• The draft version of syllabi for 2 courses/modules
  1. Draft version received from Odessa National Polytechnic University. Information Security and Data Protection
  2. Draft version received from the Institute of Business and Advanced Technologies. ²íôîðìàö³éíà áåçïåêà òà çàõèñò äàíèõ
• The modernized curricula
  1. CURRICULUM OF THE SUBJECT "Information Security", VNTU, 2008
     1. THE AIM AND THE TASKS OF THE SUBJECT
     1.1. The Aim of the Subject
     1.2. The Tasks of the Subject
     1.3. Place of the Subject in the Process of Study.
     2. CONTENT OF THE SUBJECT
     2.1. Basic Principles of Information Security.
     2.2. Conceptual Model of Information Security.
     2.3. Legislative Level of Information Security.
     2.4. Administrative Level of Information Security.
     2.5. Organizational Level of Information Security.
     2.6. Technical and Engineering Level of Information Security.
     2.7. Cryptographic Information Protection.
     2.8. Stenographic Information protection.
     2.9. Information Authentication and Authorization.
     2.10. Programs Security.
     2.11. Computer, Information and Telecommunication Systems Security.
     2.11. Conclusions
     3. The Content of the Laboratory Classes
     3.1. The List of Laboratory Classes.
     4. References.
  2. CURRICULUM OF THE SUBJECT "Data Security", VNTU, 2008
     1. THE AIM AND THE TASKS OF THE SUBJECT
     1.1. The Aim of the Subject
     1.2. The Tasks of the Subject
     1.3. Place of the Subject in the Process of Study.
     2. CONTENT OF THE SUBJECT
     2.1. EDI – Electronic Data Interchange.
     2.2. Electronic Commerce.
     2.3. Non-Material Money.
     2.4. Distant Payments with the Help of Bank Cards.
     2.5. Systems to Make Micro Payments Face-to-face.
     2.6. Distant Micro Payments Systems.
     2.7. Digital Money.
     2.8. Electronic Checks.
     2.9. Smart Cards.
     2.10. European Projects of Joint Payment Systems.
     2.11. Conclusions
     3. The Content of the Laboratory Classes
     3.1. The List of Laboratory Classes.
     4. References
• List of the literature to be used in the study course for the disciplines "Information Security" and "Data Protection"
• Glossary 1
• Glossary 2

Information Security and Data Protection
(18 lections, 9 laboratory works)
Module 1
Theme 1. Overview of modern situation in information security and
data protection.

Lection 1.
Modern situation in information security and data protection
Introduction. Basics and concepts of data protection.

Lection 2.
Cryptography and steganography
Basic cryptographic concepts;
Key length and password length;
Introduction to steganography.

Theme 2. Information security basic concepts overview.

Lection 3.
Historical aspects of information security development.
History of cryptography;
Some interesting historical facts.

Lection 4.
Some curious notes on information security
Hackers and crackers;
Identification and authentication;
Cybercrimes and legislation.

Theme 3. Hardware and software means of data protection.

Lection 6.
Hardware means of data protection
Biometric devices;
Authentication devices;
Bugs overview.

Lection 7.
Bugs. Introduction to bugs;
Recovery and monitoring;
Legislation.

Lection 8.
Software means of data protection
Overview of software means of data protection;
Secure computing systems;
Secure networks overview.

Lection 9.
Secure networks VPN’s;
IPsec protocols;
SSL and TLS protocols;
Authentication protocols overview.


Module 2
Theme 4. Overview of existing standards in field of information
security and data protection

Lection 10.
Internet protocols overview
OSI and TCP/IP protocol stacks;
Conditional access systems.

Lection 11.
Security over Internet
Overview of standardized internet security systems;
OpenPGP basics;
OpenSSL concepts.

Lection 12.
Existing cryptographic standards
NESSIE project;
CRYPTEC standards;
AES standard.

Theme 5. Overview of modern cryptographic techniques

Lection 13.
Asymmetric cryptography overview
Diffie-Hellman algorithm and IKE;
RSA digital signatures;
DSA and ECDSA digital signatures;
Overview of existing asymmetric algorithms.

Lection 14.
AES Advanced encryption algorithm;
AES process and it’s participants;
Modern encryption algorithms.

Lection 15.
Modern steganography
Overview of modern steganographic techniques;
Digital watermarks and it’s embedding techniques;
Detection and removing techniques of digital watermarks.

Theme 6. Enterprise information security.

Lection 16.
Enterprise information security overview
Sensitive information classification;
IS politics and legislation.

Lection 17.
Overview of existing software DP systems

Lection 18.
Digital certificate handling
Use of PKI and Web Of  Trust;
X.509 standard;
Internet browser digital certificate management (IE and Firefox).

