Information Management and IT Security: Curriculum

1. Semester

Name ECTS
SWS
Module 1 IT-Security Technical Basics (MOD1)
German / kMod
9.00
-
Cyber Security Threats (CST)
German / ILV, FL
3.00
2.00

Course description

The course provides basic knowledge about common Cyber attacks, their impact on businesses and individuals and explains how these attacks can be mitigated or their impact can be reduced.

Methodology

Integrated course. Combination of eLearning, self organized learning and execises (Seminararbeit)

Learning outcomes

After passing this course successfully students are able to ...

  • Be able to identify the most common cyber-attack vectors
  • To characterize this in terms of type of attack vector, success and impact on a company
  • To describe effective protective measures in the fields of perimeter and network security, client / server security for defeating or weakening cyber-attacks
  • prioritize security countermeasures with regard to cost/benefit.
  • Learn about the importance of security awareness

Course contents

  • Attack and attack types (Drive-By Attacks, APT (Advanced Threats persistence), exploits, spear phishing, Watering Hole Attacks, Fast Flux networks, denial of service attacks) Malware and malware types (malware, spyware, rootkits, Internet Worms) Mitigation techniques (perimeter security by suitable Next Generation / UTM firewalls and client / server protection software) OS and Application Hardening (emphasis on client / office applications) Learn about the benefit of using the CVSS (Common Vulnerability Scoring System) Cyber Crime and Cyber War, construction, structure and operations of Cyber Gear Early detection of some attack vectors (for example, drive-by downloads) Security Awareness

Prerequisites

Basic understanding to client / server applications Networking basics (TCP / IP and Internet protocols such as HTTP, HTTPS, FTP ...) Basic understanding of Web applications and Client Side Applications Basic understanding of operating systems (Windows, Linux) Experience in the administration of IT systems (client / servers / firewalls) is advantageous but not mandatory

Literature

  • Daniel W. Dieterle, “Basic Security Testing with Kali Linux”, ISBN-10: 1494861275, ISBN-13: 978-1494861278
  • Greg Hoglund, Jamie Buttler, “Rootkits: Subverting the Windows Kernel”, ISBN-10: 0321294319, ISBN-13: 978-0321294319
  • Microsoft Corporation, „Own your Space“, Linda McCarthy, Denise Weldon-Siviy, ISBN 978-0-615-37366-9, online kostenlos als PDF eBook zum Download unter https://www.microsoft.com/en-us/download/confirmation.aspx?id=1522
  • RISKS Forum (moderated by Peter G. Neumann), online unter http://catless.ncl.ac.uk/Risks/
  • Rick Lehtinen, Computer Security Basics, 2nd Ed.O’Reilly, ISBN-10: 0596006691, ISBN-13: 978-0596006693,
  • SANS, Critical Security Controls for Effective Cyber Security, Online unter http://www.sans.org/critical-security-controls/
  • Szor Peter, “The Art of Computer Virus Research and Defense”, ISBN-10: 0321304543, ISBN-13: 978-0321304544,
  • Additional Literatur will be provided in the CIS download area on demand

Assessment methods

  • Final exam in the form of a (group) seminar paper
IT Security (ITS)
German / ILV, FL
6.00
4.00

Course description

Tour across the fundamentals of IT-security for the purpose of repetition and consolidation: crypto methods, authentication, access control, network/internet security, software, software security, malware.

Learning outcomes

After passing this course successfully students are able to ...

  • differentiate and to characterize cryptographic methods in reference to the basic information security attributes.
  • distinguish and evaluate mechanisms, concepts and models of access control in consideration of identification, authentication and rights management (also in distributed environments).
  • identify requirements of communication security (networks, services, distributed systems) and to describe needed methods and protocols.
  • characterize software security and categorize common vulnerabilities, threats resp. malware.

