IT Security: Curriculum

1. Semester

Name ECTS
SWS
Module 1 IT-Security Technical Basics (MOD1)
German / kMod
6.00
-
IT Security (ITS)
German / ILV, FL
6.00
4.00

Course description

Tour across the fundamentals of IT-security for the purpose of repetition and consolidation: crypto methods, authentication, access control, network/internet security, software, software security, malware.

Methodology

teacher centered, project, learning by teaching

Learning outcomes

After passing this course successfully students are able to ...

  • differentiate and to characterize cryptographic methods in reference to the basic information security attributes.
  • distinguish and evaluate mechanisms, concepts and models of access control in consideration of identification, authentication and rights management (also in distributed environments).
  • identify requirements of communication security (networks, services, distributed systems) and to describe needed methods and protocols.
  • characterize software security and categorize common vulnerabilities, threats resp. malware.

Course contents

  • Consolidation of crypto methods
  • Authentication
  • Access control
  • Network Security
  • Internet Security
  • Software Security

Prerequisites

Fundamentals of computer science, Cryptography and information theory, Operating Systems, Computer Networks, Distributed Systems

Literature

  • Stallings, William: Computer Security – Principles & Practice, Pearson, 3/E, ISBN: 9781292066172

Assessment methods

  • Course immanent assessment, presentation and end exam
Module 2 Secure Infrastructure (MOD2)
German / iMod
6.00
-
Secure Networks (SECNET)
German / ILV, FL
3.00
2.00

Course description

The course covers aspects and concepts of network security. Attack patterns are discussed and corresponding security concepts presented.

Methodology

lecture and discussions

Learning outcomes

After passing this course successfully students are able to ...

  • understand and explain security concepts in IT networks
  • design secure networks
  • analyse and evaluate security relevant aspects of IT network s

Course contents

  • network security
  • securing networks
  • secure communication

Prerequisites

basisc knowledge of it security basic knowledge of networking TCP/IP OSI Model

Assessment methods

  • written test
Secure Operating Systems (SECOP)
German / ILV, FL
3.00
2.00

Course description

The course deals with with operating systems basis as well as their protection. It aims to give an overview both from a defensive as well as an offensive perspective. In addition to classic operating systems, specifics of mobile and newer aspects such as virtualisation are also discussed. Course agenda: 1. Course framework, OS introduction. 2. Specifics for Linux 3. Virtualisation 4. Mobile Operating Systems 5. Windows

Methodology

The ILV teaches students through lectures, group work and a final exam. A final written exam will be carried out in the last LV unit.

Learning outcomes

After passing this course successfully students are able to ...

  • analzse the current situation as well as upcoming trends in operating system security
  • apply their knowledge about operating system methods for security within Linux/Windows
  • explain attacks against operating systems

Course contents

  • Operating sytsem introduction
  • Fundamentals of OS security
  • Security of Linux-based Operating Systems
  • Impact of Virtualisation upon Security
  • Specfiics of mobile Operating Systems
  • Specifics of Microsoft Windows Operating Systems

Prerequisites

Basics of Information Security. OS fundamentals. Basic experience in the area of Windows and/or Linux system administration.

Assessment methods

  • Final exam (must be positive)

Anmerkungen

The following grading scheme will be applied: <50% Negative > = 50% and <63% Sufficient > = 63% and <75% Satisfactory > = 75% and <88% Good > = 88% Very Good

Module 3 Architecture & Design (MOD3)
German / kMod
4.50
-
Project Work 1 (PRJ1)
German / PRJ
1.50
1.00

Course description

Planning and implementation of simple R&D projects in small teams. In the first part a state of the art analysis is done and application scenarios and functional requirements are defined.

Methodology

Project work

Learning outcomes

After passing this course successfully students are able to ...

  • do a state of the art and a market analysis based on the problem description
  • define application scenarios and functional requirements for the project
  • elaborate vision, description, goals and project environment as part of a first version of the project handbook
  • write a simple scientific paper based on the first results

Course contents

  • Planning and implementation of R&D projects in teams
  • Maintain a project handbook
  • State of the art analysis (scientific, technical)
  • Market analysis
  • Definition of application scenarios
  • Definition of functional requirements

Prerequisites

Depends on project

Literature

  • Depends on project

Assessment methods

  • Remarks are given as a combination of project results and project management.
Security Structures (SIS)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of information security so that in terms of learning projects applying relevant remuneration are discussed. In addition, basic knowledge is provided, which serve to identify information security as an interdisciplinary task in the context of security-relevant processes.

Methodology

In-depth editing of relevant subject areas and Moodle tests

Learning outcomes

After passing this course successfully students are able to ...

  • nominate essential security risks in the use of information and communication systems and the fundamental security mechanisms
  • describe the common methods for risk and security analysis
  • nominate the basic principles of information security and data protection

Course contents

  • Information Security Management: - Overview and Objective
  • National and international information security management frameworks: - Austrian Information Security Manual, - Fundamental Protection Manual of the Federal Office for Information Security, - ISO / IEC 2700n - "Information Technology - Security Techniques - Information Security Management Systems - Series", - ISO / IEC 2000 - "Information Technology - Service Management", - ISO 31000 - "Enterprise Risk Management", - USA National Institute of Standards and Technology - NIST 800-30 Risk Management, ENISA Risk Management, - Menaces Informatiques & Pratiques de Sécurité Glossaire des Menaces - MEHARI , The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - Carnegie Mellon University - Payment Card Industry Data Security Standard (PCI-DSS)
  • In the exercises, the emphasis in hands-on training is based on practical case studies in the context of tasks.

Prerequisites

Theoretical and practical basic knowledge of computer science especially knowledge of the ISO / OSI network architecture and TCP / IP protocols. Knowledge of project and process management.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Kriha Walter, Schmitz Roland: Internet-Security aus Software-Sicht - Grundlagen der Software-Erstellung für sicher-heits¬kritische Bereiche, Springer, 2009, ISBN 978-3-540-68906-5

Assessment methods

  • LV-Immanent performance assessment of tasks with presentations and written part / final exam.
Module 4 Security Management Basics (MOD4)
German / kMod
7.50
-
Intercultural Communication (ICOM)
English / SE
1.50
1.00

Course description

In the 21st century, with globalisation having become a reality above all in science, technology and business, it is crucial that our graduates have a solid understanding of intercultural communication.

Methodology

Interactive, multi-channel, real-life-based presentations and discussions, with an emphasis on student participation.

Learning outcomes

After passing this course successfully students are able to ...

  • function successfully in an intercultural, international business environment
  • explain key intercultural theories
  • the ability to adapt their own cultural behaviour

Course contents

  • Lecture modules on intercultural theory and key differences between cultures
  • Presentations of real-life examples
  • Exercises & discussions

Prerequisites

Completion of previous semester courses

Literature

  • Trompenaars, F., and Hampden-Turner C., (1998) Riding the Waves of Culture, London: Nicholas Brealey ISBN 1-85788-176-1 (on CIS)
  • Additional current handouts and audio-visual support

Assessment methods

  • Class participation (including quizzes & discussions)
  • Presentations

Anmerkungen

For further details please see the semester plan on CIS

Leading Project Teams (FIT)
German / SE
1.50
1.00

Course description

In the course the students get to know main principles of leading teams.

Learning outcomes

After passing this course successfully students are able to ...

  • explain the role of leadership in the different stages of team development (for example by Tuckman) and to derive relevant leading actions (for example directive leadership in the forming phase).
  • diagnose dynamics in project teams using models (for example Rank Dynamics, Drama Triangle, TZI) and to develop and argue case-related concrete opportunities for activities (for example delegation of responsibilty, critical discussion).

