726 Information Security Policy

726 Information Security Policy

  • Study programme and level: Professional degree programme Administration 1nd Cycle
  • 2nd or 3th year
  • 6 ECTS
  • Course type: Elective
  • Lectures: 15
  • Individual work: 165
  • Lecturer: Bojan Peček, PhD


1. Objectives and competences

  • Student understands field of information security policy
  • Student creates his/her own security policy on the individual level
  • Collaborates at the development of the strategic security policy on the level of overall organisation


  • Student is acquired if creating and organising the security policy
  • Is capable of assessing practical achievements on the field of security policy
  • Is trained for the implementation of the practical experiences from other organisations into his or her own environment
  • Has skills needed to communicate with the specialists for information and communication technology of this field
  • Knows to connect wide area of knowledge into the realisation of the secure working place

2. Content

  • Definition of content (types of protection, access to data and systems, fields, consequences)
  • Data and network security at the EU level (legal bases, standardisation, institutional organisation)
  • Legal bases for security policy (legislative framework, organisational and functional aspects of administration, employment aspects, procedural aspects, substantive law regulations, recommendations)
  • Security policy standardisation
  • Comprehensive system for data protection, information systems and services
  • Data protection policy as basis of modern society 
  • Development, introduction, maintenance and management of security policy
  • Handling individual areas and security policies that are specific to the administration
  • Risk management
  • Internal and external supervisory system

3. Readings

  • Thomas R. Peltier, Information Security Policies and Procedures: A Practitioner's Reference, Second Edition (Hardcover), Auerbach Publications, 2004
  • Scott Barman, Writing Information Security Policies (Landmark), NewRiders, 2001
  • Timothy P. Layton, Information Security: Design, Implementation, Measurement, and Compliance, Auerbach Publications, 2006
  • Berčič Boštjan Skladnost varnostnih politik z zakonodajo, Infosec 2003, Nova Gorica
  • Vzorci varnostnih politik, elektronski vir,  CD-ROM, monografska publikacija, Housing, 2008

4. Intended learning outcomes

  • Awareness about risks and threads for working place on the field of information security policy
  • Capability of recognition of standards that form information security policy
  • Ability for creation of the information security policy
  • Skilled for the collaboration in team formed for the improvement of the information security policy
  • Knowledge of assessing information policy achievements

5. Learning and teaching methods

  • Lecturing
  • Case study
  • Seminar paper
  • Presentation

6. Assessment

  • Seminar paper (10%)
  • Presentation (40%)
  • Oral exam  (50%)