Catalogue of Modules M. Sc. Security Management...

Catalogue of Modules M. Sc. Security Management (2015)

Sept. 2015

/29 Catalogue of Modules M. Sc. Security Management – V. of 2014 / 2015 Sept 2015

Impressum

Autor: Prof. Dr. Friedrich Holl

Redaktion: Prof. Dr. Friedrich Holl

Druck: Druckerei der Fachhochschule Brandenburg

Kontakt: Fachhochschule Brandenburg

University of Applied Sciences

Magdeburger Str. 50

14770 Brandenburg an der Havel

T +49 3381 355 - 101

F +49 3381 355 - 199

E [email protected]

www.fh-brandenburg.de

Stand: 29. September 2015

© Fachhochschule Brandenburg

http://www.fh-brandenburg.de/


Inhaltsverzeichnis

1. Introduction .......................................................................................................................... 4 2. Principles of Security Management .......................................................................................... 5 3. Security and Crisis Management in the international Context .................................................... 7 4. Law, Compliance and Data Protection ..................................................................................... 9 5. Organizational Elements of Security Management .................................................................. 12 6. Network Security ................................................................................................................. 15 7. Mathematical and Technical Foundations of IT-Security.......................................................... 17 8. Secure ICT Infrastructures and IT Services ............................................................................ 19 9. Secure Systems Lifecycle Management .................................................................................. 22 10. Scientific Writing .................................................................................................................. 24 11. Project ................................................................................................................................ 26

12. Master’s Thesis .................................................................................................................... 28


1. Introduction

This document contains the descriptions of the mandatory modules of Brandenburg University of

Applied Sciences’ M. Sc. Degree program on Security Management. The module content is of 2015.

Students can choose a profile amongst a number of offerings. Part of the content consists of

compulsory optional modules that the program management selects every term. The descriptions for

compulsory optional modules can be found in a separate document, since they change relatively often.

Module overview

Term

Module ∑ CP

1 Fundamentals of

Security Management (6CP)

Law, Compliance and Data Protection

(6CP) Secure ICT Infra-structures

and IT Services

(6CP)

Mathematical and Technical Foundations

of IT Security (6CP)

Network Security (6CP)

Scientific Writing (6CP)

30

2

Security and Crisis Management in

International Contexts (6CP)

Organizational Elements of Security Management (6 CP)

Secure Software Lifecycle Management

(6CP)

Project (6CP) 30

3

Compulsory Optional Module 1 (3CP)

Compulsory Optional Module 2 (3CP) Compulsory Optional Module 3 (3CP) 9

Master Thesis incl. Colloquium (21CP) 21

90

Topic area

Security Management

Law and Business Management

Mathematical and Technical Foundations

IT-Security

Scientific Work

Compulsory Optional Modules


2. Principles of Security Management

Brief module label: PrinciplesSecurityManagement

Module description: Principles of Security Management

Division in teaching sessions, if applicable:

Duration of module: One semester

Classification in the curriculum: SM Ma, 1st semester, required module

Usability of the module: The module is also offered as a compulsory lecture for the Master’s course Business Informatics. The module can also be

offered for Master‘s Informatics.

Frequency of offering of modules: Every academic year

Author: Prof. Dr. Friedrich Holl

Private lecturer: Prof. Dr. Heinz-Dieter Schmelling

Language of instruction: German

Prerequisites: None

ECTS-Credits: 6

Total workload and ist composition: 180 hours = 60 hours of attendance and 120 hours of self-study

Form of teaching/semester hours per week:

Lecture: 1 semester hour per week Exercise: 1 semester hour per week

Practical application based on case studies: 2 semester hours per week

Total: 4 semester hours per week

Study and examination achievements: Homework (50%), Presentation (50%).

