catalogue of modules m. sc. security management...
TRANSCRIPT
Catalogue of Modules M. Sc. Security Management (2015)
Sept. 2015
Page 2/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
Impressum
Autor: Prof. Dr. Friedrich Holl
Redaktion: Prof. Dr. Friedrich Holl
Druck: Druckerei der Fachhochschule Brandenburg
Kontakt: Fachhochschule Brandenburg
University of Applied Sciences
Magdeburger Str. 50
14770 Brandenburg an der Havel
T +49 3381 355 - 101
F +49 3381 355 - 199
www.fh-brandenburg.de
Stand: 29. September 2015
© Fachhochschule Brandenburg
Page 3/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
Inhaltsverzeichnis
1. Introduction .......................................................................................................................... 4 2. Principles of Security Management .......................................................................................... 5 3. Security and Crisis Management in the international Context .................................................... 7 4. Law, Compliance and Data Protection ..................................................................................... 9 5. Organizational Elements of Security Management .................................................................. 12 6. Network Security ................................................................................................................. 15 7. Mathematical and Technical Foundations of IT-Security.......................................................... 17 8. Secure ICT Infrastructures and IT Services ............................................................................ 19 9. Secure Systems Lifecycle Management .................................................................................. 22 10. Scientific Writing .................................................................................................................. 24 11. Project ................................................................................................................................ 26
12. Master’s Thesis .................................................................................................................... 28
Page 4/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
1. Introduction
This document contains the descriptions of the mandatory modules of Brandenburg University of
Applied Sciences’ M. Sc. Degree program on Security Management. The module content is of 2015.
Students can choose a profile amongst a number of offerings. Part of the content consists of
compulsory optional modules that the program management selects every term. The descriptions for
compulsory optional modules can be found in a separate document, since they change relatively often.
Module overview
Term
Module ∑ CP
1 Fundamentals of
Security Management (6CP)
Law, Compliance and Data Protection
(6CP) Secure ICT Infra-structures
and IT Services
(6CP)
Mathematical and Technical Foundations
of IT Security (6CP)
Network Security (6CP)
Scientific Writing (6CP)
30
2
Security and Crisis Management in
International Contexts (6CP)
Organizational Elements of Security Management (6 CP)
Secure Software Lifecycle Management
(6CP)
Project (6CP) 30
3
Compulsory Optional Module 1 (3CP)
Compulsory Optional Module 2 (3CP) Compulsory Optional Module 3 (3CP) 9
Master Thesis incl. Colloquium (21CP) 21
90
Topic area
Security Management
Law and Business Management
Mathematical and Technical Foundations
IT-Security
Scientific Work
Compulsory Optional Modules
Page 5/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
2. Principles of Security Management
Brief module label: PrinciplesSecurityManagement
Module description: Principles of Security Management
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SM Ma, 1st semester, required module
Usability of the module: The module is also offered as a compulsory lecture for the Master’s course Business Informatics. The module can also be
offered for Master‘s Informatics.
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Heinz-Dieter Schmelling
Language of instruction: German
Prerequisites: None
ECTS-Credits: 6
Total workload and ist composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per week:
Lecture: 1 semester hour per week Exercise: 1 semester hour per week
Practical application based on case studies: 2 semester hours per week
Total: 4 semester hours per week
Study and examination achievements: Homework (50%), Presentation (50%).
Weighting of the grade in the overall
grade:
2/5 of the subject grade 13.5% of all subject grades
4.725% of the final grade
Learning outcomes:
The objective is to enable the students to acquire basic
knowledge and skills in the following aspects of learning:
• Preparation of security investigations
• Conducting risk evaluations
• Analysis of conditions of security and the significance of
counter measures
• Development of understanding the importance of security in
the process of decision making by entrepreneurs
• Assessment of organisation of security in enterprises
• Mapping exemplary security processes with the use of IT
tools
• Drafting security measures and presenting the same to a
committee of decision makers successfully
In addition, the students are expected to achieve the following
Page 6/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
results of learning: • Establish a security organisation in an enterprise
• Prepare a skill profile for an individual in charge of security
• Integrate IT and non IT security relevant aspects
• Introduce a security management system in an organisation
• Prepare a strategy for a section of IT, information or
corporate security
Contents:
Primary aspects of corporate security:
• Security Governance and Security Management System
• Security Organisation
• Security Policy
• Risk management
• Security analyses
• Security processes
• Norms and standards for information security
• Return-on-Security-Investment calculations
• Crisis management
• Business Continuity Management
Additionally:
Selected specific areas of the IT and corporate security
Teaching and learning methods:
Interactive combination of lectures, preparations and
presentation of contents, demonstration of concepts, practical
tasks for groups, preparation of own content and role play.