Course contents

  • Consolidation of crypto methods:
  • symmetric vs. asymmetric algorithms
  • signatures
  • authenticity
  • key-management and -infrastructuresAccess control:
  • identification and authentification
  • AAA-systems in distributed environments
  • single sign on
  • autorisation and rights-management
  • security concepts and models
  • trusted computing
  • firewalls and idsNetwork security:
  • categorisation
  • OSI-security architecture
  • security problems of TCP/IP
  • tunneling-protocols (L2TP, IPsec/IKE, TLS)
  • mechanisms and applications (SSH, S/MIME, PGP)
  • wlan-security
  • security issues of internet services and web-applicationsActual threats:
  • secure programming
  • malware
  • actual reports

Prerequisites

Fundamentals of computer science, Cryptography and information theory, Operating Systems, Computer Networks, Distributed Systems

Literature

  • Stallings, William: Computer Security – Principles & Practice, Pearson, 3/E, ISBN: 9781292066172

Assessment methods

  • Course immanent assessment, presentation and end exam
Module 2 Security Management Basics (MOD2)
German / kMod
6.00
-
IT Processes (INFM)
German / ILV, FL
3.00
2.00

Course description

Explanation of basic ideas, concepts and impact of information processes; influence on as well as relation to information, process and knowledge management; security-related issues regarding the "regular" usage of information

Methodology

Pre-readings, case-studies, tasks and discussions in workgroups, homework

Learning outcomes

After passing this course successfully students are able to ...

  • formulate and motivate requirements for information processes – based on an understanding of information processes being the essential foundation of any operational management
  • identify the interrelations of information and security management and to deduce essential principles for a secure information management from that.

Course contents

  • Information processes as basics of every organisational action
  • Information management model
  • Process management
  • Basic processes needed for knowledge management
  • Necessary changes of classic information processes provoked by Web 2.0
  • IT-Strategy
  • Basics of IT-Governance & IT-Controlling

Prerequisites

Basic ICT knowledge

Literature

  • Krcmar, Helmut: Einführung in das Informationsmanagement, Springer Gabler
  • Laudon, Kenneth C. / Laudon, Jane P. / Schoder, Detlef: Wirtschaftsinformatik: Eine Einführung, Addison-Wesley-Verlag,
  • Additional readings will be provided

Assessment methods

  • reading-tests, homework and end exam
Risk Management & Policies (RMP)
German / ILV, FL
3.00
2.00

Course description

Introduction into the topics (IT) risk management & policies from the perspective of a security professional

Methodology

integrated course (lecture, exercises, discussions, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • Implement and continually improve (IT) Risk Management in organizations/institutions with the aid of relevant standards and best practices
  • Create and operate effective (security) policies within an organization

Course contents

  • Risk Management Process
  • Risk Management System
  • (Security) Policies
  • Standards, Policies & Best Practices

Prerequisites

Information security & information security management basics, standardization (ISO) fundamentals, self-responsibility

Literature

  • ISO 27001:2013
  • ISO 31000:2009
  • ONR 4900x:2014
  • Information Security Risk Management, Klipper
  • Risikomanagement als Führungsaufgabe: Umsetzung bei strategischen Entscheidungen und operationellen Prozessen, Brühwiler

Assessment methods

  • term paper, written exam
Module 3 Architecture & Design (MOD3)
German / kMod
4.50
-
Project Work 1 (PRJ1)
German / PRJ
1.50
1.00

Course description

Planning and implementation of simple R&D projects in small teams. In the first part a state of the art analysis is done and application scenarios and functional requirements are defined.

Methodology

Project work

Learning outcomes

After passing this course successfully students are able to ...

  • do a state of the art and a market analysis based on the problem description
  • define application scenarios and functional requirements for the project
  • elaborate vision, description, goals and project environment as part of a first version of the project handbook
  • write a simple scientific paper based on the first results

Course contents

  • Planning and implementation of R&D projects in teams
  • Maintain a project handbook
  • State of the art analysis (scientific, technical)
  • Market analysis
  • Definition of application scenarios
  • Definition of functional requirements

Prerequisites

Depends on project

Literature

  • Depends on project

Assessment methods

  • Remarks are given as a combination of project results and project management.
Security Structures (SIS)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of information security so that in terms of learning projects applying relevant remuneration are discussed. In addition, basic knowledge is provided, which serve to identify information security as an interdisciplinary task in the context of security-relevant processes.

Learning outcomes

After passing this course successfully students are able to ...

  • nominate essential security risks in the use of information and communication systems and the fundamental security mechanisms
  • describe the common methods for risk and security analysis
  • nominate the basic principles of information security and data protection

Course contents

  • Information Security Managment: - Overview and Objectives
  • Nationale und internationale frameworks for innformation security management: - Austrian Information Security Manual, - Germany Federal Office for Information Security – Baseline Protection Manual, - ISO/IEC 2700n – „Information Technology – Security Techniques – Information Security Management Systems – Series“, - ISO/IEC 2000 – „Information Technology – Service Management“, - ISO 31000 – „Enterprise Risk Management“, - USA National Institute of Standards and Technology – NIST 800-30 Risk Management, ENISA Risk Management, - Menaces Informatiques & Pratiques de Sécurité Glossaire des menaces – MEHARI, - The Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) - Carnegie Mellon University - Payment Card Industry Data Security Standard (PCI-DSS) - In the exercises, the emphasis is on hands-on training using practical case studies in the context of guided small projects.