Course contents

  • Leadership styles and actions (in leading projects teams)
  • Leadership tools in project teams
  • Consequences of not leading
  • Role conflicts "colleague" and "project leader"
  • Conflicts and difficult situations in leading project teams

Prerequisites

none

Literature

  • Cronenbroeck, Wolfgang (2008): Projektmanagement, Verlag Cornelsen, Berlin
  • DeMarco, Tom (1998): Der Termin – Ein Roman über Projektmanagement, München: Hanser
  • Kellner, Hedwig (2000): Projekte konfliktfrei führen. Wie Sie ein erfolgreiches Team aufbauen, Hanser Wirtschaft
  • Majer Christian/Stabauer Luis (2010): Social competence im Projektmanagement - Projektteams führen, entwickeln, motivieren, Goldegg-Verlag, Wien

Assessment methods

  • Course immanent assessment method and seminar paper

Anmerkungen

none

Project Management 1 (PRM1)
German / ILV
1.50
1.00

Course description

This course shows the special aspects of project management for engineers. The content of this course is based on the PMI Standard and concentrates on the process groups ‘Initiation’ and ‘Planning’. The theory will be elaborated and verified on the elements of a project CANVAS. Enhancements of corporate contexts as well as methods and techniques will be given. This course focuses on project management for technical projects, consulting projects and research projects.

Methodology

Lecture, Practice, Presentations, Case studies

Learning outcomes

After passing this course successfully students are able to ...

  • ... name basic processes, phases and standards of project management
  • ... elaborate on Project CANVAS and its elements for a case project
  • ... name and use selected methods and techniques of Project Management
  • ... understand the economic and organizational context of projects

Course contents

  • Advanced Project Management - focus on project initiation and planning
  • Project Management Basics, Standards, Processes, Project CANVAS
  • WHAT - Out of Scope, Background, Problem, Objectives, Deliverables; Context: Business Case roject Management Standards
  • WHO - Team, Stakeholders; Context: Business Organization and Competencies
  • HOW - Approach, Risks, Dependencies; Context: Agility
  • WHEREBY - Time, Finance; Context: Resource Management
  • WHEREIN - Constraints, Quality; Context: Corporate Strategy

Prerequisites

Knowledge of Software Engineering or Requirements Engineering and first experiences in project management

Literature

  • Jakoby, W. (2019): Projektmanagement für Ingenieure, 4th Edition, Springer Verlag
  • PMBOK (2017) - A Guide to the Project Management Body of Knowledge (PMBOK® Guide) - 6th Edition
  • Kor, R. / Bos, J. / van der Tak, T. (2018): Project Canvas: Innovative Methoden für professionelles Projektmanagement, Schäffer-Pöschel Verlag

Assessment methods

  • Preparation of the five CANVAS topics and presentations (5 x 10 marks = 50 marks)
  • Written exam (50 marks)
Risk Management & Policies (RMP)
German / ILV, FL
3.00
2.00

Course description

Introduction into the topics (IT) risk management & policies from the perspective of a security professional

Methodology

integrated course (lecture, exercises, discussions, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • Implement and continually improve (IT) Risk Management in organizations/institutions with the aid of relevant standards and best practices
  • Create and operate effective (security) policies within an organization

Course contents

  • Risk Management Process, Risk Management System, (Security) Policies, Standards, Policies, Best Practices

Prerequisites

Information security & information security management basics, standardization (ISO) fundamentals, self-responsibility

Literature

  • ISO 27001, ISO 27005, ISO 31000, ONR 4900x
  • Information Security Risk Management, Klipper
  • Risikomanagement als Führungsaufgabe: Umsetzung bei strategischen Entscheidungen und operationellen Prozessen, Brühwiler

Assessment methods

  • term paper, written exam
Module 5 Selected Topics 1 (MOD5)
German / kMod
6.00
-
Crisis Management & Communication (Elective Course) (WF-KRIKO)
German / ILV, FL
3.00
2.00

Course description

The course teaches the basics of professional crisis management as well as the peculiarities of communication (interpersonal as well as organizational) in the event of a crisis.

Methodology

Presentations, project work, reflections

Learning outcomes

After passing this course successfully students are able to ...

  • delimit disturbances, emergencies, crises and disasters and react to the respective peculiarities.
  • to assist or support a crisis team.
  • to choose and apply appropriate management structures and processes to handle crisis situations.
  • to adapt their communication behavior to a concrete crisis situation.
  • to understand and use crisis communication as an essential element for coping with crisis situations.

Course contents

  • Standardized models for crisis management
  • Management techniques and management principles in crisis management
  • Fundamentals of the work of crisis teams
  • Special challenges to communication in crisis situations
  • Basics of crisis communication
  • Preparation and execution of exercises

Prerequisites

none

Literature

  • BM.I: "Staatliches Krisen- und Katastrophenschutzmanagement - Richtlinie für das Führen im Katastropheneinsatz", 2007 (PDF-Download)
  • Sartory/Senn/Zimmermann/Mazumder: "Praxishandbuch Krisenmanagement", MIdas Management Verlag, 2016, ISBN 978-3-907100-42-4
  • Fiederer/Ternès: "Effiziente Krisenkommunikation - transparent und authentisch", Springer Gabler, 2017, ISBN 978-3-658-14419-7
  • Müller, "Handbuch Unternehmenssicherheit - Umfassendes Sicherheits-, Kontinuitäts- und Risikomanagement mit System", Springer Vieweg, 3. Auflag, 2015, ISBN 978-3-658-10150-3

Assessment methods

  • Course immanent assessment, presentation, seminar paper
IT Infrastructure Library (ITIL) 1 (Elective Course) (WF-ITIL)
German / ILV, FL
3.00
2.00

Course description

ITIL is the most relevant framework for IT Service Management. Many companies worldwide rely on ITIL as a source of good practices to improve their capabilities in terms of providing value to their clients in the forms of IT services. This class provides basic insights into the concepts of IT Service Management based on ITIL. Terms and definitions that serve as a cornerstone are introduced and subsequently, all relevant processes are discussed – complemented by examples and insights gained from practical experience and your own analysis with regards to the applicability of ITIL in your company.

Methodology

Self-paced preparation for the class as a whole by working on the mandatory pre-test. The topics discussed in class need to be prepared by you upfront and will be discussed, elaborated on and tested.

Learning outcomes

After passing this course successfully students are able to ...

  • enumerate the different lifecycle phases of ITIL,
  • assign the processes and functions to the corresponding lifecycle phases,
  • illustrate the task sequences and activities necessary to render the processes
  • reproduce the definitions introduced by ITIL
  • elaborate on benefits and feasible risks during the establishment of IT Service Management
  • describe processes so that these can be contrasted with ITIL.

Course contents

  • General overview of IT Service Management including the evolution of ITIL and the concept of “adopt and adapt”
  • Introduction into the basic concepts of IT Service Management and the ITIL Life Cycle
  • Discussion of the five core books: Service Strategy, Service Design, Service Transition, Service Operations und Continual Service Improvement
  • BPMN in a nuthsell

Prerequisites

Prior to the beginning of this class, the mandatory pre-test hast to be completed with at least the minimum points to pass. This approach shall ensure that there is sufficient knowledge for spending the time on discussions and clarifications instead of reading what is on the slides.