2. Draft version received from the Institute of Business and
Advanced Technologies

²íôîðìàö³éíà áåçïåêà òà çàõèñò äàíèõ

Ðîçä³ë 1. Îñíîâè åêîíîì³÷íî¿ áåçïåêè

    Òåîðåòè÷í³ îñíîâè ³íôîðìàö³éíî¿ áåçïåêè â åêîíîì³ö³
    Îñíîâí³ ïðèíöèïè åêîíîì³÷íî¿ áåçïåêè

Ðîçä³ë 2. ²íôîðìàö³éíà áåçïåêà

    ×îìó ëþäè çä³éñíþþòü êîìï'þòåðí³ çëî÷èíè
    Îçíàêè êîìï'þòåðíèõ çëî÷èí³â
    Ìåòîäè çä³éñíåííÿ çëî÷èí³â
    Îçíàêè íàÿâíîñò³ óðàçëèâèõ ì³ñöü â ³íôîðìàö³éí³é áåçïåö³
    ̳ðè çàõèñòó ³íôîðìàö³éíî¿ áåçïåêè
    Ö³ë³ñí³ñòü ³íôîðìàö³¿
    Ô³çè÷íà áåçïåêà

Ðîçä³ë 3. Çàõèñò â³ä íåñàíêö³îíîâàíîãî äîñòóïó äî ³íôîðìàö³¿

    Ñïåö³àëüíå ïðîãðàìíå çàáåçïå÷åííÿ ïî çàõèñòó ³íôîðìàö³¿ ÏÊ
    Çàñîáè, ùî âèêîðèñòîâóþòü ïàðîëüíó ³äåíòèô³êàö³þ
    Âèêîðèñòàííÿ êðèïòîãðàô³¿
    Êëàñèô³êàö³ÿ êðèïòîàëãîðèòì³â
    Àëãîðèòì RSA. Òåõíîëî㳿 öèôðîâèõ ï³äïèñ³â
    Àðõ³âàö³ÿ òà ñòâîðåííÿ àðõ³â³â
    Çàøèôðîâêà çà äîïîìîãîþ àðõèâàòîð³â
    Çàõèñò äàíèõ çà äîïîìîãîþ ïðîãðàì
    Ñïåö³àëüí³ çàñîáè çàõèñòó ÏÊ
    Çàõèñò ÏÊ â³ä çáî¿â
    Ùî  ïàì'ÿòຠâàø êîìï'þòåð?!
    Çàõèñò â³ä øê³äëèâèõ êîìï'þòåðíèõ ôàêòîð³â

Ðîçä³ë 4. Çàõèñò ³íôîðìàö³¿ â ìåðåæàõ ÅÎÌ

    Ñêëàäíîñò³ â  îðãàí³çàö³¿ çàõèñòó ìåðåæ ÅÎÌ
    Êëàñèô³êàö³ÿ ïîãðîç êîìï'þòåðíèì ìåðåæàì
    Áåçïåêà â ²íòåðíåò
    ̳ðè ïðîòè䳿
    Ñó÷àñí³ ï³äõîäè äî çàáåçïå÷åííÿ ³íôîðìàö³éíî¿ áåçïåêè
êîìï'þòåðíèõ ìåðåæ

Ðîçä³ë 5. Îñíîâí³ ïðèíöèïè ïîáóäîâè ïîë³òèêè áåçïåêè îðãàí³çàö³¿

    Êëàñèô³êàö³ÿ ³íôîðìàö³¿
    Àðõ³òåêòóðà ìåðåæ³
    Âèêîðèñòàííÿ ðåñóðñ³â ìåðåæ³ ²íòåðíåò
    Ïðî âèêîðèñòàííÿ êðèïòîãðàô³÷íîãî çàõèñòó ³íôîðìàö³¿
    Âèìîãè äî ñèñòåìè êåðóâàííÿ àäðåñíèì ïðîñòîðîì
    Âèìîãè äî àäì³í³ñòðóâàííÿ ìåðåæ³
    Ïðèíöèïè êåðóâàííÿ äîñòóïîì êîðèñòóâà÷³â
    Äîäàòêîâ³ çàñîáè çàõèñòó ìåðåæ³
    Àíòèâ³ðóñíèé çàõèñò ³íôîðìàö³¿
    Çàõèñò ô³íàíñîâèõ òåõíîëîã³é íà ïðèêëàäíîìó ð³âí³

Ðîçä³ë 6. Àíòèâ³ðóñíèé çàõèñò

    Êëàñèô³êàö³ÿ êîìï'þòåðíèõ â³ðóñ³â
    Êëàñèô³êàö³ÿ ìåòîä³â çàõèñòó ³íôîðìàö³¿ â³ä êîìï'þòåðíèõ
â³ðóñ³â
    Îñíîâí³ ìåòîäè âèÿâëåííÿ ³ âèäàëåííÿ êîìï'þòåðíèõ â³ðóñ³â
    Êîðîòêà ïàì'ÿòêà äëÿ êîðèñòóâà÷à ïî çàõèñòó â³ä êîìï'þòåðíèõ
â³ðóñ³â
    Ïðîãðàìí³ çàñîáè çàõèñòó â³ä êîìï'þòåðíèõ â³ðóñ³â
    Ñàìîñò³éíå âèÿâëåííÿ òà âèäàëåííÿ  â³ðóñ³â

