |
IX week lectures | Cyber Risk Monitoring, Detection and Reporting. |
IX week exercises | Cyber Risk Monitoring, Detection and Reporting. |
X week lectures | Cyber Attack Response and Recovery. |
X week exercises | Cyber Attack Response and Recovery. |
XI week lectures | Vulnerability Management. |
XI week exercises | Vulnerability Management. |
XII week lectures | Risk Management Practice – Case Studies. |
XII week exercises | Risk Management Practice – Case Studies. |
XIII week lectures | Corporate Risk Environment. |
XIII week exercises | Corporate Risk Environment. |
XIV week lectures | Strategic Cybersecurity Risk Management. |
XIV week exercises | Strategic Cybersecurity Risk Management. |
XV week lectures | Evaluation and Recapitulation. |
XV week exercises | Evaluation and Recapitulation. |
Student workload | |
Per week | Per semester |
7.5 credits x 40/30=10 hours and 0 minuts
3 sat(a) theoretical classes 0 sat(a) practical classes 1 excercises 6 hour(s) i 0 minuts of independent work, including consultations |
Classes and final exam:
10 hour(s) i 0 minuts x 16 =160 hour(s) i 0 minuts Necessary preparation before the beginning of the semester (administration, registration, certification): 10 hour(s) i 0 minuts x 2 =20 hour(s) i 0 minuts Total workload for the subject: 7.5 x 30=225 hour(s) Additional work for exam preparation in the preparing exam period, including taking the remedial exam from 0 to 30 hours (remaining time from the first two items to the total load for the item) 45 hour(s) i 0 minuts Workload structure: 160 hour(s) i 0 minuts (cources), 20 hour(s) i 0 minuts (preparation), 45 hour(s) i 0 minuts (additional work) |
Student obligations | Regular attendance at classes, appropriate behavior, attending knowledge tests. |
Consultations | During the regular consultation hours of the course professor, before and after classes, as well as via email radevic@ucg.ac.me. |
Literature | 1. Oh, K-B., Ho, B. & Slade, B. (2022). Cybersecurity Risk Management: An Enterprise Risk Management Approach. Nova Science Publishers, USA. 2. Vellani, K. H. (2020). Strategic Security Management: A Risk Assessment Guide for Decision Makers. Taylor and Francis Group, USA. 3. Kissoon, T. (2022). Optimal Spending on Cybersecurity Measures. Routledge, UK. 4. Refsdal, T., Solhaug, B. & Stølen, K. (2015). Cyber-Risk Management. Springer, UK. 5. Hodson, C. J. (2019). Cyber Risk Management: Prioritize threats, idenrtify vulnerabilities and apply controls. Kogan Page Limited, UK. 6. Brumfield, C. & Haugli, B. (2022). Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework. Wiley, USA. 7. Leirvik, R. (2022). Understand, Manage and Measure Cyber Risk: Practical Solutions for Creating a Sustainable Cyber Program. Apress, USA. 8. Hubbard, D. W. & Seiersen, R. (2016). How to Measure Anything in Cybersecurity Risk. Wiley, USA. 9. Trim, P. & Lee, Y. (2022). Strategic Cyber Security Management. Routledge, UK. |
Examination methods | 1. Mid term exam – 30 points 2. Class activity – 10 points 3. Seminar paper – 20 points 4. Final exam – 40 points |
Special remarks | / |
Comment | / |
Grade: | F | E | D | C | B | A |
Number of points | less than 50 points | greater than or equal to 50 points and less than 60 points | greater than or equal to 60 points and less than 70 points | greater than or equal to 70 points and less than 80 points | greater than or equal to 80 points and less than 90 points | greater than or equal to 90 points |