Literature

  • The official five ITIL core books.
  • Slide Deck (will be provided in Moodle)
  • ITSM Primer (will be provided in Moodle)

Assessment methods

  • Papers on selected elements of ITSM need to be created and turned in (app 8 pages)
  • Multiple Choice Test on the content of ITIL
  • Immanent performance assessment (your contribution during classes will be graded)

Anmerkungen

A mandatory pre-test has to be passed in order to enroll in this class. A Premier, the slide deck and some other materials are provided for preparation. This course will be continued in the upcoming term - the slide deck and all collaterals will be used in both terms.

Information Security Management Processes (Elective Course) (WF-MINF)
German / ILV, FL
3.00
2.00

Course description

This course conveys knowledge about the management of information security as the basis of any operational activity, going beyond "pure" IT management.

Methodology

Presentations, project work, reflections

Learning outcomes

After passing this course successfully students are able to ...

  • define specific management processes to maintain information security.
  • set out special requirements of information security for various management processes.
  • explain the relationship between general information security and the specific tasks (apart from IT) to the management of a company.
  • promote a positive information security culture in a company.

Course contents

  • Specific tasks and duties of the management
  • Layer model of information security management
  • Strategic Information Security Management
  • Governance & Controlling
  • Management tasks to maintain information security
  • Specific aspects of personnel management

Prerequisites

Basic knowledge about IT operations

Literature

  • Sowa: "Management der Informationssicherheit - Kontrolle und Optimierung", Springer Vieweg, 2017, ISBN 978-3-658-15626-8
  • Libmann: "Informationssicherheit - kompakt, effizient und unter Kontrolle", epubli, 2. Auflage, 2016, ISBN 978-3-7375-9131-7
  • Müller, "Handbuch Unternehmenssicherheit - Umfassendes Sicherheits-, Kontinuitäts- und Risikomanagement mit System", Wiesbaden, 2015

Assessment methods

  • Course immanent assessment, presentation, seminar paper
Reverse Engineering and Malware Analysis (Elective Course) (WF-REV)
German / ILV, FL
3.00
2.00

Course description

Cybercrime has become a big business segment and the amount of malicious software is growing steadily. Although automated processes are helping with detection, manual work still needs to be done. Therefore, this course equips the students with the required basic knowledge to analyze Windows-based malware on their own.

Methodology

Practice-oriented lectures with exercises

Learning outcomes

After passing this course successfully students are able to ...

  • describe actions of a Windows executable with the help of analysis tools,
  • disassemble and debug Windows executables,
  • explain relations between x86 disassembly and calls to Windows API functions,
  • detect and bypass anti-analysis methods.

Course contents

  • Overview over static and dynamic analysis tools
  • Crash course about x86 assembly
  • Introduction to Windows internals
  • Excerpt of methods to detect that an analysis is happening

Prerequisites

- Basic knowledge about operating systems (especially Windows) - Fundamental concepts of programming

Literature

  • Bachaalany, E. / Dang, B. / Gazet, A. (2014): Practical Reverse Engineering, Wiley
  • Szor, P. (2005): The Art of Computer Virus Research and Defense, Addison-Wesley
  • Andriesse, D. (2019): Practical Binary Analysis, No Starch Press

Assessment methods

  • Exercises after each lecture block
Risc Analysis (Elective Course) (WF-RAN)
German / ILV, FL
3.00
2.00

Course description

Introduction in Risk Analysis from the view of an Security Expert

Methodology

integrated course (lecture, exercise, discussion, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • implementing a risk analysis based on relevant Standras & Best Practices
  • Identifying risks
  • Analysing risks
  • Evaluation of risks
  • Use of different methodes

Course contents

  • Methods and typical tasks in the area of risk analysis as well as standards & best practices for this

Prerequisites

Risk Management Prozess, Risk Management System, Standards

Literature

  • ISO 27001, ISO 27005, ISO 31000, ONR 4900x
  • Information Security Risk Management, Klipper
  • ISO 31010
  • Risk management as a management task: Implementation in strategic decisions and operational processes, Brühwil

Assessment methods

  • seminar paper
White Hat – Offensive Security 1 (Elective Course) (WF-WH1)
German / ILV, FL
3.00
2.00

Course description

The course provides a basic introduction to the topic of Penetrationtesting of IT systems.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • know the process of a typical penetration test until the phase exploitation
  • perform the different phases of penetration testing
  • find and develop an exploit for simple Buffer Overflows in applications
  • adapt source code of exploits so that they apply for the IT System they are pentesting
  • perform static and dynamic source code analysis of Windows and Linux programs

Course contents

  • Information Gathering
  • Port Scans
  • Buffer Overflows
  • Exploits
  • Reverse engineering

Prerequisites

Basic knowledge in Network technology Good Linux and Windows knowledge Good C skills Python experience is beneficial Basic knowledge of computer architectures

Literature

  • Erickson, J. (2008): Hacking the art of Exploitation, no starch press
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Beggs, R. (2014): Mastering Kali Linux for Advanced penetration testing, packt publishing
  • Widman, G. (2014): Penetration Testing, no starch press
  • Broad, J./ Bindner, A. (2014): Hacking with Kali, Newnes
  • Middleton, B. (2014): Conducting Network Penetration and Espionage in a Global Environment, Auerbach Publications
  • Kim, P. (2014): Hacker Playbook, Secure Planet LLC

Assessment methods

  • Exercise dokumentation

2. Semester

Name ECTS
SWS
Module 10 Selected Topics 2 (MOD10)
German / kMod
6.00
-
Computer Forensics (Elective Course) (WF-FOR)
German / ILV, FL
3.00
2.00

Course description

Cyber ​​attacks on businesses and individuals have increased dramatically in recent years, and the root cause analysis of cyber attacks is often complex and difficult, combining different techniques of digital forensics and incident response. Often these analyzes are therefore not carried out by the companies concerned, since neither technical resources nor know-how exist for them. However, clarification after a successful cyberattack is essential, not least because it now also has legal requirements, e.g. through compliance requirements or the DSGVO (General Data Protection Regulation). This course deals with the fundamentals of digital computer forensics and deals with the subsequent clarification of facts as well as the methodical and systematic evaluation of existing traces of evidence. This course teaches basics that require a "first responder" to perform forensically correct evidence (live and post mortem) without contaminating or destroying digital evidence. In addition, the secured evidence regarding cyber-attack indicators (such as malware infestation) will be examined and evaluated.

Methodology

interactive talk combined with hands-on

Learning outcomes

After passing this course successfully students are able to ...

  • know the basic principles of digital forensics
  • identify IOCs (indicators of compromise)
  • use various tools to perform forensic analysis properly

Course contents

  • Basic principles of digital forensics
  • forensic tools and use cases
  • risks when performing digital forensics and data aquisition
  • how to search for malware

Prerequisites

Because the course is practice-oriented, technical administrators need to be familiar with Windows and Linux. At least the following tasks should be known or have already been carried out: - Create and read a network dump in Wireshark - Knowledge of common network protocols (TCP / UDP / ICMP, HTTP, SMTP, etc.) - Basic knowledge of malware communication methods (Command & Control Servers, P2P Traffic, Covert Channels, etc.) - The willingness to accept unknown challenges and to take on an interesting, but also challenging seminar paper.

Literature

  • https://geschonneck.com/security/forensics/

Assessment methods

  • Seminar work on practice-relevant topics, which are specified in the course
IT Infrastructure Library (ITIL) 2 (Elective Course) (WF-ITIL2)
German / ILV, FL
3.00
2.00

Course description

ITIL is the most relevant framework for IT Service Management. Many companies worldwide rely on ITIL as a source of good practices to improve their capabilities in terms of providing value to their clients in the forms of IT services. This class provides basic insights into the concepts of IT Service Management based on ITIL. Terms and definitions that serve as a cornerstone are introduced and subsequently all relevant processes are discussed – complemented by examples and insights gained from practical experience.