Literature:
• Security Management 2011: Manual of information security,
IT security, security of locations, White-collar criminality and
Management liability by Guido Birkner, 2011.
• Handbuch Unternehmenssicherheit [Manual of Corporate
Security]: Comprehensive security, continuity and risk
management with system by Klaus-Rainer Müller, 2010.
• Unternehmenssicherheit [Corporate Security] by Stephan
Gundel, and Lars Mülli, 2009.
• Security Risk Management Body of Knowledge by Julian
Talbot, Miles Jakeman, Wiley 2009.
Additional information:
Page 7/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
3. Security and Crisis Management in the international Context
Brief module label: SecurityCrisisManagementInternational
Module description: Security and Crisis Management in the international Context
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SM Ma, 2nd semester, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Heinz-Dieter Schmelling
Language of instruction: German, partly English (10%)
Prerequisites: None
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-
study
Form of teaching/semester hours
per week:
Lecture: 2 semester hours per week
Exercise: 1 semester hour per week Practical application based on case studies: 1 semester hour
per week Total: 4 semester hours per week
Study and examination achievements:
Written examination or oral examination
Weighting of the grade in the
overall grade:
2/5 of the subject grade 13.5% of all subject grades
4.725% of the final grade
Learning outcomes:
The objective is to enable the students to acquire knowledge
and skills in the following aspects of learning:
Analysis of security systems in the international context while taking into account the cultural, political and geographical
conditions Management of security organisation in international
corporations
Preparation of security measures during travel or delegation of employees to foreign countries
Introduction of a crisis management system Reaction in international crisis situations
Controlling the global crisis communication Influencing the public perception of security topics
Contents: Security management in global organisations Travel Security
Page 8/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
Security during delegation of employees Crisis management in the international context
Communication during crises: principles and procedures for communication during crisis situations
Internal and external crisis communication
Message House Handling media during crisis situations
Public image of security Campaigns for security topics
Teaching and learning methods: Interactive combination of lecture, preparation and presentation of content, demonstration of concepts, practical
tasks for groups, preparation of own content and role play.
Literature:
Notfall- und Krisenmanagement im Unternehmen [Emergency
and Crisis Management in Companies] by Axel Bédé, 2009.
Unternehmenskrisen und Krisenmanagement [Corporate Crises and Crisis Management] by Ronny Scharschmidt, 2009.
Führen in Krisensituationen [Managing during Crisis Situations] by Markus Klaus, 2008.
Global Threat: Target-Centered Assessment and Management by Robert Mandel, 2008.
Security Risk Management Body of Knowledge by Julian
Talbot and Miles Jakeman, 2009.
Additional information:
Page 9/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
4. Law, Compliance and Data Protection
Brief module label: LawComplianceDataSecurity
Module description: Law, Compliance and Data Security
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SecMan Master, 1st semester, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Michaela Schröter,
Dr. Raoul Kirmes M.Sc., CISA, QMA
Language of instruction: German
Prerequisites:
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per week:
Lecture: 4 semester hours per week
Study and examination achievements: Study assignments (30%), Written examination (70%).