Weighting of the grade in the overall

grade:

2/5 of the subject grade 13.5% of all subject grades

4.725% of the final grade

Learning outcomes:

The objective is to enable the students to acquire basic

knowledge and skills in the following aspects of learning:

• Preparation of security investigations

• Conducting risk evaluations

• Analysis of conditions of security and the significance of

counter measures

• Development of understanding the importance of security in

the process of decision making by entrepreneurs

• Assessment of organisation of security in enterprises

• Mapping exemplary security processes with the use of IT

tools

• Drafting security measures and presenting the same to a

committee of decision makers successfully

In addition, the students are expected to achieve the following


results of learning: • Establish a security organisation in an enterprise

• Prepare a skill profile for an individual in charge of security

• Integrate IT and non IT security relevant aspects

• Introduce a security management system in an organisation

• Prepare a strategy for a section of IT, information or

corporate security

Contents:

Primary aspects of corporate security:

• Security Governance and Security Management System

• Security Organisation

• Security Policy

• Risk management

• Security analyses

• Security processes

• Norms and standards for information security

• Return-on-Security-Investment calculations

• Crisis management

• Business Continuity Management

Additionally:

Selected specific areas of the IT and corporate security

Teaching and learning methods:

Interactive combination of lectures, preparations and

presentation of contents, demonstration of concepts, practical

tasks for groups, preparation of own content and role play.

Literature:

• Security Management 2011: Manual of information security,

IT security, security of locations, White-collar criminality and

Management liability by Guido Birkner, 2011.

• Handbuch Unternehmenssicherheit [Manual of Corporate

Security]: Comprehensive security, continuity and risk

management with system by Klaus-Rainer Müller, 2010.

• Unternehmenssicherheit [Corporate Security] by Stephan

Gundel, and Lars Mülli, 2009.

• Security Risk Management Body of Knowledge by Julian

Talbot, Miles Jakeman, Wiley 2009.

Additional information:


3. Security and Crisis Management in the international Context

Brief module label: SecurityCrisisManagementInternational

Module description: Security and Crisis Management in the international Context



Classification in the curriculum: SM Ma, 2nd semester, required module

Usability of the module:



Private lecturer: Prof. Dr. Heinz-Dieter Schmelling

Language of instruction: German, partly English (10%)

Prerequisites: None

ECTS-Credits: 6

Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-

study

Form of teaching/semester hours

per week:

Lecture: 2 semester hours per week

Exercise: 1 semester hour per week Practical application based on case studies: 1 semester hour

per week Total: 4 semester hours per week

Study and examination achievements:

Written examination or oral examination

Weighting of the grade in the

overall grade:

2/5 of the subject grade 13.5% of all subject grades


Learning outcomes:

The objective is to enable the students to acquire knowledge

and skills in the following aspects of learning:

Analysis of security systems in the international context while taking into account the cultural, political and geographical

conditions Management of security organisation in international

corporations

Preparation of security measures during travel or delegation of employees to foreign countries

Introduction of a crisis management system Reaction in international crisis situations

Controlling the global crisis communication Influencing the public perception of security topics

Contents: Security management in global organisations Travel Security


Security during delegation of employees Crisis management in the international context

Communication during crises: principles and procedures for communication during crisis situations

Internal and external crisis communication

Message House Handling media during crisis situations

Public image of security Campaigns for security topics

Teaching and learning methods: Interactive combination of lecture, preparation and presentation of content, demonstration of concepts, practical

tasks for groups, preparation of own content and role play.

Literature:

Notfall- und Krisenmanagement im Unternehmen [Emergency

and Crisis Management in Companies] by Axel Bédé, 2009.

Unternehmenskrisen und Krisenmanagement [Corporate Crises and Crisis Management] by Ronny Scharschmidt, 2009.

Führen in Krisensituationen [Managing during Crisis Situations] by Markus Klaus, 2008.

Global Threat: Target-Centered Assessment and Management by Robert Mandel, 2008.

Security Risk Management Body of Knowledge by Julian

Talbot and Miles Jakeman, 2009.



4. Law, Compliance and Data Protection

Brief module label: LawComplianceDataSecurity

Module description: Law, Compliance and Data Security



Classification in the curriculum: SecMan Master, 1st semester, required module




Private lecturer: Prof. Dr. Michaela Schröter,

Dr. Raoul Kirmes M.Sc., CISA, QMA


Prerequisites:

ECTS-Credits: 6

Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study


Lecture: 4 semester hours per week

Study and examination achievements: Study assignments (30%), Written examination (70%).