Methodology

Presentation, discussion, examples from the field. Pre- and post-reading of selected books.

Learning outcomes

After passing this course successfully students are able to ...

  • enumerate the different lifecycle phases of ITIL,
  • assign the processes and functions to the corresponding lifecycle phases,
  • illustrate the task sequences and activities necessary to render the processes
  • reproduce the definitions introduced by ITIL
  • elaborate on benefits and feasible risks during the establishment of IT Service Management

Course contents

  • General overview of IT Service Management including the evolution of ITIL and the concept of “adopt and adapt”
  • Introduction into the basic concepts of IT Service Management and the ITIL Life Cycle
  • Discussion of the five core books: Service Strategy, Service Design, Service Transition, Service Operations und Continual Service Improvement

Prerequisites

None - depending on your actual knowledge and prior experience, we will shape the content to best fit your needs.

Literature

  • The official five ITIL core books.
  • Slide Deck (will be provided in Moodle)
  • ITSM Primer (will be provided in Moodle)

Assessment methods

  • Papers on selected elements of ITSM need to be created and turned in.

Anmerkungen

A primer on IT Service Management will be provided in Moodle. This is a mandatory pre-reading exercise in order to have ample time for discussions in class. This course is subsequent to the class held in the last term - the slide deck and all collaterals will be used in both terms.

Identity Management (Elective Course) (WF-IMAN)
German / ILV, FL
3.00
2.00

Course description

The lecture Identity Management deals with the authentication, authentication, authorization and administration of subjects. Due to the increasing number of digital identities, the complexity of the administration is also increasing, making a comprehensive view necessary. The management of identities and permissions consists both organizational and technical procedures and measures. In the course, the theoretical basics are initially explained. Based on this, complex technical and organizational concepts will be developed and discussed.

Methodology

Within the lecture the contents will be worked out and discussed together in the group, similar to a workshop.

Learning outcomes

After passing this course successfully students are able to ...

  • understand the different terms and concepts and to be able to apply them practically.
  • be able to develop solutions for complex scenarios and, if necessary, to implement them technically.

Course contents

  • Basic terms and technical szenarios
  • Technical examples and their challenges
  • practical implementation

Prerequisites

Technical and organizational understanding of IT

Literature

  • Tsolkas, Alexander ; Schmidt, Klaus: Rollen und Berechtigungskonzepte : Identity- und Access-Management im Unternehmen. 2. Aufl.. Berlin Heidelberg New York: Springer-Verlag, 2017.

Assessment methods

  • active cooperation
  • practical implementation
Risk Management in Practice (Elective Course) (WF-RMPR)
German / ILV, FL
3.00
2.00

Course description

The course teaches the attendees how to adapt the methods for information security risk analysis an management into the corporate culture. It further shows how synergies with other corporate management systems can be created.

Methodology

In the four modules the existing risk managent skills will be amended with the soft skills needed to perform successful risk assessment workshops. The students will also create an IT-based tool which can be used to support risk assessment workshops.

Learning outcomes

After passing this course successfully students are able to ...

  • integrate the psychological aspects of risk managements into their risk assessment workshops
  • use other corporate managment systems like processmanagement and architecture management as basis for information risk assessments
  • conduct risk analysis that assure management buy in
  • verify the rate of occurence of threats based on statistical methods

Course contents

  • Psychological aspects of risk perception
  • Informationsecurity risk management as part of corporate governance
  • Statistical basics for the aggregation of risks
  • Design of risk assessment workshops
  • IT-tools for successful and repeatable risk assessments

Prerequisites

.) Knowledge of international standards for riskmanagement .) Knowledge of IT- and threat modelling techniques .) Knowledge of risk analysis and risk reporting techniques

Assessment methods

  • 30% participation in the Modules and transfer exercises
  • 70% term paper
Security Architectures with Firewall Technologies (Elective Course) (WF-SAFWT)
German / ILV, FL
3.00
2.00

Course description

Firewall Basics, firewall topologies, operating modes (Layer 2, Layer3), Network Address Translation, Port Address Translation, Stateful and Deep Packet Inspection, Next Generation Firewall Features, Best Practices in the Design and Planning of Firewall Systems, Market Overview and Comparison, Requirements for firewalls, practical lab assignments such as Site 2 Site and Client VPN

Methodology

Lecure, Labs

Learning outcomes

After passing this course successfully students are able to ...

  • install, operate and explain Next Generation Firewalls and Features
  • implement and evaluate firewall rulesets
  • plan and design firewall systems
  • elevate and elaborate requirements for firewall systems

Course contents

  • theoretical basics of firewalls and topologies
  • Network Address Translation, Port Address Translation
  • planning and design of firewall systems
  • IPSec VPN, SSLVPN, Client VPN
  • security features of Next Generation Firewalls
  • market overview and comparison

Prerequisites

Network Security network protocols, TCP/IP, UDP basic Linux knowledge, command line

Assessment methods

  • practical excercises
  • immanent evaluation
White Hat – Offensive Security 2 (Elective Course) (WF-WH2)
German / ILV, FL
3.00
2.00

Course description

The course provides a basic introduction to the field of IT penetration test systems with focus on the post-exploitation phase.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • perform the different phases of penetration testing
  • assign and use tools for the various phases of penetration testing
  • find and develop an exploit for simple Buffer Overflows in applications
  • adapt source code of exploits so that they apply for the IT System they are pentesting

Course contents

  • Vulnerability Scanner
  • Metasploit
  • Priviledge Escalation
  • DLL Hijacking
  • DLL Injection
  • Application Backdooring
  • Antivirus Evasion

Prerequisites

- White Hat 1 - Network Basics- Linux Basics- C, Python experience is an advantage- Debugger- Basic knowledge in Assembly

Literature

  • Erickson, J. (2008): Hacking the art of Exploitation, no starch press
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Beggs, R. (2014): Mastering Kali Linux for Advanced penetration testing, packt publishing
  • Widman, G. (2014): Penetration Testing, no starch press
  • Broad, J./ Bindner, A. (2014): Hacking with Kali, Newnes
  • Middleton, B. (2014): Conducting Network Penetration and Espionage in a Global Environment, Auerbach Publications
  • Kim, P. (2014): Hacker Playbook, Secure Planet LLC

Assessment methods

  • Exercise dokumentation
Module 6 Applied IT-Security (MOD6)
German / kMod
6.00
-
ICT Architectures (IKT)
German / ILV, FL
3.00
2.00

Course description

Development and implementation of security concepts at an strategic and organisational level. Handling relevant topics, for example: Log management, mobile device management or monitoring.

Methodology

Distance learning: Reading of relevant papers Class: Lecture and discussion of the topics jointly

Learning outcomes

After passing this course successfully students are able to ...

  • recognize and analyze the dangers in the use of information and communication systems.
  • know and use the basic security measures to protect information and communication systems.
  • create concepts for secure it-systems.

Course contents

  • Informationsecuritymanagement
  • holistic security concepts
  • ICT Architectures

Prerequisites

Basic knowledge of security, operational it-business, network engineering, computer science.

Literature

  • Papers of well known institutions regarding security: BSI, NIST, SANS, ISO.

Assessment methods

  • Written test
IT-Governance (ITG)
German / ILV, FL
3.00
2.00

Course description

Structured strategic planning and control of IT means IT governance. Missing strategies and planning do not just cost "money", but can also bring unexpected competitive disadvantages and thus jeopardize the survival of a company. Legal, regulatory and contractual requirements also affect companies (current example: DSGVO), which can be effectively implemented through the use of "governance methods". However, a department / staff unit dealing with this topic does not have to deal exclusively with governance but rather with risk and compliance (GRC) as well. Not only requirements for the GRC will be identified and methods for effective implementation will be taught, but also the basic concepts of control and measurability of processes (KPI management - ICS), information security and risk management.