Weighting of the grade in the overall grade:
2/3 of the subject grade; 8.33% of all subject grades;
2.916% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge
and skills in the following aspects of learning:
• Identification of relevant legal position of important activities
concerned with security in organisations
• Application of national, European and international
legislations in order to meet the compliance specifications
for companies
• Enabling critical discussion with legal target conflicts and for
submitting an appropriate evaluation of the risk situation for
companies as those affected by regulations
Contents:
1. Introduction to juristic methodology
2. European and international security law
3. Introduction to the WTO law (focus on international law on
product safety)
4. System of fundamental freedom and national security
Page 10/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
interests
5. Technical trade restrictions in security law
6. Compliance in the international context
7. International, European and national accreditation law
8. Principles of contractual liability (§§280 BGB)
9. Principles of tortious liability (§§823ff BGB, ProdHaftG)
10. Law governing the private security trade
11. Overview of the German law governing weapons
12. Main features of law of criminal proceedings
13. Electronic legal relations (eCommerce/Signature law)
14. International emoluments and principles of law governing
data security
Teaching and learning methods: Lecture
Literature:
- Harald Jele, Wissenschaftliches Arbeiten: Zitieren [Scientific
Working Methods: Quoting], Kohlhammer, 3rd ed., 2012 - Calliess/Ruffert, EUV/AEUV 4th ed. 2011.
- Röhl, Akkreditierung und Zertifizierung im Produktsicherheitsrecht [Accreditation and Certification in Law
Governing Product Safety], Springer Verlag 2000.
- Ensthaler, Zertifizierung und Akkreditierung technischer Produkte [Certification and Accreditation of Technical Products],
Springer Verlag 2007. - Martin Schulte, Handbuch des Technikrechts [Manual of Law
Governing Technology], 2nd ed. Springer Verlag, 2010.
-Abbott/ Kirchner/ et.al., International Standards and the Law, Stämpfli Verlag AG, 2005.
- Kurt Schellhammer, Schuldrecht nach Anspruchsgrundlagen [Law of Obligations According to Principles of Claims], 8th ed.,
2011. - Martin Kutscha, Handbuch zum Recht der Inneren Sicherheit
[Manual of Law Governing Internal Security], 2nd ed., BWV
Verlag, 2006. -Rolf Stober, Sven Eisenmenger, Besonderes
Wirtschaftsverwaltungsrecht [Special Business Administration Law], 15th ed., Verlag Kohlhammer, 2011
- Knemeyer: Polizei- und Ordnungsrecht [Police and Law
Governing Public Order], Beck, 2007 - Busche: Waffenrecht 2012 [Weapons law 2012], Kiel 2012
- Hoeren: Internet- und Kommunikationsrecht [Internet and communication law], Otto Schmidt Cologne 2012
- Schade: Arbeitsrecht [Labour law], Kohlhammer 2010 - Martin T. Biegelman, Building World-Class Compliance Program:
Best Practices and Strategies for Success, John Wiley & Sons;
2008. - Acquisti/ Gritzalis/Lambrinoudakis, Digital Privacy: Theory,
Technologies, and Practices, Auerbach Pubn, 2007 - Sanjay Anand, Essentials of Sarbanes-Oxley, John Wiley &
Sons, 2007.
- CCH Incorporated, SEC Compliance and Disclosure Interpretations, Harcourt Professional Publishing, 2009.
- Reyes, Carla, WTO-compliant Protection of Fundamental Rights: Lessons from the EU 'Privacy Directive, Melbourne
Journal of International Law, Vol. 12, No. 1, Jun 2011: 141-176.
Page 11/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
- Spiros Simitis, Bundesdatenschutzgesetz [Federal Law Governing Data Security], Nomos, 7th ed., 2011.