Weighting of the grade in the overall grade:

2/3 of the subject grade; 8.33% of all subject grades;


Learning outcomes:

This course aims to enable the students to acquire knowledge

and skills in the following aspects of learning:

• Identification of relevant legal position of important activities

concerned with security in organisations

• Application of national, European and international

legislations in order to meet the compliance specifications

for companies

• Enabling critical discussion with legal target conflicts and for

submitting an appropriate evaluation of the risk situation for

companies as those affected by regulations

Contents:

1. Introduction to juristic methodology

2. European and international security law

3. Introduction to the WTO law (focus on international law on

product safety)

4. System of fundamental freedom and national security


interests

5. Technical trade restrictions in security law

6. Compliance in the international context

7. International, European and national accreditation law

8. Principles of contractual liability (§§280 BGB)

9. Principles of tortious liability (§§823ff BGB, ProdHaftG)

10. Law governing the private security trade

11. Overview of the German law governing weapons

12. Main features of law of criminal proceedings

13. Electronic legal relations (eCommerce/Signature law)

14. International emoluments and principles of law governing

data security

Teaching and learning methods: Lecture

Literature:

- Harald Jele, Wissenschaftliches Arbeiten: Zitieren [Scientific

Working Methods: Quoting], Kohlhammer, 3rd ed., 2012 - Calliess/Ruffert, EUV/AEUV 4th ed. 2011.

- Röhl, Akkreditierung und Zertifizierung im Produktsicherheitsrecht [Accreditation and Certification in Law

Governing Product Safety], Springer Verlag 2000.

- Ensthaler, Zertifizierung und Akkreditierung technischer Produkte [Certification and Accreditation of Technical Products],

Springer Verlag 2007. - Martin Schulte, Handbuch des Technikrechts [Manual of Law

Governing Technology], 2nd ed. Springer Verlag, 2010.

-Abbott/ Kirchner/ et.al., International Standards and the Law, Stämpfli Verlag AG, 2005.

- Kurt Schellhammer, Schuldrecht nach Anspruchsgrundlagen [Law of Obligations According to Principles of Claims], 8th ed.,

2011. - Martin Kutscha, Handbuch zum Recht der Inneren Sicherheit

[Manual of Law Governing Internal Security], 2nd ed., BWV

Verlag, 2006. -Rolf Stober, Sven Eisenmenger, Besonderes

Wirtschaftsverwaltungsrecht [Special Business Administration Law], 15th ed., Verlag Kohlhammer, 2011

- Knemeyer: Polizei- und Ordnungsrecht [Police and Law

Governing Public Order], Beck, 2007 - Busche: Waffenrecht 2012 [Weapons law 2012], Kiel 2012

- Hoeren: Internet- und Kommunikationsrecht [Internet and communication law], Otto Schmidt Cologne 2012

- Schade: Arbeitsrecht [Labour law], Kohlhammer 2010 - Martin T. Biegelman, Building World-Class Compliance Program:

Best Practices and Strategies for Success, John Wiley & Sons;

2008. - Acquisti/ Gritzalis/Lambrinoudakis, Digital Privacy: Theory,

Technologies, and Practices, Auerbach Pubn, 2007 - Sanjay Anand, Essentials of Sarbanes-Oxley, John Wiley &

Sons, 2007.

- CCH Incorporated, SEC Compliance and Disclosure Interpretations, Harcourt Professional Publishing, 2009.

- Reyes, Carla, WTO-compliant Protection of Fundamental Rights: Lessons from the EU 'Privacy Directive, Melbourne

Journal of International Law, Vol. 12, No. 1, Jun 2011: 141-176.


- Spiros Simitis, Bundesdatenschutzgesetz [Federal Law Governing Data Security], Nomos, 7th ed., 2011.