Methodology

Lecture (frontal and collaborative development of knowledge = cooperation) Practical short exercises during the lectures

Learning outcomes

After passing this course successfully students are able to ...

  • identifying the risks and opportunities IT GRC management systems
  • understand the principles of the IT GRC management system requirements
  • applying methods of implementation using common norms and standards

Course contents

  • Requirements for GRC, CoBIT5, ISO / IEC20000, ISO / IEC2700x, ISO / IEC31000, ICS, key figure management, measurability of processes, Construction of management systems

Prerequisites

No special knowledge required, basic understanding of management systems

Literature

  • IT-GRC-Management – Governance, Risk und Compliance Grundlagen und Anwendungen - Springer Vieweg - Herausgeber Matthias Knoll und Susanne Strahringer, CoBIT5 - ISACA Framework, ISO/IEC31000, ISO/IEC27001, ISO/IEC20000, ISO/IEC27004

Assessment methods

  • Collaboration throughout the lecture period, Written exam
Module 7 Secure Information Systems (MOD7)
German / iMod
6.00
-
Secure Systems Engineering (SECSYS)
German / ILV, FL
3.00
2.00

Course description

The course deals with with software and systems engineering and the security aspects of these processes and technologies. It focusses on "security-by-design" concepts. Next more "classical" secure systems engineering topics it will look at the arising challenges of complex cloud environments as well as threat hunting as a tool for active improvement of complex system-landscapes. operating systems basis as well as their protection. It aims to give an overview both from a defensive as well as an offensive perspective. In addition to classic operating systems, specifics of mobile and newer aspects such as virtualisation are also discussed. Course agenda: 1. Course framework, introduction to systems engineering 2. Software development models in general 3. Security in Development Processes 4. Software Testing & Security Software Testing 5. Secure Systems Engineering in Cloud Environments 6. Threat Hunting und Security in complexe system environments 7. Student presentations 8. Exam About the speakers: Daniel Kroiss (MSc.) works in the InfoSec field since 2014. He is a graduate of FH Technikum Vienna. His professional career first took him into the banking sector as Information Security Officer for ING-DiBa were he was responsible for the overall information security of the bank. He has further been with KPMG since 2016 and works as a technical security consultant helping companies to implement modern security architecture programs. Christian Fruehwirth First touchpoints with IT-Security at the Finnish Army, then 10 Jahre in Stockholm/Helsinki/Moskau in the field of M&A (Mergers & Acquisitions) of technology companies, with focus on IT-Secuity & Fintechs. Later responsible for the international expansion of the Nordcloud Group (one of the largest scandinavian integrationspartner of Amazon Webservices, Google Cloud and Microsoft Azure). Since 2016 Senior Manager at KPMG Austria, responsible for the topics of Managed IT Security Services & Cloud. Excerpts of speaking / lecturing engagments: - Helsinki University of Technology / Aalto University: Topic: Software Business & Venturing, Return on information security investments - Tongji University, Shanghai, Thema: Technology Entrepreneurship - EIT (European Institute of Innovation and Technology): Software Business - TU Wien: Advanced Software Engineering

Methodology

The ILV teaches students through lectures, group work and a final exam. For the purposes of performance assessment, students will work in groups of two to prepare a final presentation in a self-selected topic (from a given list of topics) in self-study, and prepare and present the topic management-suitable. In addition, a final written exam will be carried out in the last LV unit.

Learning outcomes

After passing this course successfully students are able to ...

  • understand basics of software development concepts.
  • understand the integration of security processes in classic and agile software development processes
  • understand concepts and aspects of security testing and how to integrate them into existing development processes
  • understand basics of cloud security engineering
  • understand threat hunting concepts
  • establish SecDevOps concepts

Course contents

  • Security by Design
  • Softwareentwicklungsmodelle
  • Security in Development Processes
  • SDLC
  • SecDevOps
  • Security & Usability Tradeoff
  • Software Testing
  • Security Software Testing
  • Cloud Security Engineering
  • Threat Hunting

Prerequisites

Basics of Information & IT Security. OS fundamentals. Basic experience in software development and programm/scripting languages. Basics in software & systems engineering.

Literature

  • https://www.ecb.europa.eu/pub/pdf/other/ecb.tiber_eu_framework.en.pdf
  • https://www.cl.cam.ac.uk/~rja14/book.html
  • https://csrc.nist.gov/csrc/media/publications/conference-paper/1998/10/08/proceedings-of-the-21st-nissc-1998/documents/early-cs-papers/dod85.pdf
  • https://www.owasp.org/index.php/OWASP_SAMM_Project
  • https://sqrrl.com/media/huntpedia-web-2.pdf

Assessment methods

  • Final exam (must be positive)
  • Student presentation (groups of 2, must be positive)
  • Presentation and exam will be 50% of the final mark (both have to be positive to succesfully pass the ILV)
Web Security (WEBSEC)
German / ILV, FL
3.00
2.00

Course description

The course deals with common web application vulnerabilities as experienced during real-world penetration tests as well as potential countermeasures.

Methodology

Lecture.

Learning outcomes

After passing this course successfully students are able to ...

  • identify security vulnerabilities within Web Applikations according to OWASP Top 10
  • select suitable countermeasures for detected security vulnerabilities

Course contents

  • Why Web Application Security?
  • Web Application Architectures, Attack Surface, Minimalism
  • Session, Authentication and Authorization
  • Input Validation (XSS, SQLi, XEE)
  • HTTP-Header based Security Hardening
  • Other Stuff

Prerequisites

Basic knowledge of web architectures and used protocols (HTTPS); basic knowledge of software programming languages; basic knowledge of cryptographic techniques (no math required).

Literature

  • OWASP Top 10
  • OWASP Testing Guide
  • OWASP Web Application Security Guidance

Assessment methods

  • TBD, potentially multiple-choice Test
Module 8 Project (MOD8)
German / kMod
4.50
-
Project Work 2 (PRJ2)
German / PRJ
4.50
2.00

Course description

In this class, the implementation of the first semesters planned R&D projects in the IT security area is taking place.

Methodology

Project work

Learning outcomes

After passing this course successfully students are able to ...

  • transfer functional requirements into a detailed implementation plan
  • estimate and plan time and resources
  • implement requirements according to plan

Course contents

  • Planning and implementation of R&D projects in teams
  • Maintain a project handbook
  • Detailed specification
  • Time and resource planning
  • Implementation of the requirements according to the plan

Prerequisites

Project work from the first semester. Projects are continued.

Literature

  • Depending on project

Assessment methods

  • Remarks are given as a combination of project results and project management.
Module 9 Information Security Management (MOD9)
German / kMod
7.50
-
Advanced English Communication (AEC)
English / SE
1.50
1.00

Course description

We aim at conveying the language-related criteria and techniques required for leading and participating in discussions and writing a summary on current issues and topics in International Business, Software Development and innovation. The theory and examples of different innovative management concepts will be analysed for the possible implementation in the students' own business environment. Moreover, the course will examine the unique organisational cultures and management concepts that enable innovation.

Methodology

Active participation and discussion .Fulfilment of writing assignments and presentation

Learning outcomes

After passing this course successfully students are able to ...

  • understand the importance of culture to a firm.
  • explain the characteristics of an innovative culture.
  • develop concepts for how an organisation can become more innovative.
  • use of subject specific vocabulary

Course contents

  • Language and techniques for leading a subject related discussion
  • Defining, researching, presenting, and leading a discussion on an appropriate professional topic;
  • Vocabulary work-up based on research sources for the discussion topic
  • Writing a summary of the main facts and arguments pertaining to the discussion topic
  • Schumpeter's concept of creative destruction / Schien's theory of leadership / Cameron and Quinn's model for diagnosing organisational culture
  • Case studies: Innovative businesses, e.g. Google, Apple, Toyota

Prerequisites

Common European Framework of Reference for Languages Level B2

Literature

  • Lecturer Handouts

Assessment methods

  • Course immanent assessment method, i.e. active participation in class activities and timely completion of assignments
IT Law (ITR)
German / VO
1.50
1.00

Course description

Teaching of information concerning society relevant legislations.

Methodology

Lecture and Discussions

Learning outcomes

After passing this course successfully students are able to ...

  • Understanding of applicable law.

Course contents

  • General laws and regulations / ABGB, ECG, FAGG
  • Data protection law (GDPR)
  • IP & Domain-Rights
  • telecommunicationslaw
  • NIS directive and NIS-law

Prerequisites

Basic knowledge in the field of law

Literature

  • Charts and lecture notes

Assessment methods

  • Exam
Information Security Management (ISM)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of information security so that in terms of learning projects applying relevant remuneration are discussed. In addition, in-depth knowledge is provided, which serve to design information security as an interdisciplinary task in the context of security-relevant processes to plan, to do, to check and to improve (act).

Learning outcomes

After passing this course successfully students are able to ...

  • essential security risks in the use of information and communication systems and the fundamental security mechanisms to describe,
  • methods to describe the assessment of security risks and to explain the use,
  • the project even and consistent process approach in risk and security analysis to describe and explain the implementation,
  • the principles of information security and data protection target groups and to describe specific,
  • the organizational integration, the responsibilities and quality assurance groups to describe and explain the measures to implement

Course contents

  • Identification of differences in the characteristics, requirements and specification of the frameworks:
  • Austrian Information Security Manual,
  • Germany Federal Office for Information Security – Baseline Protection Manual,
  • ISO / IEC 27001 - "Information Technology - Security Techniques - Information Security Management System"
  • Control Objectives for Information and related Technology (COBIT)
  • Payment Card Industry Data Security Standard (PCI DSS)Identification of the interface and the applications with the frameworks:
  • ISO / IEC 2000 - "Information Technology - Service Management"
  • ISO 31000 - "Enterprise Risk Management"
  • ONR 49000 standard series "Risk management for organizations and systems“In the exercises, the emphasis is on hands-on training using:
  • the correct choice of procedure for the creation of an information security plan, taking into account the possible frame work,
  • the creation of information security guidelines,
  • the development of an appropriate organizational concept,
  • creating a catalog of measures for the implementation of information securitya practical case study as part of guided small projects.

Prerequisites

Theoretical and practical basic knowledge of computer science and of frameworks for information security management (equivalent knowledge - LV 1 SIS). Ability to recognize complex structures and to analyze, identify identical issues in different contexts and to look holistically. Knowledge of project and process management are desirable (but not essential). In addition, basic knowledge of the ISO / OSI network architecture and TCP / IP protocols used are provided.

Literature

  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, Springer 978-3-658-12004-7
  • Heinrich KerstenKlaus-Dieter Wolfenstetter: Der IT Security Manager, Springer 978-3-8348-8287-5
  • Karlheinz H. W. Thies: Management operationaler IT- und Prozess-Risiken, Springer 978-3-540-69007-8
  • Elizaveta Kozlova: Governance der individuellen Datenverarbeitung, Springer 978-3-8348-2399-1

Assessment methods

  • moodle tests: 60%seminar thesis: 25% (weighting: 0.7 quality and elaboration or style: 0.3)presentations: 15% (the weighting in the presentation: 0.7 quality and elaboration or style: 0.3)denomination: up 50.0% = 5, to 62.5% = 4, to 75.0% = 3, up 87.5% = 2 to 100% = 1
Project Management 2 (PM2)
German / ILV
1.50
1.00

Course description

This advanced training course is based on PMI standard, focuses on the process groups ‘Execution’, ‘Monitoring and Controlling’ and shows additional aspects of project management for engineers. In addition, special topics, such as reviews and documentation in projects are addressed. The course concentrates on project management for technical, consulting and research projects

Methodology

Lecture, Practice, Presentations, Case studies

Learning outcomes

After passing this course successfully students are able to ...

  • plan projects considering risks and costs.
  • define the quality of projects
  • plan and implement reviews in projects.
  • write documentation in projects and adapt it to the project context.
  • define and work with adequate controlling tools in projects
  • execute project close down and knowledge transfer

Course contents

  • Project management from view of the project controlling:
  • Project CANVAS
  • risk, quality and cost management in projects
  • monitoring and reviews in project
  • reporting and documentation in agile projects
  • Controlling-Tools in projects (Score Card and Earned Value)
  • Project Close Down and Knowledge Management

Prerequisites

Projectmanagement 1 from the first semester

Literature

  • Jakoby, W. (2015): Projektmanagement für Ingenieure, 3. Auflage, Springer Verlag
  • PMBOK (2017) - A Guide to the Project Management Body of Knowledge (PMBOK® Guide) - 6th Edition

Assessment methods

  • Project CANVAS
  • Elaboration on topics out of Project CANVAS
  • Preparation of an integrative project status report
  • refleciton on all PM topics of the two semesters

3. Semester

Name ECTS
SWS
Module 11 Information Security Organization (MOD11)
German / kMod
9.00
-
Business Continuity & Desaster Recovery (BCDR)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of business continuity & Disaster recovery so that in terms of learning projects applying relevant remuneration are discussed. In addition, in-depth knowledge is provided, which serve to design business continuity & Disaster recovery as an interdisciplinary task in the context of security-relevant processes to plan, to do, to check and to improve (act).

Methodology

Work in groups on course-relevant areas.

Learning outcomes

After passing this course successfully students are able to ...

  • describe the essential use of business continuity planning and disaster recovery planning and the basic mechanisms,
  • explain the used methods to describe the assessment of business continuity planning & disaexplain the used methods to describe the assessment of business continuity planning & disaster recovery planning,ster recovery planning,
  • describe and explain the implementation of the project even and consistent process approach of business continuity planning & disaster recovery planning,
  • describe specific principles of the business continuity planning & disaster recovery planning target groups,
  • describe and explain the measures to implement the organizational integration, the responsibilities and quality assurance groups

Course contents

  • Identification of differences in the characteristics, requirements and specifications in terms of business continuity planning and disaster recovery planning in the frameworks:
  • Austrian Information Security Manual,
  • Germany Federal Office for Information Security – Baseline Protection Manual,
  • ISO / IEC 27001 - "Information Technology - Security Techniques - Information Security Management System"
  • Control Objectives for Information and related Technology (COBIT)
  • Payment Card Industry Data Security Standard (PCI DSS)Identification of the interface as well as the possibilities in terms of business continuity planning and disaster recovery planning in the frameworks:
  • ISO / IEC 2000 - "Information Technology - Service Management"
  • ISO 31000 - "Enterprise Risk Management"
  • ONR 49000 standard series "Risk management for organizations and systems“In the exercises, the emphasis is on hands-on training using:
  • the correct selection of the procedure for creating a business continuity plan and disaster recovery plan, taking into account the possible frame work,
  • creating a training concept for a business continuity plan and disaster recovery plan
  • performing an exercise for a business continuity plan and disaster recovery plan
  • ONR CEN / TS 17091 - Crisis Management - Strategic Principles

Prerequisites

Theoretical basic knowledge of risk management and of frameworks for information security management (equivalent knowledge - LV 2 ISM). Ability to recognize complex structures and to analyze, identify identical issues in different contexts and to look holistically. Knowledge of project and process management.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Müller Klaus-Rainer: Handbuch Unternehmenssicherheit - Umfassendes Sicherheits-, Kontinuitäts- und Risiko-management mit System, 2. Auflage, Springer Vieweg, 2010, ISBN 978-3-8348-9772-5
  • Müller Klaus-Rainer: IT-Sicherheit mit System - Integratives IT-Sicherheits-, Kontinuitäts- und Risikomanagement - Sichere Anwendungen - Standards und Practices, 5. Auflage, Springer Vieweg, 2014, ISBN 978-3-658-04334-6

Assessment methods

  • Assessment of documentation and performance in the practical exercise
Integrated Management Systems & Audit (IMA)
German / ILV, FL
3.00
2.00

Course description

Introduction to the topics of integrated management systems and the execution of audits.

Methodology

Presentation, Group Work, Project Work, Discussions

Learning outcomes

After passing this course successfully students are able to ...

  • implement effective process management & process control in their companies
  • to assess risks and opportunities in the context of the organization
  • to interpret the structure and requirements of ISO standards and to apply them in operational practice (focus on ISO 9001)
  • to assess compliance with standard requirements and operational requirements by performing internal and external audits

Course contents

  • Types of management systems and interbranch management systems
  • Requirements of the Interested Parties / Context of the Organization
  • High Level Structure of ISO Standards
  • Benefits aspects of management systems
  • Advantages of Integrated Management Systems
  • Process Management & Process Control
  • Organizational structure and process oriented organisation
  • Function-oriented organization vs. Process-oriented organization
  • Nature and benefits of process orientation
  • Introduction Qualitymanagement ISO 9001:2015
  • Execution of Audits according ISO 19011
  • Types of Audits and certifications
  • Legal Compliance

Prerequisites

None advantageous: - Basic knowledge in process management - Basic knowledge of international standardization and standards - Basic knowledge of Audit execution

Literature

  • Standard ISO 9001:2015
  • PRAXISBUCH ISO 9001:2015 -Anni Koubek - ISBN 978-3-446-44523-9 –E-Book ISBN 978-3-446-45040-0
  • Einführung in das Management von Geschäftsprozessen - Susanne Koch – ISBN 978-3-642-01120-7 e-ISBN 978-3-642-01121-4

Assessment methods

  • Course immanent assessment method, project thesis, project presentation, written examination
Module 12 Cyber Security (MOD12)
German / kMod
6.00
-
Current Topics in Security & Privacy (AIS)
German / ILV, FL
3.00
2.00

Course description

The course provides a brief theoretical overview of privacy or account privacy enhancing technologies (PETS) and allows students to experiment with different system and evaluate them.

Methodology

Lectures, presentations, assignments, exam

Learning outcomes

After passing this course successfully students are able to ...

  • Evaluate different privacy and crypto tools such as OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger
  • explain, use and configure concepts to provide anonymity (Onion Routing, Mixing, ...) in the internet
  • understand and use new technologies and systems for secure communication on the transport layer (TLS 1.3, HSTS, Certificate transparency)

Course contents

  • Online Privacy
  • Online anonymity systems (e.g., Tor)
  • Current trends in the TLS ecosystem
  • Secure messaging
  • Crypto tools (OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger)
  • Tracking, Fingerprinting, Censorship

Prerequisites

Basic algebra (high school level)- Fundamental programming skills- Basic experience in system administration / Linux.

Literature

  • Current research articles will be provided by the lecturer.

Assessment methods

  • Written final exam
  • Written assignment and documentation of practical work
  • Presentations
Cyber Security Defense (CSD)
German / ILV, FL
3.00
2.00

Course description

This lecture will conncet the dots between the topics already learned in secure operating, software and network engineering, and modern cyber threats. We will explore different approaches to creating a security posture in an organisation and how to react to emerging threats.

Methodology

Lecture & Discussion

Learning outcomes

After passing this course successfully students are able to ...

  • Evaluate threats to systems
  • Implement countermeasures in an organized security effort
  • Implement Defense-In-Depth in an organization

Course contents

  • Attack Vectors
  • Defense Methods
  • Security Operations
  • Security Engineering

Prerequisites

Methodologies taught in Secure Systems Engineering, Secure Networks, Secure Operating Systems

Literature

  • https://www.mitre.org/sites/default/files/publications/pr-13-1028-mitre-10-strategies-cyber-ops-center.pdf
  • Brotherston, L. and Berlin, A., 2017. Defensive security handbook: best practices for securing infrastructure. " O'Reilly Media, Inc.".
  • Gilman, E. and Barth, D., 2017. Zero Trust Networks. O'Reilly Media, Incorporated.
  • TBD

Assessment methods

  • 50% individual work
  • 50% final exam
Cyber Security Threats (CST)
German / ILV, FL
3.00
2.00

Course description

This course provides an overview of selected threats on IT security and conveys a sense about methods of threat actors to the students.

Methodology

self-study, lecture, paper about a topic of choice (from a catalogue), written exam

Learning outcomes

After passing this course successfully students are able to ...

  • Name and describe selected attack methods
  • Classify attack methods within the Cyber Kill Chain (R)
  • Identify possible attack chains in IT environments

Course contents

  • Cyber Kill Chain (R), Unified Kill Chain
  • Breakdown of cyber attacks
  • Advanced Persistent Threats (APT)
  • Tools, Techniques and Procedures (TTP) of attackers

Prerequisites

Basics in IT security Basics in operating systems management (Windows/Linux) Basics networking technology

Literature

  • Case-related articles and documents will be provided by the lecturer.

Assessment methods

  • Paper to a topic of choice (from a catalogue)
  • Written exam
Module 13 Specialization (MOD13)
German / iMod
9.00
-
Scientific Work (WA)
German / ILV
1.50
1.00

Course description

Scientific working

Methodology

Workshop, Presentations, Review

Learning outcomes

After passing this course successfully students are able to ...

  • autonomously write a scientific paper/thesis at master level, adhere to the code of ethics, and to deliberate this process.
  • review a different scientific paper/thesis. .
  • present a scientific paper/thesis.

Course contents

  • Scientific working techniques and literature research
  • Writing: Structure, State of the art, Related work, Reproducible proof of concept.
  • Writer’s block and writing techniques
  • Peer Review
  • Effective short presentations

Prerequisites

Bachelor Thesis

Literature

  • Justin Zobel (2009): Writing for Computer Science, Springer.
  • Brigitte Pyerin (2014): Kreatives wissenschaftliches Schreiben, Beltz Juventa.
  • articles and relevant web sites.

Assessment methods

  • Peer review of another master thesis
Specialization (SPEC)
German / PRJ
7.50
1.50
Module 14 Selected Topics 3 (MOD14)
German / kMod
6.00
-
Cloud Security (Elective Course) (WF-CLSE)
German / ILV, FL
3.00
2.00

Course description

In the course of this lecture, we will intensively discuss security and privacy aspects of cloud computing. After an introduction to cloud architectures and use cases in practice, we will cover the following topics:- Common cloud architectures- Data security- Privacy- Infrastructure Security- Access control and authenticationIntrusion detection and forensics

Learning outcomes

After passing this course successfully students are able to ...

  • explain security and privacy aspects of cloud computing
  • evaluate cloud providers and architectures with respect to security and privacy aspects
  • develop cloud migration strategies
  • develop access control concepts in cloud-based systems
  • evaluate data administration aspects in clouds

Course contents

  • Cloud Computing Basics
  • Cloud Architectures
  • Use cases in practice
  • Security risks and attacks
  • Data security and privacy aspects of cloud computing
  • Access control and authentication in cloud-based systems
  • Intrusion detection and cloud forensics

Prerequisites

Basics in information security and network security

Literature

  • Christian Metzger, Thorsten Reitz, Juan Villar. (2011): Cloud Computing: Chancen und Risiken aus technischer und unternehmerischer Sicht, Hanser
  • Tim Mather, Subra Kumaraswamy, Shahed Latif. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) (O'Reilly Media)

Assessment methods

  • Short essay about the role playe in the first lecture,
  • lab report about the measurements in the third lecture
  • Written exam in the last lecture, open questions
Incident Response (Elective Course) (WF-INRE)
German / ILV, FL
3.00
2.00
Information Security Operations Center (SOC/SIEM) (Elective Course) (WF-ISOC)
German / ILV, FL
3.00
2.00
Security Audit (Elective Course) (WF-SA)
German / ILV, FL
3.00
2.00

Course description

Introduction to security audits from the perspective of auditors

Methodology

integrated course (lecture, exercise, discussion, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • Implement and continuously improve audits in organizations using relevant standards & best practices
  • Create and / or put into practice audit plans and audit programs as well as audit reports

Course contents

  • Planning of Audits
  • Conducting Audits
  • Best practices
  • Audit-Standards
  • Ethical principles in the conduct of audits

Prerequisites

Basic knowledge information security & information security management, basic knowledge international standardization and standardization (ISO, ...), independent thinking and acting

Literature

  • ISO 19011, audits of management systems
  • tbd

Assessment methods

  • seminar paper
Web Application Security (Elective Course) (WF-WEB)
German / ILV, FL
3.00
2.00

Course description

This course imparts practical and theoretical knowledge about Security in Web-Applications (HTTP/S). The student learn how hackers work when they attack Applications and how they can protect them.

Methodology

Integrated course

Learning outcomes

After passing this course successfully students are able to ...

  • Testing Web-Applications pertaining to secure itImproving the securtiy of Web-Applications

Course contents

  • Cross Side Scripting (XSS)SQL-InjectionRCECSRFLFI/RCEXXE

Prerequisites

HTTPHTMLJavaScriptSQLScriptlanguages (PHP is beneficial)

Literature

  • PHP-Sicherheit (ISBN: 3-89864-369-7)

Assessment methods

  • ExercisesCollaboration

Anmerkungen

Blockveranstaltung

White Hat – Offensive Security 3 (Elective Course) (WF-WH3)
German / ILV, FL
3.00
2.00

Course description

The course provides advanced topics of Penetrationtesting of IT systems.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • exploit more complex BOF
  • evade the countermeasure Data Execution Prevention (DEP)
  • use Egghunter to find their own shellcode placed somewhere in the memory

Course contents

  • Return Orientated Programing
  • Fuzzing
  • Egghunter
  • Return Orientated Programing
  • AV Bypassing

Prerequisites

WHH1&2

Literature

  • Kim, P. (2015): Hacker Playbook 2, Secure Planet LLC
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Eagle, C. (2015): The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, No Starch Press

Assessment methods

  • Exercise dokumentation

4. Semester

Name ECTS
SWS
Module 15 Personal Skills 3 (MOD15)
German / kMod
3.00
-
Communication in IT-Projects (KITP)
German / SE
1.50
1.00

Course description

The course imparts the participants basics about the efficient communication and cooperation of IT-experts and non-experts / customers in IT-projects.

Methodology

Workshop: theory inputs, group work, practice, reflections, discussions, video analysis and feedback

Learning outcomes

After passing this course successfully students are able to ...

  • prepare the process and conclusion of a specific conversation with non-experts (for example Harvard principled negotiation) and to implement a close to reality goal-and partner oriented conversation.
  • describe possibilities for establishing contacts with conversation partners and appropriate conversation accesses and to apply them exemplarily.
  • analyse others and own interests, motives, resistance and objections in IT-specific conversations and to describe constructive behaviour patterns.

Course contents

  • Negotiation strategies (e.g. Harvard-Concept)
  • Goal-, partner- and resources-oriented conversation techniques (verbal and nonverbal)
  • Coping with resistance and objections
  • Psychology of persuasion
  • Impact of the own conversational behavior

Literature

  • Cialdini, Robert B. (2007): Die Psychologie des Überzeugens, Bern: Verlag Hans Huber
  • Dieken, Connie (2009): Talk Less, Say More: Three Habits to Influence Others and Make Things Happen, Wiley & Sons 10/2009
  • Fisher, R./Ury, W./Patton, B. (2009): Das Harvard-Konzept. Klassiker der Verhandlungstechnik, Frankfurt/Main: Campus Verlag
  • Goulston, Mark/ Ferrazzi, Keith (2009): Just Listen: Discover the Secret to Getting Through to Absolutely Anyone, Amacom Books
  • Vigenschow, Uwe/Schneider, Björn/Meyrose, Ines (2009): Soft Skills für Softwareentwickler: Fragetechniken, Konfliktmanagement, Kommunikationstypen und -modelle, Dpunkt Verlag

Assessment methods

  • continuous assessment
Scientific Writing (SW)
English / SE
1.50
1.00

Course description

The focus of the course is an overview of academic language and formal criteria required for writing and presenting a conference paper, and writing an abstract.

Methodology

Teaching methods will be used to give the students opportunities to improve and refine their written language skills. Mini- lectures will be used for input on writing techniques and use of language. However, students will also be given in-class activities to actively engage in using the language in order to enhance language awareness and sensitivity. These activities may include pair activities, group activities, etc. Students will be encouraged to approach written language analytically and critically, for example by giving constructive feedback after in-class writing activities, comparing and analyzing texts, etc. Students will be encouraged to use appropriate language when presenting.

Learning outcomes

After passing this course successfully students are able to ...

  • structure a conference paper according to the formal criteria given
  • write a conference paper according to the language related criteria given
  • write an abstract according to the formal criteria given
  • write an abstract according to the language related criteria given
  • present a conference paper

Course contents

  • The role, content, structure, and style of a conference paper
  • The role, content, style and types of scientific abstracts
  • Language-related criteria of a conference paper and an abstract
  • Writing a conference paper and abstract
  • Presenting a conference paper

Prerequisites

Completion of previous semester courses

Literature

  • Göschka, M. et al (2014) Guidelines for Scientific Writing, Skriptum Additional current handouts

Assessment methods

  • Active participation in class activities and timely completion of assignments
Module 16 Master Thesis (MOD16)
German / iMod
27.00
-
Master's Thesis (MT)
German / SO
24.00
0.00

Course description

Scientific work based on relevant topic and writing of Master’s thesis.

Learning outcomes

After passing this course successfully students are able to ...

  • formulate a scientific question for a subject-specific topic
  • apply scientific methods to the research question
  • write a research paper (Master’s thesis)

Course contents

  • Writing the master thesis

Prerequisites

- Master seminar- All relevant topic of the course program

Literature

  • depends on topic

Assessment methods

  • Master Thesis
Master's Thesis Seminar (MTS)
German / SE
3.00
1.00

Course description

Preparing and discussing in-depth topics of the Master Thesis

Learning outcomes

After passing this course successfully students are able to ...

  • reflect and improve the Master thesis

Course contents

  • Preparing and discussing in-depth topics of the Master Thesis

Prerequisites

Scientific work

Literature

  • depends on topic

Assessment methods

  • Course immanent assessment method