- Current legal texts
Additional information: Assignments for thorough reading
Page 12/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
5. Organizational Elements of Security Management
Brief module label: SM_MA_OrgAsp_Sicherheitsmanagement
Module description: Organizational Elements of Security Management
Division in teaching sessions, if applicable:
Security Leadership and Strategy Development Physical Security
Duration of module: One semester
Classification in the curriculum: SM Ma, 2nd semester, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Sachar Paulus, Dr. Oliver weissmann,
Holger Könnecke, Gerhard Reinhardt
Language of instruction: German
Prerequisites: None
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per week:
Lecture: 2 x 15 hours Working on examples: 2 x 15 hours
Study and examination achievements:
Written report + presentation and/or oral examination
Weighting of the grade in the overall grade:
6,25 of the final grade
Learning outcomes:
The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning:
• Knowing the principles of successful corporate governance
• Influencing the corporate leaders for observing the
security aspects and for constructive handling of crisis
situations
• Derivation of a security strategy and security goals out of
the corporate strategy
• Development of a strategy to strengthen the ethical
aspects of corporate governance
• Resolution of conflicts
• Knowing the methods of protection and safety engineering
• Analysis of the possibilities of use and effectiveness of
protective mechanisms against elementary damage,
mechanical safety installations, hazard alert systems and
surveillance systems
• Planning of a security system network
Page 13/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
• Evaluation of solutions available in the market
• Appraisal of the legal aspects for the deployment of
individual security mechanisms
Contents:
• Functions of corporate governance (development of
corporate goals, principles, culture; Formulation of
strategies; Human Resources and Negotiations
Management; international aspects in the global
competition)
• Integration of security goals with the corporate strategy
• Ethical aspects of corporate governance (anti-corruption
strategies, Code of Conduct etc.)
• Conflict management (conflict diagnosis, typology of
conflicts, escalations, strategies for conflict handling)
• Fundamentals of building safety
• Terminology and overview of areas of tasks and available
options
• Engineering principles
• Physical attacks and their effect
• Elementary damage
• Attackers, their aims and methods of attack
• Weapons and their effect
• Radiation of electronic devices
• Mechanical safety systems and access control
• Locks, locking systems and their security
• Securing doors, windows and fences against attacks
• Secure storage and data cabinets
• Engineering and legal regulations and directives
• Hazard alert systems
• Fundamentals
• Burglary alarm systems
• Attack alert systems
• Installation failure alert systems
• Fire alarm and fire fighting systems
• Engineering and legal regulations and directives
• Surveillance systems
• Technical possibilities
• Open and hidden monitoring
• Engineering and legal regulations and directives
• Emergency planning and operational safety
• Consequential damage analysis
• Handling untoward incidents
Teaching and learning methods: Lecture
Literature:
• K. Macharzina: Unternehmensführung [Corporate
Governance]
• T. Hutzschenreuther: Krisenmanagement [Crisis
Management]
• F. Glasl: Konfliktmanagement [Conflict Management]
Page 14/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
• B. Stackpole, E. Osendahl: Security Strategy: From
Requirements to Reality.Physical Security Systems
Handbook by Michael Kairallah, 2005.
• Current Journals and Magazines covering the topic: kes,
Der Sicherheitsberater [The Safety Advisor], S&I.
Additional information:
Page 15/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
6. Network Security
Brief module label: SM_Ma_Network Security
Module description: Network Security
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SecMan Master, 1st semester, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Eberhard von Faber
Private lecturer: Dipl. Ing. Dietmar Hausmann
Language of instruction: German
Prerequisites:
Importance of IT security and its role in practice; technical and
physical basic knowledge; knowledge of the basics of Internet networks, Operating Systems and cryptography-based
techniques
ECTS-Credits: 6
Total workload and ist composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per
week: Lectures at least 30 hours, practice at least 30 hours
Study and examination achievements: Written report + presentation or oral examination
Weighting of the grade in the overall grade:
6,25 % of the final grade
Learning outcomes:
• Familiarization with the threats and challenges in networks,
including important counter measures in the form of
protocols and various security solutions
• Familiarization with the functioning of these solutions,
understanding of their use, operation and interaction; ability
to integrate and deploy independently some of these
solutions; familiarization with supplementing measures and
solutions
• Development of ability to analyse requirements and
industrial practical factors and to integrate solutions based
on the practical example of an industrial solution
• Familiarization with security modules and embedded
systems as core components for distributed systems;
properties, challenges and use
Contents: • Extended principles of Internet networks (TCP/IP Protocol,
Page 16/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
ISO/OSI, Routing, active components, cryptography)
• Dangers in the use of IT, categories of threats, weak points
and hazards
• Security management, security audits with tools, network
monitoring and network logging
• Attacks and counter measures
• Cryptography applications (encrypted communication, VPN
protocols, certificates)
• Web Server Security, Email security
• In depth study and practical application of project topics on
Firewalls, Honeypots and Intrusion Detection Systems,
WLAN security and VPN
Teaching and learning methods: Combination of lectures, exercises based on one’s own computer and lab exercises; lectures deploying different media;
tasks and exercise examples; control questions/revision course
Literature:
• Cisco Networking Academy: CCNA Exploration Companion
Guide, Vol. 1-4, Cisco Press, 2008
• Alexander Michael: Netzwerke und Netzwerksicherheit - Das
Lehrbuch [Networks and Network Security – the text book],
Hüthing publishers, 2006.