- Current legal texts

Additional information: Assignments for thorough reading


5. Organizational Elements of Security Management

Brief module label: SM_MA_OrgAsp_Sicherheitsmanagement

Module description: Organizational Elements of Security Management


Security Leadership and Strategy Development Physical Security


Classification in the curriculum: SM Ma, 2nd semester, required module




Private lecturer: Prof. Dr. Sachar Paulus, Dr. Oliver weissmann,

Holger Könnecke, Gerhard Reinhardt


Prerequisites: None

ECTS-Credits: 6



Lecture: 2 x 15 hours Working on examples: 2 x 15 hours


Written report + presentation and/or oral examination


6,25 of the final grade

Learning outcomes:

The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning:

• Knowing the principles of successful corporate governance

• Influencing the corporate leaders for observing the

security aspects and for constructive handling of crisis

situations

• Derivation of a security strategy and security goals out of

the corporate strategy

• Development of a strategy to strengthen the ethical

aspects of corporate governance

• Resolution of conflicts

• Knowing the methods of protection and safety engineering

• Analysis of the possibilities of use and effectiveness of

protective mechanisms against elementary damage,

mechanical safety installations, hazard alert systems and

surveillance systems

• Planning of a security system network


• Evaluation of solutions available in the market

• Appraisal of the legal aspects for the deployment of

individual security mechanisms

Contents:

• Functions of corporate governance (development of

corporate goals, principles, culture; Formulation of

strategies; Human Resources and Negotiations

Management; international aspects in the global

competition)

• Integration of security goals with the corporate strategy

• Ethical aspects of corporate governance (anti-corruption

strategies, Code of Conduct etc.)

• Conflict management (conflict diagnosis, typology of

conflicts, escalations, strategies for conflict handling)

• Fundamentals of building safety

• Terminology and overview of areas of tasks and available

options

• Engineering principles

• Physical attacks and their effect

• Elementary damage

• Attackers, their aims and methods of attack

• Weapons and their effect

• Radiation of electronic devices

• Mechanical safety systems and access control

• Locks, locking systems and their security

• Securing doors, windows and fences against attacks

• Secure storage and data cabinets

• Engineering and legal regulations and directives

• Hazard alert systems

• Fundamentals

• Burglary alarm systems

• Attack alert systems

• Installation failure alert systems

• Fire alarm and fire fighting systems


• Surveillance systems

• Technical possibilities

• Open and hidden monitoring


• Emergency planning and operational safety

• Consequential damage analysis

• Handling untoward incidents

Teaching and learning methods: Lecture

Literature:

• K. Macharzina: Unternehmensführung [Corporate

Governance]

• T. Hutzschenreuther: Krisenmanagement [Crisis

Management]

• F. Glasl: Konfliktmanagement [Conflict Management]


• B. Stackpole, E. Osendahl: Security Strategy: From

Requirements to Reality.Physical Security Systems

Handbook by Michael Kairallah, 2005.

• Current Journals and Magazines covering the topic: kes,

Der Sicherheitsberater [The Safety Advisor], S&I.



6. Network Security

Brief module label: SM_Ma_Network Security

Module description: Network Security






Author: Prof. Dr. Eberhard von Faber

Private lecturer: Dipl. Ing. Dietmar Hausmann


Prerequisites:

Importance of IT security and its role in practice; technical and

physical basic knowledge; knowledge of the basics of Internet networks, Operating Systems and cryptography-based

techniques

ECTS-Credits: 6

Total workload and ist composition: 180 hours = 60 hours of attendance and 120 hours of self-study

Form of teaching/semester hours per

week: Lectures at least 30 hours, practice at least 30 hours

Study and examination achievements: Written report + presentation or oral examination


6,25 % of the final grade

Learning outcomes:

• Familiarization with the threats and challenges in networks,

including important counter measures in the form of

protocols and various security solutions

• Familiarization with the functioning of these solutions,

understanding of their use, operation and interaction; ability

to integrate and deploy independently some of these

solutions; familiarization with supplementing measures and

solutions

• Development of ability to analyse requirements and

industrial practical factors and to integrate solutions based

on the practical example of an industrial solution

• Familiarization with security modules and embedded

systems as core components for distributed systems;

properties, challenges and use

Contents: • Extended principles of Internet networks (TCP/IP Protocol,


ISO/OSI, Routing, active components, cryptography)