Ðîçä³ë 7.  ³äíîâëåííÿ êîìï'þòåðíî¿ ³íôîðìàö³¿

    ³äíîâëåííÿ îïåðàö³éíî¿ ñèñòåìè  çà äîïîìîãîþ ðåºñòðó
    ³äíîâëåííÿ îïåðàö³éíî¿ ñèñòåìè çà äîïîìîãîþ ïðîãðàì
    ³äíîâëåííÿ ïàêåò³â ïðèêëàäíèõ ïðîãðàì
    ³äíîâëåííÿ ôàéë³â-äîêóìåíò³â ³ òàáëèöü
    ³äíîâëåííÿ ³íôîðìàö³¿ íà æîðñòêîìó äèñêó (â³í÷åñòåð³)
    Ïðî áóäîâó ³ òåðì³íîëîã³þ æîðñòêèõ äèñê³â
    Ùî òðåáà çíàòè äëÿ â³äíîâëåííÿ ³íôîðìàö³¿ íà æîðñòêîìó äèñêó
    ²íñòðóìåíòàð³é äëÿ â³äíîâëåííÿ äàíèõ íà æîðñòêîìó äèñêó
    ijàãíîñòèêà óøêîäæåíü æîðñòêèõ äèñê³â
    ³äíîâëåííÿ åëåìåíò³â äèñêîâî¿ ñòðóêòóðè

Ðîçä³ë 8.  Çàõèñò ³íôîðìàö³¿ ïðè åëåêòðîííèõ ðîçðàõóíêàõ

    Îñíîâí³ íåáåçïå÷í³ ôàêòîðè ïðî òîðã³âë³ çà äîïîìîãîþ
³íòåðíåòó
    Çàõèñò ïåðñîíàëüíî¿ ³íôîðìàö³¿ â åëåêòðîíí³é êîìåðö³¿
    Çàáåçïå÷åííÿ áåçïåêè òðàíñàêö³é ïðè åëåêòðîííèõ ðîçðàõóíêàõ

Ðîçä³ë 9. Ïðàâîâ³ îñíîâè çàõèñòó ³íôîðìàö³¿

	Ïðàâîâèé ñòàòóñ ³íôîðìàö³¿
	Ïîíÿòòÿ òà çì³ñò ³íôîðìàö³¿ ç îáìåæåíèì äîñòóïîì
	Ïðàâîâ³ îñíîâè çàõèñòó êîìåðö³éíî¿ òàºìíèö³
	Ïîíÿòòÿ òà çì³ñò áàíê³âñüêî¿ òàºìíèö³
	Ïðàâîâèé ñòàòóñ òà çì³ñò ³íôîðìàö³¿ ç îáìåæåíèì äîñòóïîì ïðî îñîáó
	Ïðàâîâà ðåãëàìåíòàö³ÿ òåõí³÷íîãî çàõèñòó ³íôîðìàö³¿ â Óêðà¿í³
	Þðèäè÷íà â³äïîâ³äàëüí³ñòü çà ïðàâîïîðóøåííÿ  â ñôåð³ îá³ãó
³íôîðìàö³¿ ç îáìåæåíèì äîñòóïîì
	̳æíàðîäíî-ïðàâîâ³ îñíîâè çàõèñòó ³íôîðìàö³¿ ç îáìåæåíèì äîñòóïîì



The modernized curricula

CURRICULUM OF THE SUBJECT

" Information Security "

Course 6.030601 - "Management"
Educational qualification level (degree) – "bachelor"

VNTU, 2008
1. THE AIM AND THE TASKS OF THE SUBJECT

1.1. The Aim of the Subject
     The aim of the subject “Information Security” is to form
theoretical knowledge and practical skills necessary to avoid
divulging, leak and illegal getting confidential information as
well as illegitimate activities to delete, modify, copy and block
the information.


1.2. The Tasks of the Subject
     The tasks of mastering the subject are to introduce the
students to legislative, administrative, organizational, technical
and engineering levels of informational security, peculiarities of
cryptographic and stenographic information security, to teach them
to realize enterprise’s security policy practically.
     As a result of mastering the subject the students must know:
* basic conceptual aspects of information security system;
* classification of confidential information security threats;
* conditions to facilitate illegal getting confidential
information;
* peculiar features how to provide information security on the
legislative level;
* peculiar features of information security administrative
methods;
* peculiar features of technical and engineering levels of
informational security;
* basic principles of cryptographic and stenographic information
security;
* the rules of information and users authentication;
* the rules of protection from harmful software;
* Internet security rules;
* E-mail security rules.
    The students must be able to:
* define confidential information threats;
* use legal regulations to provide enterprise’s information
security;
* develop main regulations of security policy and the program of
its realization;
* register security mode violations and make up reports;
* protect information with the help of passwords as well as
cryptographic and stenographic protection;
* protect computer from harmful software;
* organize safe work in Internet;
* use e-mail for confidential information exchange;
* use course scientific and reference books;
* find rational methods to solve practical tasks.


1.3. Place of the Subject in the Process of Study.
     Teaching theoretical material of the subject “Information
Security” is based on the knowledge received while studying the
subjects******.
    The knowledge received by the students while studying the
subject “Information Security” is the necessary precondition to
organize safe work with information.
    Theoretical material is practiced at the laboratory classes.


2. CONTENT OF THE SUBJECT

2.1. Basic Principles of Information Security.
     The notion of information security. Main tasks of information
security. The importance and complexity of information security
problem.
    Basic conceptual principles of information security system.
The notion of information security system. Information security
requirements. Information security system requirements. Types of
information security system.


2.2. Conceptual Model of Information Security.
     Components of conceptual model. Information to be secured.
Basic notions. Spheres of state secret extension on information.
Commercial secret.
    Information threats. Basic principles and classification of
threats. Basic accessibility threats. Basic integrity threats.
Basic confidentiality threats. Harmful software.
    Actions leading to illegitimate getting confidential
information. Data intercept and channels of information leak.
    Information security violators. Behaviour of potential
violator. Classification of violators. Methods of intrusion.
Conditions which facilitate illegitimate getting confidential
information.


2.3. Legislative Level of Information Security.
     Legislative level of information security basic notions. The
system to provide information security in Ukraine. Legislative
regulations. Structure of legislative regulations. Normative and
legislative documents. Forms of information security. Legislative
norms to provide information security and protection at the
enterprise.  Foreign legislation in the sphere of information
security. Ukrainian legislation in the sphere of information
security.


2.4. Administrative Level of Information Security.
     The notion of information security policy. The subject of
information security policy. Main principles of information
security policy. Types of information security policy. Selective
security policy. Authorized security policy. Security policy
development. Manager’s duties. Personnel analyses. The program of
security policy realization.


2.5. Organizational Level of Information Security.
     Main types of organizational level activities. Personnel
management. Physical protection. Enterprise’s security. Security
rules agreement and introduction. Issuing documents, rules.
Monitoring, industrial control and punishment measures. Events
registration. Security violation accounts. Security mode violation
reactions.


2.6. Technical and Engineering Level of Information Security.
     The notion of technical and engineering security. Physical
security facilities. Types of physical security facilities.
Security systems. Security television. Security lighting and
intrusion alarm facilities. Security of building units and
quarters. Protection activities against illegal getting
confidential information. Confidential information disclosure
prevention. Information protection from leak using technical
channels. Counteractions against unauthorized access to
confidential information sources. Hardware security. Software
security.


2.7. Cryptographic Information Protection.
     The notion of cryptographic  protection systems.
Cryptosystems with private keys. Cryptosystems with public keys.
Archiving and encryption. Disk encryption.


2.8. Stenographic Information protection.
     Basic principles of stenographic information protection.
Stenographic programs protection. Stenographic protection against
information leak.


2.9. Information Authentication and Authorization.
     Identification, authentication and authorization. Electronic
digital signature. Integrity of information control.
Authentication of users. Arbitration procedure. Keys certificates.
Digital Rights control.


2.10. Programs Security.
     Current tasks of programs security. Programs registration
codes. Program anchor to information carrier. Program protection
hardware keys. Protection against harmful software. Security aims.
Detection of virus security types. The rules of using accessory
software. Users’ introduction to antivirus protection.


2.11. Computer, Information and Telecommunication Systems Security.
     Computer systems technical protection organization.
Information and Telecommunication Systems Security. Internet
security. The rules of safe work with systems and in networks. The
rules how to use e-mail. E-mail administration. The use of e-mail
to exchange confidential information.


2.11. Conclusions
     Prospects of information security methods development.
Practical importance of the received knowledge in further
students’ education.


3. The Content of the Laboratory Classes

    Laboratory classes aim at practicing theoretical material and
solving practical tasks to organize secured work with information
and are based on the books [1-14].

3.1. The List of Laboratory Classes.
1. Detection of confidential information threats for particular
units.
2. Development of security policy main principles and the program
of its realization.
3. Registration of security mode violations and reporting about
security violating.
4. Organization of information protection with the help of
passwords.
5. Organization of cryptographic information protection.
6. Organization of stenographic information protection.
7. Organization of computer protection against harmful software.
8. Organization of safe work in Interne
9.  The use of e-mail to exchange confidential
information.


4. References
Basic
1. Belov Å.B. and others. Information security principles. Higher
educational establishment’s manual. – Ì.: Ãîðÿ÷àÿ ëèíèÿ–Òåëåêîì,
2006. – 544 ñ.
2. Barman, Scott. Information security rules development:
Translated from English. – Ì.: Èçäàòåëüñêèé äîì "Âèëüÿìñ", 2002. –
208 ñ.
3. Domarev V.V. Information technologies security. System
approach: - Ê.: ÎÎÎ "ÒÈÄ "ÄÑ", 2004. – 992 ñ.
4. Koneev I.R., Belyaev À.V. Information security of an
enterprise. – ÑÏá.: ÁÕÂ-Ïåòåðáóðã, 2003. - 752 ñ.
5. Luzhetskyi V.À., Voitovych Î.P., Kozhuhivskyi À.D. Basic
principles of information security. Textbook. – ×åðêàñè: ×ÄÒÓ,
2008. – 243 ñ.
6. Maluk À.À. Information security: conceptual and methodological
principles of information security. Higher educational
establishment’s manual. – Ì.: Ãîðÿ÷àÿ ëèíèÿ-Òåëåêîì, 2004. – 280
ñ.
7. Skyba V. U., Kurbatov V. A. Manual on protection against
internal information security threats. – ÑÏá.: Ïèòåð, 2008. – 320
ñ.
8. Horoshko V. À., Chekatkov À. À. Information security methods
and facilities.– Ì.: Þíèîð, 2003. – 504 ñ.
9.  Yarochkin V.I. Information security. Higher educational
establishment’s manual for non-specialized students.– Ì.:
Ìåæäóíàð. Îòíîøåíèÿ, 2000. – 400 ñ.