• Plötner Johannes, Wendzel Steffen: Praxishandbuch
Netzwerk-Sicherheit [Practical Manual of Network Security],
Galileo Computing, 2007.
• Other reference works on special project topics (VPN, IPSec,
IPv6, IDS, WLAN, Attacks, and many more)
Scripts and other teaching materials will be distributed directly to the students during the lecture, or made available on the
learning platform of the university.
Additional information:
Page 17/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
7. Mathematical and Technical Foundations of IT-Security
Brief module label: SM_MA_MathTechGrundlagen
Module description: Mathematical and Technical Foundations of IT-Security
Division in teaching sessions, if applicable:
Foundations of Forensics and Auditing Foundations of Technical Security
Duration of module: One semester
Classification in the curriculum: SecMan Master, 1st semester, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Igor Podebrad, Prof. Dr. Michael Syrjakow
Language of instruction: German
Prerequisites:
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per
week: Lecture: 2 x 30 hours
Study and examination achievements: Written or oral examination
Weighting of the grade in the overall grade:
6,25% of the final grade
Learning outcomes:
The course “Foundations of Forensics and Auditing” aims to enable the students to acquire knowledge and skills in the
following aspects of learning: • Application of the mathematical and technical
foundations to security, especially:
• Organisation of IT forensic analyses and IT audits
• Operating IT systems while taking into account the
requirements of IT forensics and IT auditing
• Development and implementation of IT forensics related
security guidelines
• Evaluation of the usability of IT audit results for
forensics
The course “Foundations of Technical Security” aims to enable
the students to acquire knowledge and skills in the following aspects of learning:
Symmetric encryption : theories of secure encryption ,
classical encryption methods , block ciphers (DES , AES ) ,
Page 18/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
stream ciphers , encryption modes (eg, CBC ) , attacks
Asymmetric encryption : RSA , Diffie-Hellman key
exchange, mathematical foundations ( Euclidean algorithm ,
modular arithmetic , etc. ), attacks
Message authentication , digital signatures , public key
infrastructure ( PKI ) , attacks
Current trends in cryptography ( quantum cryptography ,
etc. )
Contents:
• Legal prerequisites for IT forensics
• Principles of IT auditing
• Organisation of IT forensic analyses
• Fundamentals of Cypher
Teaching and learing methods: Lecture and exercises in small groups
Literature:
• IT-Forensik [IT Forensics] by Alexander Geschonnek,
2011
• The Basics of Digital Forensics: The Primer for Getting
Started in Digital Forensics by John Sammons, 2012
• Wolfgang Ertel: Angewandte Kryptographie; Fachbuchverlag Leipzig im Carl Hanser Verlag, 2003.
• Klaus Schmeh: Kryptografie: Verfahren, Protokolle,
Infrastrukturen; dpunkt Verlag, 2009.
Additional information:
Page 19/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
8. Secure ICT Infrastructures and IT Services
Brief module label: SM_MA_SichereIKTInf_ITDienste
Module description: Secure ICT Infrastructures and IT Services
Division in teaching sessions, if applicable:
Secure ICT Infrastructures & IT Services; Part A Secure ICT Infrastructures & IT Services; Part B
Duration of module: Two terms
Classification in the curriculum: SM Ma, 1st and 2nd semester, required module
Usability of the module: The two courses of this module can be choosen in any sequence
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Eberhard von Faber
Private lecturer: Dr. Eberhard von Faber
Language of instruction: German
Prerequisites:
Importance of IT Security and its role in practical applications; technical and physical principles; basics of internet network
technology, operating systems and cryptology technologies. Basic knowledge of business processes and corporate
governance; Knowledge of Information and Communications Technology: Applications, Systems and Networks, including
the underlying technology.