• Dangers in the use of IT, categories of threats, weak points

and hazards

• Security management, security audits with tools, network

monitoring and network logging

• Attacks and counter measures

• Cryptography applications (encrypted communication, VPN

protocols, certificates)

• Web Server Security, Email security

• In depth study and practical application of project topics on

Firewalls, Honeypots and Intrusion Detection Systems,

WLAN security and VPN

Teaching and learning methods: Combination of lectures, exercises based on one’s own computer and lab exercises; lectures deploying different media;

tasks and exercise examples; control questions/revision course

Literature:

• Cisco Networking Academy: CCNA Exploration Companion

Guide, Vol. 1-4, Cisco Press, 2008

• Alexander Michael: Netzwerke und Netzwerksicherheit - Das

Lehrbuch [Networks and Network Security – the text book],

Hüthing publishers, 2006.

• Plötner Johannes, Wendzel Steffen: Praxishandbuch

Netzwerk-Sicherheit [Practical Manual of Network Security],

Galileo Computing, 2007.

• Other reference works on special project topics (VPN, IPSec,

IPv6, IDS, WLAN, Attacks, and many more)

Scripts and other teaching materials will be distributed directly to the students during the lecture, or made available on the

learning platform of the university.



7. Mathematical and Technical Foundations of IT-Security

Brief module label: SM_MA_MathTechGrundlagen

Module description: Mathematical and Technical Foundations of IT-Security


Foundations of Forensics and Auditing Foundations of Technical Security






Private lecturer: Prof. Dr. Igor Podebrad, Prof. Dr. Michael Syrjakow


Prerequisites:

ECTS-Credits: 6


Form of teaching/semester hours per

week: Lecture: 2 x 30 hours

Study and examination achievements: Written or oral examination


6,25% of the final grade

Learning outcomes:

The course “Foundations of Forensics and Auditing” aims to enable the students to acquire knowledge and skills in the

following aspects of learning: • Application of the mathematical and technical

foundations to security, especially:

• Organisation of IT forensic analyses and IT audits

• Operating IT systems while taking into account the

requirements of IT forensics and IT auditing

• Development and implementation of IT forensics related

security guidelines

• Evaluation of the usability of IT audit results for

forensics

The course “Foundations of Technical Security” aims to enable

the students to acquire knowledge and skills in the following aspects of learning:

Symmetric encryption : theories of secure encryption ,

classical encryption methods , block ciphers (DES , AES ) ,


stream ciphers , encryption modes (eg, CBC ) , attacks

Asymmetric encryption : RSA , Diffie-Hellman key

exchange, mathematical foundations ( Euclidean algorithm ,

modular arithmetic , etc. ), attacks

Message authentication , digital signatures , public key

infrastructure ( PKI ) , attacks

Current trends in cryptography ( quantum cryptography ,

etc. )

Contents:

• Legal prerequisites for IT forensics

• Principles of IT auditing

• Organisation of IT forensic analyses

• Fundamentals of Cypher

Teaching and learing methods: Lecture and exercises in small groups

Literature:

• IT-Forensik [IT Forensics] by Alexander Geschonnek,

2011

• The Basics of Digital Forensics: The Primer for Getting

Started in Digital Forensics by John Sammons, 2012

• Wolfgang Ertel: Angewandte Kryptographie; Fachbuchverlag Leipzig im Carl Hanser Verlag, 2003.

• Klaus Schmeh: Kryptografie: Verfahren, Protokolle,

Infrastrukturen; dpunkt Verlag, 2009.



8. Secure ICT Infrastructures and IT Services

Brief module label: SM_MA_SichereIKTInf_ITDienste

Module description: Secure ICT Infrastructures and IT Services


Secure ICT Infrastructures & IT Services; Part A Secure ICT Infrastructures & IT Services; Part B

Duration of module: Two terms

Classification in the curriculum: SM Ma, 1st and 2nd semester, required module

Usability of the module: The two courses of this module can be choosen in any sequence


Author: Prof. Dr. Eberhard von Faber

Private lecturer: Dr. Eberhard von Faber


Prerequisites:

Importance of IT Security and its role in practical applications; technical and physical principles; basics of internet network

technology, operating systems and cryptology technologies. Basic knowledge of business processes and corporate

governance; Knowledge of Information and Communications Technology: Applications, Systems and Networks, including

the underlying technology.