Optional
* Avramenko V.F., Brudnyi G.Î., Zhlobin S.²., Lazarev G.P.,
Doroshko V.Î. Legal principles of information security. - Ê.: ÒÎÂ
„Ïîë³ãðàô Êîíñàëòèíã”, 2003. - 173 ñ.
* Agranovskiy A.V., Puzyrenko À.N. Computer stenography. Theory
and practice.- ÌÊ-Ïðåññ, 2006. - 283 ñ.
* Alferov À.P., Zubov À.U., Kuzmin À.S., Cheremushkin À.V.
Cryptography basic principles. Textbook.- Ì.: Ãåëèîñ ÀÐÂ, 2001. -
480 ñ.
* McCarthy L. ²Ò-security: is it worth risking a corporation? –
Translated from English. – Ì.: ÊÓÄÈÖ-ÎÁÐÀÇ, 2004. – 208 ñ.
* Shnaier, Brus. Secrets and lie. Data security in digital world.
– ÑÏá.: Ïèòåð, 2003. – 368 ñ.


CURRICULUM OF THE SUBJECT

" Data Security "

Course 6.030601 - "Management"
Educational qualification level (degree) – "bachelor"

VNTU, 2008
1. THE AIM AND THE TASKS OF THE SUBJECT

1.1. The Aim of the Subject
    The aim of the subject “Data Security” is to form theoretical
knowledge and practical skills necessary for secured data
interchange in banking and electronic business with the help of
electronic paying systems and electronic means of payment.


1.2. The Tasks of the Subject
    The tasks of mastering the subject are to introduce the
students to the electronic data interchange techniques, the types
of electronic commerce and electronic paying systems to make
different kinds of payments, peculiarities of using non-material
money, electronic checks and smart cards; to teach them how to
realize electronic transactions in electronic paying systems.
    As a result of mastering the subject the students must know:
* Components of electronic data interchange technique;
* Peculiarities of electronic data interchange systems usage to
transfer financial assets;
* Types of electronic commerce;
* Basic principles to provide data security in electronic banking
and electronic business;
* Kinds of non-material money;
* Peculiarities of systems organization to make payments with the
help of bank cards;
* Peculiarities of systems organization to make micro payments;
* Peculiarities of payment systems organization using digital
money;
* Peculiarities of systems organization which use electronic check
presentation;
* Prospects of electronic banking systems and electronic business
development.
    The students must be able to:
* Make distant payments with the help of bank cards;
* Make micro payments face-to-face;
* Make distant micro payments;
* Make payments using digital money;
* Register and make financial settlements in the virtual check
system;
* Use course scientific and reference books;
* Find rational methods to solve practical tasks.


1.3. Place of the Subject in the Process of Study.
    Teaching theoretical material of the subject “Data Security”
is based on the knowledge received while studying the subject
“Information Security”, ******.
    The knowledge received by the students while studying the
subject “Data Security” is the necessary precondition to organize
and provide secured data interchange in banking and electronic
business.
    Theoretical material is practiced at the laboratory classes.


2. CONTENT OF THE SUBJECT
2.1. EDI – Electronic Data Interchange.
    The notion of electronic data interchange. Components of
electronic data interchange technique. Creating and receiving
structured data. Control of data transfer. Security control.
Structured data presentation in alphabetical and digital format.
Standard systems ANSI X12 and EDIFACT. Documents structuring.
SGML, XML. Systems of electronic messages interchange. The use of
electronic data interchange systems to transfer financial assets.


2.2. Electronic Commerce.
    The notion of electronic commerce. The kinds of electronic
commerce. Electronic payment systems. Internet banking. Mobile
commerce. Mobile financial services. Information security of
electronic business. Legal security of electronic commerce.


2.3. Non-Material Money.
    Electronic money. Virtual money. Digital money. Purses.
Electronic purses and electronic jetton holder. Virtual purses and
virtual jetton purses. Transactional properties of non-material
currencies. Systems protocols of non-material money. Direct
payments for the seller’s benefit. Intermediate payments.


2.4. Distant Payments with the Help of Bank Cards.
    First Virtual system. System’s architecture. Order procedure.
Payment procedure. System’s security. iKP protocol. CYBERCASH
protocol. Services rendering. Order with the use of credit card.
Order with the use of debit card. SSL (Secure Sockets Layer)
protocol. General description of SSL. SSL security. Data
interchange in SSL. SET (Secure Electronic Transaction) protocol.
SET architecture. Security services of SET protocol. Combined C-
SET protocols.