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-
study
Form of teaching/semester hours
per week:
2 x 30 hours lecture using different media, project work and
self testing elements.
Study and examination
achievements: written or oral examination
Weighting of the grade in the overall
grade: 6,25% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge
and skills in the following aspects of learning: Part A:
• Development of the ability to integrate the required
solutions adequately into various ITC infrastructures and
usage scenarios; familiarization with service models
including Cloud Computing and its implications
• Development of ability to analyse requirements and
industrial practical factors and to integrate solutions
based on the practical example of an industrial solution
• Understand the basics of PKI as an example of an
infrastructure for secure communication
Page 20/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
• Testing schemes as an international infrastructure for risk
management understand and classify
Part B:
• Understanding of technologies and organisation of
modern (industrial) ITC production, and especially the
incidental security questions
• Usage and integration of IT services in business
processes; assessment of security requirements,
evaluation and selection of IT services
• Successful implementation of Identity and Access
Management (IAM): understanding of basic terminology,
architectures and technologies; planning and
implementation in companies and in complex value-added
chains
Contents:
Part A:
Integration of various solutions in the ITC network:
business processes vs. ITC; Usage scenarios vs. ITC;
service models and Cloud Computing: division of labour,
service models, security management
Learning situation of a special industry application:
requirements and solutions; Practical factors and their
outcome, result and practice in industry
PKI: an infrastructure for secure communication (visible
or invisible; function, realization, practice)
Assurance: an infrastructure for “Trust” and “Security” in
a (global) division of labour in industrial value-added
chains
Part B:
Fundamentals of ITC production; ITC architectures and
infrastructure elements; Security aspects; Management of
solutions for the system and network security; processes
and organisation; Tasks ranging from weak point
management to Disaster Recovery
User and Producer: IT services; Security requirements,
evaluation, selection and integration; Security and risk
management in “outsourcing”, basic problems and
“sourcing” models
Enterprise Security Architecture: ICT Production, Service
Design, Transition, Service Delivery Management,
Security Management, GRC
Basic terminology IAM (from Identification to
Accounting),
Authentication: Types, methods, technologies; problems
and solutions; Architectures and distributed systems (e.g.
LDAP, RADIUS, Kerberos, ESSO, Single Sign-On,
Federation),
Authorization: Services and limitations; Strategies (DAC,
Page 21/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
MAC, RBAC, IF); Realization (Groups, Roles, ACL,
Capabilities); Alternatives; Trends and Outlook including
DRM,
Identity Management: Administrative tasks, Registration,
Workflows, Enrolment; Credential Management, User Self-
Service, UHD etc.
Accounting; Analytics; Attestation; Intelligence, SOD
IAM-Architectures (the whole picture); Infrastructures
Erection and implementation of IAM programs in large
enterprises
Teaching and learning methods: Lecture utilizing various media, in depth study and self checks, including control questions/revision course
Literature:
Alexander Tsolkas and Klaus Schmidt: Rollen und
Berechtigungskonzepte, Ansätze für das Identity- und
Access Management im Unternehmen [Roles and
Authorization Concepts, Approaches for the Identity and
Access Management in the Company]; August 2010,
Vieweg+Teubner
Martin Kappes: Netzwerk- und Datensicherheit, Eine
praktische Einführung [Network and Data Security, A
Practical Introduction]; Vieweg+Teubner
Hans-Peter Königs: IT-Risiko-Management mit System,
Von den Grundlagen bis zur Realisierung. Ein
praxisorientierter Leitfaden [IT Risk Management with
System, From the Basics to Realization. A Practice-
oriented Guide], Vieweg
Claudia Eckert: IT Security, Concepts - Methods –
Protocols
Eberhard von Faber and Wolfgang Behnsen: Secure ICT
Service Provisioning for Cloud, Mobile and Beyond;
Springer-Vieweg Current Journals and Magazines on the topic: kes, Der
Sicherheitsberater [The Security Advisor], S&I.
