Information Management and IT Security: Curriculum

1. Semester

Name ECTS
SWS
Module 1 IT-Security Technical Basics (MOD1)
German / kMod
9.00
-
Cyber Security Threats (CST)
German / ILV, FL
3.00
2.00

Course description

The course provides basic knowledge about common Cyber attacks, their impact on businesses and individuals and explains how these attacks can be mitigated or their impact can be reduced.

Methodology

Integrated course. Combination of eLearning, self organized learning and execises (Seminararbeit)

Learning outcomes

After passing this course successfully students are able to ...

  • Be able to identify the most common cyber-attack vectors
  • To characterize this in terms of type of attack vector, success and impact on a company
  • To describe effective protective measures in the fields of perimeter and network security, client / server security for defeating or weakening cyber-attacks
  • prioritize security countermeasures with regard to cost/benefit.
  • Learn about the importance of security awareness

Course contents

  • Attack and attack types (Drive-By Attacks, APT (Advanced Threats persistence), exploits, spear phishing, Watering Hole Attacks, Fast Flux networks, denial of service attacks) Malware and malware types (malware, spyware, rootkits, Internet Worms) Mitigation techniques (perimeter security by suitable Next Generation / UTM firewalls and client / server protection software) OS and Application Hardening (emphasis on client / office applications) Learn about the benefit of using the CVSS (Common Vulnerability Scoring System) Cyber Crime and Cyber War, construction, structure and operations of Cyber Gear Early detection of some attack vectors (for example, drive-by downloads) Security Awareness

Prerequisites

Basic understanding to client / server applications Networking basics (TCP / IP and Internet protocols such as HTTP, HTTPS, FTP ...) Basic understanding of Web applications and Client Side Applications Basic understanding of operating systems (Windows, Linux) Experience in the administration of IT systems (client / servers / firewalls) is advantageous but not mandatory

Literature

  • Daniel W. Dieterle, “Basic Security Testing with Kali Linux”, ISBN-10: 1494861275, ISBN-13: 978-1494861278
  • Greg Hoglund, Jamie Buttler, “Rootkits: Subverting the Windows Kernel”, ISBN-10: 0321294319, ISBN-13: 978-0321294319
  • Microsoft Corporation, „Own your Space“, Linda McCarthy, Denise Weldon-Siviy, ISBN 978-0-615-37366-9, online kostenlos als PDF eBook zum Download unter https://www.microsoft.com/en-us/download/confirmation.aspx?id=1522
  • RISKS Forum (moderated by Peter G. Neumann), online unter http://catless.ncl.ac.uk/Risks/
  • Rick Lehtinen, Computer Security Basics, 2nd Ed.O’Reilly, ISBN-10: 0596006691, ISBN-13: 978-0596006693,
  • SANS, Critical Security Controls for Effective Cyber Security, Online unter http://www.sans.org/critical-security-controls/
  • Szor Peter, “The Art of Computer Virus Research and Defense”, ISBN-10: 0321304543, ISBN-13: 978-0321304544,
  • Additional Literatur will be provided in the CIS download area on demand

Assessment methods

  • Final exam in the form of a (group) seminar paper
IT Security (ITS)
German / ILV, FL
6.00
4.00

Course description

Tour across the fundamentals of IT-security for the purpose of repetition and consolidation: crypto methods, authentication, access control, network/internet security, software, software security, malware.

Learning outcomes

After passing this course successfully students are able to ...

  • differentiate and to characterize cryptographic methods in reference to the basic information security attributes.
  • distinguish and evaluate mechanisms, concepts and models of access control in consideration of identification, authentication and rights management (also in distributed environments).
  • identify requirements of communication security (networks, services, distributed systems) and to describe needed methods and protocols.
  • characterize software security and categorize common vulnerabilities, threats resp. malware.

Course contents

  • Consolidation of crypto methods:
  • symmetric vs. asymmetric algorithms
  • signatures
  • authenticity
  • key-management and -infrastructuresAccess control:
  • identification and authentification
  • AAA-systems in distributed environments
  • single sign on
  • autorisation and rights-management
  • security concepts and models
  • trusted computing
  • firewalls and idsNetwork security:
  • categorisation
  • OSI-security architecture
  • security problems of TCP/IP
  • tunneling-protocols (L2TP, IPsec/IKE, TLS)
  • mechanisms and applications (SSH, S/MIME, PGP)
  • wlan-security
  • security issues of internet services and web-applicationsActual threats:
  • secure programming
  • malware
  • actual reports

Prerequisites

Fundamentals of computer science, Cryptography and information theory, Operating Systems, Computer Networks, Distributed Systems

Literature

  • Stallings, William: Computer Security – Principles & Practice, Pearson, 3/E, ISBN: 9781292066172

Assessment methods

  • Course immanent assessment, presentation and end exam
Module 2 Security Management Basics (MOD2)
German / kMod
6.00
-
IT Processes (INFM)
German / ILV, FL
3.00
2.00

Course description

Explanation of basic ideas, concepts and impact of information processes; influence on as well as relation to information, process and knowledge management; security-related issues regarding the "regular" usage of information

Methodology

Pre-readings, case-studies, tasks and discussions in workgroups, homework

Learning outcomes

After passing this course successfully students are able to ...

  • formulate and motivate requirements for information processes – based on an understanding of information processes being the essential foundation of any operational management
  • identify the interrelations of information and security management and to deduce essential principles for a secure information management from that.

Course contents

  • Information processes as basics of every organisational action
  • Information management model
  • Process management
  • Basic processes needed for knowledge management
  • Necessary changes of classic information processes provoked by Web 2.0
  • IT-Strategy
  • Basics of IT-Governance & IT-Controlling

Prerequisites

Basic ICT knowledge

Literature

  • Krcmar, Helmut: Einführung in das Informationsmanagement, Springer Gabler
  • Laudon, Kenneth C. / Laudon, Jane P. / Schoder, Detlef: Wirtschaftsinformatik: Eine Einführung, Addison-Wesley-Verlag,
  • Additional readings will be provided

Assessment methods

  • reading-tests, homework and end exam
Risk Management & Policies (RMP)
German / ILV, FL
3.00
2.00

Course description

Introduction into the topics (IT) risk management & policies from the perspective of a security professional

Methodology

integrated course (lecture, exercises, discussions, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • Implement and continually improve (IT) Risk Management in organizations/institutions with the aid of relevant standards and best practices
  • Create and operate effective (security) policies within an organization

Course contents

  • Risk Management Process
  • Risk Management System
  • (Security) Policies
  • Standards, Policies & Best Practices

Prerequisites

Information security & information security management basics, standardization (ISO) fundamentals, self-responsibility

Literature

  • ISO 27001:2013
  • ISO 31000:2009
  • ONR 4900x:2014
  • Information Security Risk Management, Klipper
  • Risikomanagement als Führungsaufgabe: Umsetzung bei strategischen Entscheidungen und operationellen Prozessen, Brühwiler

Assessment methods

  • term paper, written exam
Module 3 Architecture & Design (MOD3)
German / kMod
4.50
-
Project Work 1 (PRJ1)
German / PRJ
1.50
1.00

Course description

Planning and implementation of simple R&D projects in small teams. In the first part a state of the art analysis is done and application scenarios and functional requirements are defined.

Methodology

Project work

Learning outcomes

After passing this course successfully students are able to ...

  • do a state of the art and a market analysis based on the problem description
  • define application scenarios and functional requirements for the project
  • elaborate vision, description, goals and project environment as part of a first version of the project handbook
  • write a simple scientific paper based on the first results

Course contents

  • Planning and implementation of R&D projects in teams
  • Maintain a project handbook
  • State of the art analysis (scientific, technical)
  • Market analysis
  • Definition of application scenarios
  • Definition of functional requirements

Prerequisites

Depends on project

Literature

  • Depends on project

Assessment methods

  • Remarks are given as a combination of project results and project management.
Security Structures (SIS)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of information security so that in terms of learning projects applying relevant remuneration are discussed. In addition, basic knowledge is provided, which serve to identify information security as an interdisciplinary task in the context of security-relevant processes.

Learning outcomes

After passing this course successfully students are able to ...

  • nominate essential security risks in the use of information and communication systems and the fundamental security mechanisms
  • describe the common methods for risk and security analysis
  • nominate the basic principles of information security and data protection

Course contents

  • Information Security Managment: - Overview and Objectives
  • Nationale und internationale frameworks for innformation security management: - Austrian Information Security Manual, - Germany Federal Office for Information Security – Baseline Protection Manual, - ISO/IEC 2700n – „Information Technology – Security Techniques – Information Security Management Systems – Series“, - ISO/IEC 2000 – „Information Technology – Service Management“, - ISO 31000 – „Enterprise Risk Management“, - USA National Institute of Standards and Technology – NIST 800-30 Risk Management, ENISA Risk Management, - Menaces Informatiques & Pratiques de Sécurité Glossaire des menaces – MEHARI, - The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - Carnegie Mellon University - Payment Card Industry Data Security Standard (PCI-DSS) - In the exercises, the emphasis is on hands-on training using practical case studies in the context of guided small projects.

Prerequisites

Theoretical and practical basic knowledge of computer science especially knowledge of the ISO / OSI network architecture and TCP / IP protocols. Knowledge of project and process management.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Kriha Walter, Schmitz Roland: Internet-Security aus Software-Sicht - Grundlagen der Software-Erstellung für sicher-heits¬kritische Bereiche, Springer, 2009, ISBN 978-3-540-68906-5

Assessment methods

  • Course immanent assessment method in the learning projects with presentations and written partial / final exam.
Module 4 Selected Topics 1 (MOD4)
German / kMod
6.00
-
Computer Forensics (Elective Course) (WF7)
German / ILV, FL
3.00
2.00
Introduction to Quantum Cryptography (Elective Course) (WF9)
German / ILV, FL
3.00
2.00
Requirements Engineering (Elective Course) (WF8)
German / ILV, FL
3.00
2.00
Security Architectures with Firewall Technologies (Elective Course) (WF3)
German / ILV, FL
3.00
2.00
Security in Mobile Networks and Smartphone Apps (Elective Course) (WF10)
German / ILV, FL
3.00
2.00
White Hat - Offensive Security 1 (Elective Course) (WF11)
German / ILV, FL
3.00
2.00
Module 5 Personal Skills 1 (MOD5)
German / kMod
4.50
-
Intercultural Communication (ICOM)
English / SE
1.50
1.00

Course description

We aim at raising intercultural awareness and broadening the students’ horizons

Learning outcomes

After passing this course successfully students are able to ...

  • interpret the challenges of communicating with members of other cultures
  • describe the potential of working in an intercultural team

Course contents

  • Terms and theories of culture: Johari window, Iceberg theory etc.
  • Manifestations of culture
  • Inside and outside perspectives on culture

Prerequisites

Completion of previous semester courses

Literature

  • Lewis, R.D. et al (2012) When Cultures Collide 3rd ed., Nicholas Brealey International
  • Additional current handouts and audio-visual support

Assessment methods

  • active participation in class activities and timely completion of assignments
Leading Project Teams (FIT)
German / SE
1.50
1.00

Course description

In the course the students get to know main principles of leading teams.

Methodology

On the one hand there will be lectures about project and team management and on the other hand there will be plenty of group and teamwork.

Learning outcomes

After passing this course successfully students are able to ...

  • explain the role of leadership in the different stages of team development (for example by Tuckman) and to derive relevant leading actions (for example directive leadership in the forming phase).
  • diagnose dynamics in project teams using models (for example Rank Dynamics, Drama Triangle, TZI) and to develop and argue case-related concrete opportunities for activities (for example delegation of responsibility, critical discussion).

Course contents

  • Leadership styles and actions (in leading projects teams)
  • Leadership tools in project teams
  • Consequences of not leading
  • Role conflicts "colleague" and "project leader"
  • Conflicts and difficult situations in leading project teams

Literature

  • Cronenbroeck, Wolfgang (2008): Projektmanagement, Verlag Cornelsen, Berlin
  • DeMarco, Tom (1998): Der Termin – Ein Roman über Projektmanagement, München: Hanser
  • Kellner, Hedwig (2000): Projekte konfliktfrei führen. Wie Sie ein erfolgreiches Team aufbauen, Hanser Wirtschaft
  • Majer Christian/Stabauer Luis (2010): Social competence im Projektmanagement - Projektteams führen, entwickeln, motivieren, Goldegg-Verlag, Wien

Assessment methods

  • Course immanent assessment method and seminar papaer

Anmerkungen

none

Project Management 1 (PRM1)
German / ILV
1.50
1.00

Course description

The training shows the special aspects of the project management for engineers. The content of this course is based on the PMI Standard, expanded with lectures about agile methods, cost estimation and team work. This course focuses on project management for technical projects, consulting projects and research projects.

Methodology

Lecture, Practise, Case studies

Learning outcomes

After passing this course successfully students are able to ...

  • to name basic processes and standards of project management
  • to name the sub-processes of the PMI with their essentially input and output factors
  • to name and use selected methods and techniques of Projectmanagement
  • to select and bring to use an appropriate procedure for processing a project

Course contents

  • Projectmanagement, PMI, PMBOK, 5th edition:
  • Project Management Basics and organisational aspects
  • Project Integration Management
  • Project Scope Management
  • Project cost estimate
  • Project process models
  • Agile methods
  • Project Time Management
  • Project Stakeholder Management
  • Teamwork
  • Case studies

Prerequisites

Knowledge Software Engineering or Requirements Engineering and first experiences in project management.

Literature

  • Jakoby, W. (2013): Projektmanagement für Ingenieure, 2. Auflage, Springer Verlag
  • PMBOK (2014) - A Guide to the Project Management Body of Knowledge (PMBOK® Guide) - 5th Edition

Assessment methods

  • Case Study
  • Presentation
  • End exam

Anmerkungen

None.

2. Semester

Name ECTS
SWS
Module 10 Personal Skills 2 (MOD10)
German / kMod
4.50
-
Advanced English Communication (AEC)
English / SE
1.50
1.00
IT Law (ITR)
German / VO
1.50
1.00
Project Management 2 (PRM2)
German / ILV
1.50
1.00
Module 6 Applied IT-Security (MOD6)
German / kMod
9.00
-
ICT Architectures (IKT)
German / ILV, FL
3.00
2.00
Incident Management (INMA)
German / ILV, FL
3.00
2.00
System Integration (SINT)
German / ILV, FL
3.00
2.00
Module 7 Information Security Management (MOD7)
German / kMod
6.00
-
Applied Information Security (AINF)
German / ILV, FL
3.00
2.00
Information Security Management (ISM)
German / ILV, FL
3.00
2.00
Module 8 Project (MOD8)
German / iMod
4.50
-
Project Work 2 (PRJ2)
German / PRJ
4.50
2.00
Module 9 Selected Topics 2 (MOD9)
German / kMod
6.00
-
Big Data and Data Retrieval (Elective Course) (WF15)
German / ILV, FL
3.00
2.00
CISSP Introduction (Elective Course) (WF16)
German / ILV, FL
3.00
2.00
Detection and Prevention of Cyber Attacks (Elective Course) (WF19)
German / ILV, FL
3.00
2.00
ITIL Foundation (Elective Course) (WF6)
German / ILV, FL
3.00
2.00
Securityaspects of Cloud Computing (Elective Course) (WF17)
German / ILV, FL
3.00
2.00
White Hat - Offensive Security 2 (Elective Course) (WF22)
German / ILV, FL
3.00
2.00

3. Semester

Name ECTS
SWS
Module 11 Information Security Organization (MOD11)
German / kMod
9.00
-
Business Continuity & Desaster Recovery (BCDR)
German / ILV, FL
3.00
2.00
Current Topics in Security & Privacy (AIS)
German / ILV, FL
3.00
2.00

Course description

The course provides a brief theoretical overview of privacy or account privacy enhancing technologies (PET) and allows students to experiment with different system and evaluate them.

Methodology

Lectures, presentations, assignments, exam

Learning outcomes

After passing this course successfully students are able to ...

  • explain the theoretical concepts of homomorphic cryptography, k-anonymity and l-diversity
  • use Tor in a secure way and explain its configuration
  • evaluate different privacy and crypto tools such as OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger

Course contents

  • Homomorphic Cryptography,
  • k-anonymity & l-diversity,
  • Differential privacy
  • Identity management & Pseudonmity
  • Access management
  • System Architectures for identity management systems
  • Tor – The Onion Router
  • Online anonymity & Web Privacy, Fingerprinting, Metadata, Censorship
  • Certificate Trust Model
  • Applied examples: Kerberos, OAuth, Mozilla Persona, Facebook Connect etc.
  • Crypto tools (OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger)

Prerequisites

- Basic algebra (high school level)- Fundamental programming skills- Basic experience in system administration / Linux.

Literature

  • Current research articles will be provided by the lecturer.

Assessment methods

  • Presentation in groups
  • Written assignment and documentation of practical work
  • Written final exam.
Integrated Management Systems & Audit (IMA)
German / ILV, FL
3.00
2.00
Module 12 Specialization (MOD12)
German / iMod
10.50
-
Specialization (SPEC)
German / PRJ
10.50
2.00

Course description

Scientific analysis of special fields concerning the topics of the individual master theses in small groups. Formulation of scientific research question, literature research, state of the art and discussion of current research results as input an possible basis of the individual master theses.

Methodology

Work in small groups on course-relevant areas.

Learning outcomes

After passing this course successfully students are able to ...

  • prepare scientific and practical principles, methods, technologies and applications in the field of the respective master thesis
  • use the results of LV to realize their master thesis according to the requirements on a scientifically exalted level

Course contents

  • Literature research and state of the art (list of literature), discussion of scientific papers and developing synergies, work on scientific questions and methodologies, Master Thesis proposal, Source and knowledge map

Prerequisites

Technical expertise of the preceding semesters, Scientific Work

Literature

  • depends on selected field

Assessment methods

  • course immanent
Module 13 Selected Topics 3 (MOD13)
German / kMod
6.00
-
Cost Estimate and Feasibility Study of SW and ICT Projects in Practice (Elective Course) (WF4)
German / ILV, FL
3.00
2.00
Reverse Engineering and Malware Analysis (Elective Course) (WF5)
German / ILV, FL
3.00
2.00
Web Application Security (Elective Course) (WF6)
German / ILV, FL
3.00
2.00
White Hat - Offensive Security 3 (Elective Course) (WF3)
German / ILV, FL
3.00
2.00
Module 14 Personal Skills 3 (MOD14)
German / kMod
4.50
-
IT-Governance (ITG)
German / ILV, FL
3.00
2.00

Course description

Introduction into the topics governance & audits from the perspective of a security professional

Methodology

integrated course (lecture, exercises, discussions, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • implement and continually improve IT Compliance & Governance (Risk Management) in organizations/institutions with the aid of security relevant standards and best practices
  • analyze and evaluate security and quality requirements in organizations/institutions based on internal or external audits

Course contents

  • internal & external Audits, international standards & frameworks (e.g. ISO 9001, 20000, 27001, ISAE 3402,...), standardization, IT & enterprise risk management & governance

Prerequisites

Information security & information security management basics, standardization (ISO) fundamentals, self-responsibility

Literature

  • ISO 9001:2015
  • ISO 20000:2011
  • ISO 27001:2013
  • ISO 31000:2009
  • ONR 4900x:2014

Assessment methods

  • term paper, written exam
Scientific Work (WA)
German / ILV
1.50
1.00

Course description

Scientific working

Methodology

- Workshop- Presentations- Review

Learning outcomes

After passing this course successfully students are able to ...

  • autonomously write a scientific paper/thesis at master level, adhere to the code of ethics, and to deliberate this process.
  • review a different scientific paper/thesis.
  • present a scientific paper/thesis.

Course contents

  • Scientific working techniques and literature research
  • Writing: Structure, State of the art, Related work, Reproducible proof of concept.
  • Writer’s block and writing techniques
  • Peer Review
  • Effective short presentations

Prerequisites

Bachelor Thesis

Literature

  • Justin Zobel (2009): Writing for Computer Science, Springer.
  • Brigitte Pyerin (2014): Kreatives wissenschaftliches Schreiben, Beltz Juventa.
  • articles and relevant web sites.

Assessment methods

  • Peer review of another master thesis

4. Semester

Name ECTS
SWS
Module 15 Personal Skills 4 (MOD15)
German / kMod
3.00
-
Communication in IT-Projects (KITP)
German / SE
1.50
1.00
Scientific Writing (SW)
English / SE
1.50
1.00
Module 16 Master Thesis (MOD16)
German / iMod
27.00
-
Master's Thesis (MT)
German / SO
24.00
0.00
Master's Thesis Seminar (MTS)
German / SE
3.00
1.00