ECTS-Credits: 6


study


per week:

2 x 30 hours lecture using different media, project work and

self testing elements.

Study and examination

achievements: written or oral examination

Weighting of the grade in the overall

grade: 6,25% of the final grade

Learning outcomes:


and skills in the following aspects of learning: Part A:

• Development of the ability to integrate the required

solutions adequately into various ITC infrastructures and

usage scenarios; familiarization with service models

including Cloud Computing and its implications

• Development of ability to analyse requirements and

industrial practical factors and to integrate solutions

based on the practical example of an industrial solution

• Understand the basics of PKI as an example of an

infrastructure for secure communication


• Testing schemes as an international infrastructure for risk

management understand and classify

Part B:

• Understanding of technologies and organisation of

modern (industrial) ITC production, and especially the

incidental security questions

• Usage and integration of IT services in business

processes; assessment of security requirements,

evaluation and selection of IT services

• Successful implementation of Identity and Access

Management (IAM): understanding of basic terminology,

architectures and technologies; planning and

implementation in companies and in complex value-added

chains

Contents:

Part A:

Integration of various solutions in the ITC network:

business processes vs. ITC; Usage scenarios vs. ITC;

service models and Cloud Computing: division of labour,

service models, security management

Learning situation of a special industry application:

requirements and solutions; Practical factors and their

outcome, result and practice in industry

PKI: an infrastructure for secure communication (visible

or invisible; function, realization, practice)

Assurance: an infrastructure for “Trust” and “Security” in

a (global) division of labour in industrial value-added

chains

Part B:

Fundamentals of ITC production; ITC architectures and

infrastructure elements; Security aspects; Management of

solutions for the system and network security; processes

and organisation; Tasks ranging from weak point

management to Disaster Recovery

User and Producer: IT services; Security requirements,

evaluation, selection and integration; Security and risk

management in “outsourcing”, basic problems and

“sourcing” models

Enterprise Security Architecture: ICT Production, Service

Design, Transition, Service Delivery Management,

Security Management, GRC

Basic terminology IAM (from Identification to

Accounting),

Authentication: Types, methods, technologies; problems

and solutions; Architectures and distributed systems (e.g.

LDAP, RADIUS, Kerberos, ESSO, Single Sign-On,

Federation),

Authorization: Services and limitations; Strategies (DAC,


MAC, RBAC, IF); Realization (Groups, Roles, ACL,

Capabilities); Alternatives; Trends and Outlook including

DRM,

Identity Management: Administrative tasks, Registration,

Workflows, Enrolment; Credential Management, User Self-

Service, UHD etc.

Accounting; Analytics; Attestation; Intelligence, SOD

IAM-Architectures (the whole picture); Infrastructures

Erection and implementation of IAM programs in large

enterprises

Teaching and learning methods: Lecture utilizing various media, in depth study and self checks, including control questions/revision course

Literature:

Alexander Tsolkas and Klaus Schmidt: Rollen und

Berechtigungskonzepte, Ansätze für das Identity- und

Access Management im Unternehmen [Roles and

Authorization Concepts, Approaches for the Identity and

Access Management in the Company]; August 2010,

Vieweg+Teubner

Martin Kappes: Netzwerk- und Datensicherheit, Eine

praktische Einführung [Network and Data Security, A

Practical Introduction]; Vieweg+Teubner

Hans-Peter Königs: IT-Risiko-Management mit System,

Von den Grundlagen bis zur Realisierung. Ein

praxisorientierter Leitfaden [IT Risk Management with

System, From the Basics to Realization. A Practice-

oriented Guide], Vieweg

Claudia Eckert: IT Security, Concepts - Methods –

Protocols

Eberhard von Faber and Wolfgang Behnsen: Secure ICT

Service Provisioning for Cloud, Mobile and Beyond;

Springer-Vieweg Current Journals and Magazines on the topic: kes, Der

Sicherheitsberater [The Security Advisor], S&I.