Anderson, Ross: Security Engineering, A Guide to Building
Dependable Distributed Systems; John Wiley & Sons
Common Criteria for Information Technology Security
Evaluation; www.commoncriteriaportal.org or ISO 15408
Students will receive scripts, further literature and other
material in the course.
Additional information:
Page 22/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
9. Secure Systems Lifecycle Management
Brief module label: SM_MA_SecureSystems
Module description: Secure Systems Lifecycle Management
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SecMan Master, 2nd semester, required module
Usability of the module: The module can also be offered as compulsory optional module for WI [Information Systems] and Computer Science
Master degree programs.
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Friedrich Holl
Language of instruction: 80% German, 20% English
Prerequisites:
Initial experience in programming web applications for an
exemplary scenario. Normally, this should be ensured by studies completed until this point of time. Alternatively: self-
study, for example, based on PHP 5.3: Program Dynamic Websites Professionally by Christian Wenz and Tobias Hauser
(December 2009)
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-
study
Form of teaching/semester hours
per week: 30 h lecture, 30 h exercises and supervised self-practicioning
Study and examination
achievements: Practical examination + presentation or oral examination
Weighting of the grade in the
overall grade: 6,25% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge
and skills in the following aspects of learning: • Knowing and application of Best Practices taught during
the development of IT based systems for secure software
• Development of acceptance criteria for non-functional
security requirements
• Carrying out threat models
• Avoidance of weak points during the development
• Carrying out security checks
• Secure installation and operation of software
• Establishment of a Security Response Program
• Analysis of existing software for security-related weak
Page 23/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
points
• Development and implementation of a protective program
for software during the system development
• Establishment of a Management System for security in
the development process, and integration of such
Management System into a possibly available quality
process
• Carrying out security analyses (“Hacking”)
• Presentation of investigation results
Contents:
Basic principles of secure software development: • Security requirements
• Safe designing and threat models
• Architecture analyses
• Secure coding
• Security checks
• Secure systems
• Security Response
• Protection of own software against manipulation and
know-how theft
Teaching and learning methods:
Interactive combination of lecture, exercises on own
computer, lab exercises, preparation and presentation of content, demonstration of concepts, practical tasks in groups.
Literature:
Basiswissen sichere Software [Basics of secure software] by Friedrich Holl, dpunkt 2011.
Software-Qualität, Testen, Analysieren und Verifizieren von Software [Software Quality, Testing, Analysis and Verification
of Software] by Peter Liggesmeyer, Spektrum Akademischer
Verlag, 2002. Writing Secure Code by Michael Howard & David LeBlanc,
2003 www.owasp.org
Additional information:
Page 24/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
10. Scientific Writing
Brief module label: SM_MA_WissSchreiben
Module description: Scientific Writing
Division in teaching sessions, if applicable:
Semester Thesis 1 Semester Thesis 2
Duration of module: Two terms
Classification in the curriculum: SecMan Master, 1st and 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Friedrich Holl and all other participating teaching
faculty members
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per week:
Each semester 15h lecture and 15h seminar including presentations by students
Study and examination achievements:
Written assignments
Weighting of the grade in the overall grade:
6,25% oft the final grade
Learning outcomes: Preparation of scientific papers related to the topic of security
Contents:
• Methods of collection of data (statistics, interviews,
primary/secondary sources)
• Source discussion: research, reading, evaluation
• Creative techniques and self-organisation
• Situation-related requirements for writing styles
(advertising, press releases, scientific papers etc.)
• Preparation of an exposé
• Methodical structure of scientific papers
• Phases of scientific working methods
• Material collection and research
• Material evaluation and selection
• Material and topic processing
• Method of quoting
Teaching and learning methods: Lecture, discussion, presentation of own results.
Page 25/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
Literature:
• DIN 1421 (Classification and Numbering System in texts)
• Eco, U. (2005)
• Wie man eine wissenschaftliche Abschlussarbeit schreibt -
Doktor-, Diplom- und Magisterarbeit in den Geistes- und
Sozialwissenschaften [How to Compile Final Thesis for
Doctorate, Graduate and Postgraduate Studies in
Humanity and Social Science Studies], Müller, Heidelberg,
• Theisen, Manuel R.: Scientific Papers – Technique &
Methodology, Form, 2000.