2.5. Systems to Make Micro Payments Face-to-face.
    Features of making micro payments system. CHIPPER system.
GELDKARTE system. Money registration and charging. Making
payments. MINIPAY system. MONDEX system.  P-CARD, PAYCHIP, PROTON
systems.


2.6. Distant Micro Payments Systems.
    NETBILL system. Money registration and charging. The process
of buying and financial settlements using Net Bill. KLELINE
system. The process of buying and financial settlements using
KLELINE. MILLICENT system. PAYWORD system. MICROMINT system.


2.7. Digital Money.
    Security of  transactions confidentiality. Impossibility of
lurking debtor and creditor. Face value of digital banknotes.
Counterfeit detection. Payment systems using digital money:
DIGICASH  and NETCASH.


2.8. Electronic Checks.
    Electronic check presentation. Check visualization. Virtual
check system  NETCHEQUE. Registration and financial settlements in
NETCHEQUE system. The system of virtual checks BIPS. The services
and types of BIPS transaction system. The system of virtual checks
ECHECK.


2.9. Smart Cards.
    Classification and spheres of smart cards usage. Smart cards
security. Physical and logic security of the card while being
used. Attacks on smart cards. Multi-purpose smart cards. Smart
cards standardization.


2.10. European Projects of Joint Payment Systems.
    SEMPER project (Secure Electronic Marketplace for Europe).
CAFÉ project (Conditional Access for Europe). JEPI project (Joint
Electronic Payment Initiative).


2.11. Conclusions
    Prospects of electronic bank systems and electronic business
development. Practical importance of the received knowledge in
further students’ education.


3. The Content of the Laboratory Classes
    Laboratory classes aim at practicing theoretical material and
solving practical tasks to have secured data interchange in
banking and electronic business and are based on the books [1-7].


3.1. The List of Laboratory Classes.
1. The use of electronic data interchange systems to transfer
financial assets.
2. Non-material protocol systems.
3. Organization of distant payments with the help of bank cards.
4. Organization of micro payments face-to-face.
5. Organization of distant micro payments.
6. Organization of payments using digital money.
7. System of virtual checks.


4. References
Basic
1. Dednev Ì.À., Dylnov D.V., Ivanov Ì.À. Information security in
banking and electronic business. – Ì.: ÊÓÄÈÖ-ÎÁÐÀÇ, 2004.  – 512
ñ.
2. Babenko L.Ê., Bykov V.À., Makarevich Î.B., Spiridonov Î.B. New
technologies of electronic business and security. – Ì.: Ðàäèî è
ñâÿçü, 2001. – 346 ñ.
3. Afonina  V.À. Electronic money. – ÑÏá.: Ïèòåð, 2001. – 278 ñ.
4. Tsarev V.V., Kantarovich À.À. Electronic commerce. – ÑÏá.:
Ïèòåð, 2002. – 372 ñ.
5. Kozje D. Electronic commerce. – Ì.: Ðóññêàÿ ðåäàêöèÿ, 1999. -
356 ñ.

Optional
6. Berezina M.P. Cashless settlements in Russian economy.
Practical analyses. – Ì.: Êîíñàëòáàíêèð, 1997. - 272 ñ.
7. Shnaier,  Brus. Secrets and lie. Data security in digital
world. – ÑÏá.: Ïèòåð, 2003. – 368 ñ.

CURRICULUM IBAT, ONPU, VNTU
economical_cybernetics

enterprise_economics

finances


onpu_ibeit_curriculum1_eng

onpu_ibeit_curriculum2_eng

onpu_ibeit_curriculum3_eng


curriculum

curriculum_ib_vntu

curriculum_zd_vntu



List of the literature to be used in the study course for the
disciplines "Information Security" and "Data Protection"

1) Äóõîâ Â.Å. Ýêîíîìè÷åñêàÿ ðàçâåäêà è áåçîïàñíîñòü áèçíåñà. —
Êèåâ: ÈÌÑÎ ÌÎ Óêðàèíû, ÍÂÔ «Ñòóäöåíòð», 1997. — 176 ñ.

2) Ðÿáêî Á.ß. Ôèîíîâ À.Í. Êðèïòîãðàôè÷åñêèå ìåòîäû çàùèòû
èíôîðìàöèè: Ó÷åáíîå ïîñîáèå äëÿ âóçîâ. — Ì.: Ãîðÿ÷àÿ ëèíèÿ
—Òåëåêîì, 2005. — 229 ñ.

3) Ìåðèò Ìàêñèì, Äýâèä Ïîëèííî. Áåçîïàñíîñòü áåñïðîâîäíûõ ñåòåé ;
ïåð. ñ àíãë. Ñåìåíîâà À.Â. — Ì.: Êîìïàíèÿ ÀéÒè; ÄÌÊ Ïðåññ, 2004 —
288 ñ.  (Merritt maxim David Pollino wireless security)

4) Ìàêñèìîâ Þ.Í. Ñîííèêîâ Â.Ã., Ïåòðîâ Â.Ã. Òåõíè÷åñêèå ìåòîäû è
ñðåäñòâà çàùèòû èíôîðìàöèè/ ÑÏá.: ÎÎÎ «Èçäàòåëüñòâî Ïîëèãîí»,
2000. — 320 ñ.

5) Õîðîøêî Â.À., ×åêàòêîâ À.À. Ìåòîäû è ñðåäñòâà çàùèòû
èíôîðìàöèè/ — Ê.: Èçäàòåëüñòâî Þíèîð, 2003.— 504 ñ.

6) ²íôîðìàö³éí³ ñåðâ³ñè êîìïþòåðíî¿ ìåðåæ³ ²íòåðíåò. Íàâ÷àëüíèé
ïîñ³áíèê äëÿ ñòóäåíò³â âèùèõ íàâ÷àëüíèõ çàêëàä³â./ Àâòîðè: ².ª.
Ìîðîçþê, Î.À. Øïèíêîâñüêèé, Ñ.Â. Êîòë³ê, Î.Â. Àäð³ÿíîâ. — Îäåñà:
ÂÊÔ «Óêðïîë³ãðàô» ÒÎÂ, 2005. —156 ñ.

7) Çèìà Â.Ì., Ìîëäîâÿí À.À. Ìíîãîóðîâíåâàÿ çàùèòà îò êîìïüþòåðíûõ
âèðóñîâ: Ó÷åá. ïîñîáèå. — ÑÏá, 1997. — 170 ñ.

8) Çèìà Â.Ì., Ìîëäîâÿí À.À. Çàùèòà êîìïüþòåðíûõ ðåñóðñîâ îò
íåñàíêöèîíèðîâàííûõ äåéñòâèé ïîëüçîâàòåëåé: Ó÷åá. ïîñîáèå. — ÑÏá,
1997. — 189 ñ.

9) Êîíô³äåíö³éíèõ äîêóìåíòîîá³ã. Íàâ÷àëüíèé ïîñ³áíèê. / Çà ðåä.
ïðîô. Â.Î. Õîðîøêà / Óêëàäà÷³: À.Ã.Ãàáîâè÷. Ñ.Ì.Ãîëîâàíü, Ñ.².
Æëîá³í, Â.Î. Õîðîøêî. — Ê.: ÄÓ²ÊÒ, 2005. — 264 ñ.

10) Ìàðàêîâà ².²., Ðèáàê À.²., ßìïîëüñüêèé Þ.Ñ. Çàõèñò ³íôîðìàö³¿.
Êðèïòîãðàô³÷í³ ìåòîäè: ϳäðó÷íèê äëÿ âèùèõ íàâ÷àëüíèõ çàêëàä³â. —
Îäåññà 2001. — 175 ñ.

11) Òåðì³íîëîã³÷íèé äîâ³äíèê ç ïèòàíü òåõí³÷íîãî çàõèñòó
³íôîðìàö³¿, Êîæåíåâñüêèé Ñ.Ð., Êóçíåöîâ Ã.Â., Õîðîøêî Â.Î., ×èðêîâ
Ä.Â./ Çà ðåä. ïðîô. Â.Î. Õîðîøêà. — Ê.: ÄÓ²ÊÒ, 2007. — 365 ñ.

12) Ì.Ì. Áðà³ëîâñüêèé, Ã.Ï. Ëàçàðåâ, Â.Î. Õîðîøêî. Çàõèñò
³íôîðìàö³¿ ó áàíê³âñüêèé ä³ÿëüíîñò³./ Ê.: ÒÎÂ
«Ïîë³ãðàôêîíñàëò³íã», 2004. — 213 c.

13) Áàáàø À.Â., Øàíêèí Ã.Ï. Êðèïòîãðàôèÿ. Ïîä ðåä. Â.Ï. Øåðñòþêà,
Ý.À. Ïðèìåíêî/ À.Â. Áàáàø, Ã.Ï. Øàíêèí. - Ì.: ÑÎËÎÍ-Ð, 2002. - 512
ñ.

14) Àëôåðîâ À.Ï., Çóáîâ À.Þ., Êóçüìèí À.Ñ., ×åðåìóøêèí À.Â. Îñíîâû
êðèïòîãðàôèè. Ó÷åáíîå ïîñîáèå. - Ì.: Ãåëèîñ ÀÐÂ, 2001. - 480 ñ.

15) Ïåòðîâ À.À. Êîìïüþòåðíàÿ áåçîïàñíîñòü. Êðèïòîãðàôè÷åñêèå
ìåòîäû çàùèòû. - Ì.: ÄÌÊ, 2000. - 448 ñ.

16) Áðàññàð Æ. Ñîâðåìåííàÿ êðèïòîëîãèÿ. - Ì.: Ïîëèìåä, 1999. - 354
q.

17) Íå÷àåâ Â.È. Ýëåìåíòû êðèïòîãðàôèè. Îñíîâû òåîðèè çàùèòû
èíôîðìàöèè. - Ì.: Âûñøàÿ øêîëà, 1999. - 278 ñ.

18) Ñòîëèíãñ Â. Êðèïòîãðàôèÿ è çàùèòà ñåòåé: ïðèíöèïû è ïðàêòèêà,
2-å èçä.: Ïåð. ñ àíãë. – Ì.: Èçäàòåëüñêèé äîì «Âèëüÿìñ», 2001. -
672 ñ.

19) Èâàíîâ Ì.À. Êðèïòîãðàôè÷åñêèå ìåòîäû çàùèòû èíôîðìàöèè â
êîìïüþòåðíûõ ñèñòåìàõ è ñåòÿõ - Ì.: ÊÓÄÈÖ-ÎÁÐÀÇ, 2001. - 346 c.

20) Ãðóøî À.À., Òèìîíèíà Å.Å., Ïðèìåíêî Ý.À. Àíàëèç è ñèíòåç
êðèïòîàëãîðèòìîâ. - Ì.: ÑÎËÎÍ-Ð, 2000. - 108 ñ.

21) Øíàéåð Á. Ïðèêëàäíàÿ êðèïòîãðàôèÿ. Ïðîòîêîëû, àëãîðèòìû è
èñõîäíûå òåêñòû íà ÿçûêå Ñ. 2-å èçä. - ÑÏá., 2000. - 789 ñ.

22) ×ìîðà À.Ë. Ñîâðåìåííàÿ ïðèêëàäíàÿ êðèïòîãðàôèÿ. - Ì.: Ãåëèóñ
ÀÐÂ, 2001. - 244 ñ.

23) Àíèí. Çàùèòà êîìïüþòåðíîé èíôîðìàöèè. – Ñ.-Ï.: ÂÍV, 2000. –
370 Âèëüÿì Ñòîëëèíãñ. Îïåðàöèîííûå ñèñòåìû. – Ìîñêâà-Ñàíêò-
Ïåòåðáóðã-Êèåâ: «Âèëüÿìñ», 2002. – 845 ñ.

24) Þ.Â.Ðîìàíåö, Ï.À.Òèìîôååâ, Â.Ô.Øàíüãèí. – Çàùèòà èíôîðìàöèè â
êîìïüþòåðíûõ ñèñòåìàõ è ñåòÿõ. – Ì.: «Ðàäèî è ñâÿçü», 2001. – 376
ñ.

25) Ìèõàýëü Áýíêñ. Èíôîðìàöèîííàÿ çàùèòà ÏÊ. Ïåð. ñ àíãë. – Êèåâ:
«Âåê», 2001. – 272 ñ.

26) Ì.Ì.Êîâàëåíêî. Êîìï’þòåðí³ â³ðóñè ³ çàõèñò ³íôîðìàö³¿.
Íàâ÷àëüíèé ïîñ³áíèê. – Êè¿â: “Íàóêîâà äóìêà”, 1999. – 268 ñ.

27) Ïåòðàêîâ. Îñíîâû ïðàêòè÷åñêîé çàùèòû èíôîðìàöèè.

28) Äîìàðåâ Â.Â. Áåçîïàñíîñòü èíôîðìàöèîííûõ òåõíîëîãèé.
Ìåòîäîëîãèÿ ñîçäàíèÿ ñèñòåì çàùèòû. – Ì.: «Äèàñîôò».

29) Ëóêàöêèé. Îáíàðóæåíèå àòàê. - Ñ.-Ï.: ÂÍV, 2000.

30) Êîíååâ È.Ð., Áåëÿåâ À.Â. Èíôîðìàöèîííàÿ áåçîïàñíîñòü
ïðåäïðèÿòèÿ. – ÑÏá.: ÁÕÂ-Ïåòåðáóðã, 2003. – 752 ñ.

31) Ãåðàñèìåíêî Â.À. Çàùèòà èíôîðìàöèè â àâòîìàòèçèðîâàííûõ
ñèñòåìàõ îáðàáîòêè  äàííûõ. Â 2-õ êí. - Ì.: Ýíåðãîàòîìèçäàò, 1994.
- 576 ñ.

32) Ìàôòèê Ñ. Ìåõàíèçìû çàùèòû â ñåòÿõ ÝÂÌ. Ïåð. ñ àíãë. - Ì.:
Ìèð, 1993. - 216 ñ.

33) Çåãæäà Ä. Ï. Êàê ïîñòðîèòü çàùèùåííóþ èíôîðìàöèîííóþ ñèñòåìó
// Ïîä ðåä. Ä. Ï. Çåãæäû è Â. Â. Ïëàòîíîâà. - ÑÏá: Ìèð è ñåìüÿ,
1995. - 234 ñ.

34) Ðîìàíåö Þ. Â., Òèìîôååâ Ï. À., Øàíüãèí Â. Ô. Çàùèòà èíôîðìàöèè
â êîìïüþòåðíûõ ñèñòåìàõ è ñåòÿõ // Ïîä ðåä. Â. Ô. Øàíüãèíà. - Ì.:
Ðàäèî è ñâÿçü, 1997. - 276 ñ.