Anderson, Ross: Security Engineering, A Guide to Building

Dependable Distributed Systems; John Wiley & Sons

Common Criteria for Information Technology Security

Evaluation; www.commoncriteriaportal.org or ISO 15408

Students will receive scripts, further literature and other

material in the course.



9. Secure Systems Lifecycle Management

Brief module label: SM_MA_SecureSystems

Module description: Secure Systems Lifecycle Management



Classification in the curriculum: SecMan Master, 2nd semester, required module

Usability of the module: The module can also be offered as compulsory optional module for WI [Information Systems] and Computer Science

Master degree programs.



Private lecturer: Prof. Dr. Friedrich Holl

Language of instruction: 80% German, 20% English

Prerequisites:

Initial experience in programming web applications for an

exemplary scenario. Normally, this should be ensured by studies completed until this point of time. Alternatively: self-

study, for example, based on PHP 5.3: Program Dynamic Websites Professionally by Christian Wenz and Tobias Hauser

(December 2009)

ECTS-Credits: 6


study


per week: 30 h lecture, 30 h exercises and supervised self-practicioning


achievements: Practical examination + presentation or oral examination


overall grade: 6,25% of the final grade

Learning outcomes:


and skills in the following aspects of learning: • Knowing and application of Best Practices taught during

the development of IT based systems for secure software

• Development of acceptance criteria for non-functional

security requirements

• Carrying out threat models

• Avoidance of weak points during the development

• Carrying out security checks

• Secure installation and operation of software

• Establishment of a Security Response Program

• Analysis of existing software for security-related weak


points

• Development and implementation of a protective program

for software during the system development

• Establishment of a Management System for security in

the development process, and integration of such

Management System into a possibly available quality

process

• Carrying out security analyses (“Hacking”)

• Presentation of investigation results

Contents:

Basic principles of secure software development: • Security requirements

• Safe designing and threat models

• Architecture analyses

• Secure coding

• Security checks

• Secure systems

• Security Response

• Protection of own software against manipulation and

know-how theft

Teaching and learning methods:

Interactive combination of lecture, exercises on own

computer, lab exercises, preparation and presentation of content, demonstration of concepts, practical tasks in groups.

Literature:

Basiswissen sichere Software [Basics of secure software] by Friedrich Holl, dpunkt 2011.

Software-Qualität, Testen, Analysieren und Verifizieren von Software [Software Quality, Testing, Analysis and Verification

of Software] by Peter Liggesmeyer, Spektrum Akademischer

Verlag, 2002. Writing Secure Code by Michael Howard & David LeBlanc,

2003 www.owasp.org


http://www.owasp.org/


10. Scientific Writing

Brief module label: SM_MA_WissSchreiben

Module description: Scientific Writing


Semester Thesis 1 Semester Thesis 2

Duration of module: Two terms

Classification in the curriculum: SecMan Master, 1st and 2nd term, required module




Private lecturer: Prof. Dr. Friedrich Holl and all other participating teaching

faculty members


Prerequisites:

ECTS-Credits: 3



Each semester 15h lecture and 15h seminar including presentations by students


Written assignments


6,25% oft the final grade

Learning outcomes: Preparation of scientific papers related to the topic of security

Contents:

• Methods of collection of data (statistics, interviews,

primary/secondary sources)

• Source discussion: research, reading, evaluation

• Creative techniques and self-organisation

• Situation-related requirements for writing styles

(advertising, press releases, scientific papers etc.)

• Preparation of an exposé

• Methodical structure of scientific papers

• Phases of scientific working methods

• Material collection and research

• Material evaluation and selection

• Material and topic processing

• Method of quoting

Teaching and learning methods: Lecture, discussion, presentation of own results.


Literature:

• DIN 1421 (Classification and Numbering System in texts)

• Eco, U. (2005)

• Wie man eine wissenschaftliche Abschlussarbeit schreibt -

Doktor-, Diplom- und Magisterarbeit in den Geistes- und

Sozialwissenschaften [How to Compile Final Thesis for

Doctorate, Graduate and Postgraduate Studies in

Humanity and Social Science Studies], Müller, Heidelberg,

• Theisen, Manuel R.: Scientific Papers – Technique &

Methodology, Form, 2000.

• Peterssen, Wilhelm H.: Scientific Papers - An Introduction

for School and Studies, 1999.



11. Project

Brief module label: SM_MA_Projekt

Module description: Project


Duration of module: One term

Classification in the curriculum: SecMan Master, 2nd term, required module




Private lecturer: Prof. Dr. Friedrich Holl and all other participating teaching

faculty members


Prerequisites:

ECTS-Credits: 6



Lecture: 15 h Practical, demonstration of work: 45 h


Practical work + presentation


6,25% of the final grade

Learning outcomes:

This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:

• Conducting security projects

• Planning a security-related project while following all

requirements of security

• Application of project management methodologies

Contents:

Problem identification:

- Systematic preparation of the “State of the Art”

technology

- Integration into the available practical context

- Basic conditions of deployment

- Use of different techniques of analysis such as interview

method, questionnaire Delphi method, preparation of the

context concerning documents and so on.

Development of expected concepts: - Systematically founded development of a practice-


oriented approach to solutions

- Use of creative methods

- Cost-benefit analyses

- Development of basic conditions for deployment

Prototypical implementation

- the prototypical implementation is carried out by

developing a software prototype

- implementation in an enterprise/organisation

or e.g. development of an application for R&D sponsorship

Teaching and learning methods: Lecture, practical work in groups comprising maximum 7

participants, presentation of own results.

Literature: A Guide to the Project Management Body of Knowledge, PMI,

2008

Additional information: For this course, the candidate’s willingness to undertake

practical work with cooperating partners is a prerequisite.


12. Master’s Thesis

Brief module label: Master‘s Thesis

Module description: Master’s Thesis incl. Master’s Seminar



Classification in the curriculum: SecMan Master, 3rd term, required module




Private lecturer: The masterthesies All faculty members of the university

teaching in the course

Language of instruction: German / English (as per student’s option).

Prerequisites: Only candidates may register themselves for Master’s Thesis, who have successfully completed all examinations and course

achievements except the compulsory optional modules

ECTS-Credits: 21

Total workload and its composition: 600 hours of self-study


per week: Self-study.


achievements:

Master’s Thesis (85,5%)

Colloquium (12,5%)


overall grade: 30% of the final grade

Learning outcomes:


and skills in the following aspects of learning: • Preparation of a scientific paper under the guidance with

own creative and/or constructive portions of the topic

“Security Management” within a period of 4 months

(8month in part-time-mode).

• Presentation and discussion of the results.

Contents:

The Master’s Thesis is intended as related preoccupation with an extensive topic and the resulting solution for a theoretical

or practical problem. The Colloquium is an oral examination where the candidate

presents the outcomes of is study.

Teaching and learning methods: Self-study under guidance, presentation and discussion (oral

exam)

Literature: • Booth, W. C. et a. (1995). The draft of research. Chicago


London

• Brown, S. R. et al. (1990) Experimental Design and

Analysis. London

• Cialdini, R. B. (2001). Influence, Science and Practice.

Bosten, M.A.

• Hussley, J., Hussley, R. (1997). Business Research. A

practical guide for undergraduate and postgraduate

students

• Karmasin, M. et al. (1999). Die Gestaltung

wissenschaftlicher Arbeiten: ein Leitfaden für Haus-,

Seminar- und Diplomarbeiten sowie Dissertationen [The

Designing of Scientific Papers: A Guide for Homework,

Seminar and Graduation Papers and Dissertations].

Vienna

• Pyrczak, S. et. Al. (1998). Writing empirical Research

Reports. Los Angeles. C.A.

• Seale, C. (1999). The quality of quantitative research.

London

• Trachim, W. M. K. (2000). The Research Knowledge Base.

Cincinatti. Ohio


Catalogue of Modules M. Sc. Security Management...

Documents

Transcript of Catalogue of Modules M. Sc. Security Management...