• Peterssen, Wilhelm H.: Scientific Papers - An Introduction
for School and Studies, 1999.
Additional information:
Page 26/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
11. Project
Brief module label: SM_MA_Projekt
Module description: Project
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: Prof. Dr. Friedrich Holl and all other participating teaching
faculty members
Language of instruction: German
Prerequisites:
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/semester hours per week:
Lecture: 15 h Practical, demonstration of work: 45 h
Study and examination achievements:
Practical work + presentation
Weighting of the grade in the overall grade:
6,25% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
• Conducting security projects
• Planning a security-related project while following all
requirements of security
• Application of project management methodologies
Contents:
Problem identification:
- Systematic preparation of the “State of the Art”
technology
- Integration into the available practical context
- Basic conditions of deployment
- Use of different techniques of analysis such as interview
method, questionnaire Delphi method, preparation of the
context concerning documents and so on.
Development of expected concepts: - Systematically founded development of a practice-
Page 27/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
oriented approach to solutions
- Use of creative methods
- Cost-benefit analyses
- Development of basic conditions for deployment
Prototypical implementation
- the prototypical implementation is carried out by
developing a software prototype
- implementation in an enterprise/organisation
or e.g. development of an application for R&D sponsorship
Teaching and learning methods: Lecture, practical work in groups comprising maximum 7
participants, presentation of own results.
Literature: A Guide to the Project Management Body of Knowledge, PMI,
2008
Additional information: For this course, the candidate’s willingness to undertake
practical work with cooperating partners is a prerequisite.
Page 28/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
12. Master’s Thesis
Brief module label: Master‘s Thesis
Module description: Master’s Thesis incl. Master’s Seminar
Division in teaching sessions, if applicable:
Duration of module: One semester
Classification in the curriculum: SecMan Master, 3rd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Friedrich Holl
Private lecturer: The masterthesies All faculty members of the university
teaching in the course
Language of instruction: German / English (as per student’s option).
Prerequisites: Only candidates may register themselves for Master’s Thesis, who have successfully completed all examinations and course
achievements except the compulsory optional modules
ECTS-Credits: 21
Total workload and its composition: 600 hours of self-study
Form of teaching/semester hours
per week: Self-study.
Study and examination
achievements:
Master’s Thesis (85,5%)
Colloquium (12,5%)
Weighting of the grade in the
overall grade: 30% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge
and skills in the following aspects of learning: • Preparation of a scientific paper under the guidance with
own creative and/or constructive portions of the topic
“Security Management” within a period of 4 months
(8month in part-time-mode).
• Presentation and discussion of the results.
Contents:
The Master’s Thesis is intended as related preoccupation with an extensive topic and the resulting solution for a theoretical
or practical problem. The Colloquium is an oral examination where the candidate
presents the outcomes of is study.
Teaching and learning methods: Self-study under guidance, presentation and discussion (oral
exam)
Literature: • Booth, W. C. et a. (1995). The draft of research. Chicago
Page 29/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015
London
• Brown, S. R. et al. (1990) Experimental Design and
Analysis. London
• Cialdini, R. B. (2001). Influence, Science and Practice.
Bosten, M.A.
• Hussley, J., Hussley, R. (1997). Business Research. A
practical guide for undergraduate and postgraduate
students
• Karmasin, M. et al. (1999). Die Gestaltung
wissenschaftlicher Arbeiten: ein Leitfaden für Haus-,
Seminar- und Diplomarbeiten sowie Dissertationen [The
Designing of Scientific Papers: A Guide for Homework,
Seminar and Graduation Papers and Dissertations].
Vienna
• Pyrczak, S. et. Al. (1998). Writing empirical Research
Reports. Los Angeles. C.A.
• Seale, C. (1999). The quality of quantitative research.
London
• Trachim, W. M. K. (2000). The Research Knowledge Base.
Cincinatti. Ohio
Additional information: