Cybersecurity and cybercrime law
Credits
2
Ending with:
classified evaluation
Range:
1C/14C
Semester:
winter
Teachers
About the subject
The course provides a comprehensive view of cybersecurity from a legal perspective. It focuses on understanding the basic principles of protecting information systems, cyber threats and security incidents, as well as the legal framework for their regulation at the level of the European Union and the Slovak Republic. Students will become familiar with the functioning of entities in the field of cybersecurity, including CSIRT units, with the implementation of security measures, as well as with various legal institutes (e.g. solving and reporting cyber security incidents, blocking malicious activity). At the same time, the course focuses on a specific group of criminal activities, namely cybercrime. Students have the opportunity to become familiar with the substantive and procedural aspects of this issue, in particular with specific crimes and methods of their investigation.
About the subject
Master's degree students in applied informatics and law programs (AIm, PM2d).
Learning Objectives
The course provides students with knowledge in the field of cybersecurity law and cybercrime investigation. The student will also gain knowledge in other areas related to the topic of resolving cybersecurity incidents, security vulnerabilities, and securing digital traces.
Brief course outline
- Introduction to cybersecurity law, basic principles, cyberspace.
- Technical aspects of cybersecurity, information security model.
- Basics of cybersecurity legislation at the level of the European Union and in the Slovak Republic.
- Entities in the field of cybersecurity, their position. The concept of security measures.
- Cybersecurity incidents, their reporting and resolution.
- Blocking in the field of cybersecurity. Security vulnerabilities, their life cycle and coordinated disclosure of vulnerabilities.
- Cybersecurity in the context of other legal frameworks (personal data protection, electronic communications, financial services).
- Cybersecurity in public administration.
- Technical standardization and certification in cybersecurity.
- Introduction to cybercrime.
- Selected cybercrime offenses.
- Introduction to cybercrime investigation.
- Securing digital traces and electronic evidence.
Lectures
- 1. Introduction to cyber and information security
- 2. Introduction to cyber security legislation
- 3. Entities in cyber security
- 4. Contractual aspects in cyber security
- 5. Blocking in cyber security
- 6. Cyber security incidents and vulnerabilities
- 7. Cyber security in the context of other regulations
- 8. Cyber security in public administration
- 9. Technical standardization and certification
- 10. Cyber crime - substantive aspects
- 11. Introduction to cyber crime investigation and digital traces
- 12. Digital trace analysis and expert work
Conditions for completing the course
Ending with: classified evaluation
Final evaluation of the subject will take place in the form of a written processing of an assignment focused on the legal solution of specific problems.
The evaluation will be based on the following criteria: (1.) methodological, methodical aspect; (2.) demonstration of theoretical knowledge of the topic and analytical activity; (3.) work with literature and other information sources, formal editing; (4.) defense of the semester work: presentation, discussion, answers to questions.
If, based on the evaluation of the completed assignment, the student is not successful, they have the right to
a remedial assignment within the specified deadline.
Grading scale:
- A (30–27 points)
- B (26–24 points)
- C (23–21 points)
- D (20–19 points)
- E (18–17 points)
- Fx (16 – 0 points)
The student will prepare a legal analysis (case study) and must comment on the following areas:
- General description of the organization (6b) – Analyze the legal status of the organization, its classification under the relevant cybersecurity legislation, and identify its key information systems, assets, and threats.
- Cybersecurity incident (6b) – Assess the nature of the incident, its legal qualification, reporting obligations, and the organization’s responsibilities in resolving it.
- Security implementation (6b) – Assess what security measures the organization should implement and which ones would help prevent the incident or mitigate its impacts.
- Cybersecurity service agreement (6b) – Design a framework agreement with an external supplier covering incident resolution and vulnerability management, including basic contractual requirements.
- Cybercrime (6b) – Qualify the act from a criminal law perspective, identify relevant crimes, and determine possible penalties and circumstances affecting the penalty.
Method of finalization of the subject: presentation of main conclusions, discussion and answers to questions.
Course methodology
Recommended literature
- Andraško, J., Mesarčík, M., Sokol, P.: Právo kybernetickej bezpečnosti. 1. vyd. Bratislava: Univerzita Komenského v Bratislave, Právnická fakulta, 2022.
- Smejkal, V. et al.: Právo informačních a telekomunikačních systémů. 2. aktualizované a rozšířené vydání. Praha : C.H.Beck, 2004.
- Polčák, R. et al.: Právo informačních technologií. Praha: Wolters Kluwer ČR, 2018.
- Ivor, J., Polák, P., Záhora, J.: Trestné právo procesné I. Bratislava: Wolters Kluwer, 2021.