Prerequisites

Theoretical and practical basic knowledge of computer science especially knowledge of the ISO / OSI network architecture and TCP / IP protocols. Knowledge of project and process management.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Kriha Walter, Schmitz Roland: Internet-Security aus Software-Sicht - Grundlagen der Software-Erstellung für sicher-heits¬kritische Bereiche, Springer, 2009, ISBN 978-3-540-68906-5

Assessment methods

  • Course immanent assessment method in the learning projects with presentations and written partial / final exam.
Module 4 Selected Topics 1 (MOD4)
German / kMod
6.00
-
Computer Forensics (Elective Course) (WF7)
German / ILV, FL
3.00
2.00

Course description

The computer forensic discipline deals with preservation and analysis of a large variety of digital evidence and where they potentially can be found.Content:- Digital forensics foundation- Technical and legal challenges - Preserving evidence quality and significance- Expert witnesses and legal experts requirements- Evidence preservation and analytics- e-discovery

Methodology

Dialog-led presentation interspersed with group work and live demonstrations.

Learning outcomes

After passing this course successfully students are able to ...

  • describe challenges and constraints
  • apply forensic best practices
  • use essential elements for an efficiently cooperation with legal professionals
  • apply appropriate methods to preserve volatile evidence
  • integrate the forensic knowledge into corporate incident response processes

Course contents

  • real forensic cases
  • requirements of legal professionals
  • expert witness approach
  • evidence preservation
  • forensic investigation and the incident response process
  • systematic work in computer forensics
  • forensic investigation
  • case management
  • e-Discovery

Prerequisites

Desirable but not mandatory:- Knowledge of Windows operating system- mobile devices and operating systems- Linux administration

Literature

  • Listed in the Moddle lecture system

Assessment methods

  • continuous assessment of classroom participation
  • oral examination after course completion
  • optional lab challenges depending on number of enrolled students

Anmerkungen

notebooks required

Introduction to Quantum Cryptography (Elective Course) (WF9)
German / ILV, FL
3.00
2.00

Course description

Introduction to quantum cryptography:Basic concepts of quantum mechanics will be learned to understand different quantum cryptography protocols.

Methodology

Lecture with slides and whiteboard.script, literature and onlinetools for self-studying.

Learning outcomes

After passing this course successfully students are able to ...

  • analyse quantum cryptography and its application
  • apply basic concepts of quantum mechanics, like Entanglement, superposition, and the wavefunction in the context of quantum cryptopgraphy.
  • explain the difference between BB84-protocol and the Ekert-protocol
  • classify market-readly solutions, their functionality and efficiency.

Course contents

  • Introduction to quantummechanical methods.
  • concept: state, interference, entanglement
  • protocols of quantum cryptography

Prerequisites

Cryptography

Assessment methods

  • End exam
Requirements Engineering (Elective Course) (WF8)
German / ILV, FL
3.00
2.00

Course description

Requirements engineering is the first step in a systematic and structured systems development.It defines the scope of the project and provides a common basis for communication between all disciplines involved in the project.Preparation for the IREB CPRE Foundation Level.

Methodology

Lecture with discussion and practical examples, blended learning tasks

Learning outcomes

After passing this course successfully students are able to ...

  • systematically record, document, evaluate and maintain requirements for products / systems / projects.
  • use requirements engineering for quality assurance in projects.

Course contents

  • Introduction and foundations
  • System and System Context
  • Requirements Elicitation
  • Requirements Documentation
  • Documentation of Requirements using Natural Language
  • Model-based Documentation of Requirements
  • Requirements validation and negotiation
  • Requirements Management
  • Tool Support

Prerequisites

Basic knowledge in projectmanagement and object-oriented development

Literature

  • Klaus Pohl & Chris Rupp: Fundamentals in Requirements Engineering; dpunkt.verlag

Assessment methods

  • Case Studies, oral examination
Security Architectures with Firewall Technologies (Elective Course) (WF3)
German / ILV, FL
3.00
2.00

Course description

Introduction to firewall techniques and architectures.

Methodology

Lectures, exercises, final exam

Learning outcomes

After passing this course successfully students are able to ...

  • explain basics of firewall infrastructures
  • design and plan a secure network
  • characterize the difference between open source and professional firewalls
  • explain and practically implement VPN
  • technically describe and use encryption technologies
  • describe challenges of secure cloud computing

Course contents

  • Firewall architectures, NAT, IPSec, VPN, Opensource Firewalls (IPTables, …)Professional Firewalls, IPS, Traffic Analysis, Traffic Control, Cloud vs. Virtual vs. Physical Firewalls

Prerequisites

ISO/OSI-ModellTCP/IP

Literature

  • Linux-Firewalls - Sicherheit für Linux-Server und -Netzwerke mit IPv4 und IPv6Linux Firewalls (3rd Edition) 3rd (third)

Assessment methods

  • Course immanent assessment method, answering questionnaire and working on use-cases.
Security in Mobile Networks and Smartphone Apps (Elective Course) (WF10)
German / ILV, FL
3.00
2.00

Course description

This course discusses security aspects of Mobile Applications by looking at both, networks (Mobile Networks) and end devices (Smartphones and Apps).

Learning outcomes

After passing this course successfully students are able to ...

  • describe possible attacks on mobile cellular networks and related protocols and transmission standards.
  • describe the security architectures of the currently most relevant mobile platforms.
  • implement Best Practice techniques for the Android platform to write applications as secure as possible.
  • analyze examples of mobile Malware on Smartphone Platforms by using Reverse Engineering Tools.

Course contents

  • Security architectures in Mobile Networks
  • Security Threats to Mobile Networks
  • Basics of Android Application Programming
  • Security Architectures of currently relevant Smartphone Platforms
  • Security Threats to Android Apps and Countermeasures

Prerequisites

- basic object oriented programming skills

Literature

  • http://developer.android.com/index.html
  • Charlie Miller, Dion Blazakis, Dino DaiZovi, Stefan Esser, Vincenzo Iozzo, Ralf-Philipp Weinmann (2012): iOS Hacker’s Handbook, Wiley
  • Gottfried Punz: Evolution of 3G Networks: The Concept, Architecture and Realization of Mobile Networks Beyond UMTS (2010), Springer
  • Joshua J. Drake, Zach Lanier, Collin Mulliner, Pau Oliva Fora, Stephen A. Ridley, Georg Wicherski (2014): Android Hacker's Handbook, Wiley

Assessment methods

  • The students are graded based on the practical exercises and the reflection and discussion of their results.
White Hat – Offensive Security 1 (Elective Course) (WF11)
German / ILV, FL
3.00
2.00

Course description

The course provides a basic introduction to the topic of Penetrationtesting of IT systems.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • perform the different phases of penetration testing
  • assign and use tools for the various phases of penetration testing
  • find and develop an exploit for simple Buffer Overflows in applications
  • adapt source code of exploits so that they apply for the IT System they are pentesting

Course contents

  • Information Gathering
  • Port Scans
  • Spoofing
  • Buffer Overflows
  • Exploits
  • File Upload

Prerequisites

- Network Basics- Linux Basics- C, Python experience is an advantage

Literature

  • Erickson, J. (2008): Hacking the art of Exploitation, no starch press
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Beggs, R. (2014): Mastering Kali Linux for Advanced penetration testing, packt publishing
  • Widman, G. (2014): Penetration Testing, no starch press
  • Broad, J./ Bindner, A. (2014): Hacking with Kali, Newnes
  • Middleton, B. (2014): Conducting Network Penetration and Espionage in a Global Environment, Auerbach Publications
  • Kim, P. (2014): Hacker Playbook, Secure Planet LLC

Assessment methods

  • Exercise dokumentation
Module 5 Personal Skills 1 (MOD5)
German / kMod
4.50
-
Intercultural Communication (ICOM)
English / SE
1.50
1.00

Course description

We aim at raising intercultural awareness and broadening the students’ horizons

Learning outcomes

After passing this course successfully students are able to ...

  • interpret the challenges of communicating with members of other cultures
  • describe the potential of working in an intercultural team

Course contents

  • Terms and theories of culture: Johari window, Iceberg theory etc.
  • Manifestations of culture
  • Inside and outside perspectives on culture

Prerequisites

Completion of previous semester courses

Literature

  • Lewis, R.D. et al (2012) When Cultures Collide 3rd ed., Nicholas Brealey International
  • Additional current handouts and audio-visual support

Assessment methods

  • active participation in class activities and timely completion of assignments
Leading Project Teams (FIT)
German / SE
1.50
1.00

Course description

In the course the students get to know main principles of leading teams.

Methodology

On the one hand there will be lectures about project and team management and on the other hand there will be plenty of group and teamwork.

Learning outcomes

After passing this course successfully students are able to ...

  • explain the role of leadership in the different stages of team development (for example by Tuckman) and to derive relevant leading actions (for example directive leadership in the forming phase).
  • diagnose dynamics in project teams using models (for example Rank Dynamics, Drama Triangle, TZI) and to develop and argue case-related concrete opportunities for activities (for example delegation of responsibility, critical discussion).

Course contents

  • Leadership styles and actions (in leading projects teams)
  • Leadership tools in project teams
  • Consequences of not leading
  • Role conflicts "colleague" and "project leader"
  • Conflicts and difficult situations in leading project teams

Literature

  • Cronenbroeck, Wolfgang (2008): Projektmanagement, Verlag Cornelsen, Berlin
  • DeMarco, Tom (1998): Der Termin – Ein Roman über Projektmanagement, München: Hanser
  • Kellner, Hedwig (2000): Projekte konfliktfrei führen. Wie Sie ein erfolgreiches Team aufbauen, Hanser Wirtschaft
  • Majer Christian/Stabauer Luis (2010): Social competence im Projektmanagement - Projektteams führen, entwickeln, motivieren, Goldegg-Verlag, Wien

Assessment methods

  • Course immanent assessment method and seminar papaer

Anmerkungen

none

Project Management 1 (PRM1)
German / ILV
1.50
1.00

Course description

The training shows the special aspects of the project management for engineers. The content of this course is based on the PMI Standard, expanded with lectures about agile methods, cost estimation and team work. This course focuses on project management for technical projects, consulting projects and research projects.

Methodology

Lecture, Practise, Case studies

Learning outcomes

After passing this course successfully students are able to ...

  • to name basic processes and standards of project management
  • to name the sub-processes of the PMI with their essentially input and output factors
  • to name and use selected methods and techniques of Projectmanagement
  • to select and bring to use an appropriate procedure for processing a project

Course contents

  • Projectmanagement, PMI, PMBOK, 5th edition:
  • Project Management Basics and organisational aspects
  • Project Integration Management
  • Project Scope Management
  • Project cost estimate
  • Project process models
  • Agile methods
  • Project Time Management
  • Project Stakeholder Management
  • Teamwork
  • Case studies

Prerequisites

Knowledge Software Engineering or Requirements Engineering and first experiences in project management.

Literature

  • Jakoby, W. (2013): Projektmanagement für Ingenieure, 2. Auflage, Springer Verlag
  • PMBOK (2014) - A Guide to the Project Management Body of Knowledge (PMBOK® Guide) - 5th Edition

Assessment methods

  • Case Study
  • Presentation
  • End exam

Anmerkungen

None.

2. Semester

Name ECTS
SWS
Module 10 Personal Skills 2 (MOD10)
German / kMod
4.50
-
Advanced English Communication (AEC)
English / SE
1.50
1.00

Course description

We aim at conveying the language-related criteria and techniques required for leading and participating in discussions and writing a summary on current issues and topics in the Cell and Tissue Engineering profession

Methodology

Active participation and discussionFulfillment of writing assignments and presentation

Learning outcomes

After passing this course successfully students are able to ...

  • Upon completion of this course, the students will be able to:
  • Lead a professional discussion in English, i.e. to apply appropriate language and techniques for effective research, formulation of questions, moderation, summarizing etc.;
  • Write a summary of the facts and main arguments

Course contents

  • Language and techniques for leading a professional discussion
  • Defining, researching, presenting, and leading a discussion on an appropriate professional topic;
  • Vocabulary work-up based on research sources for the discussion topic
  • Writing a summary of the main facts and arguments pertaining to the discussion topic

Prerequisites

Common European Framework of Reference for Languages Level B2

Literature

  • Göschka, M. et al (2014) Guidelines for Scientific Writing, Skriptum
  • Harvard Business Review 20-Minute Manager Series: Running Meetings
  • Aktuelle Handouts
  • Additional current handouts

Assessment methods

  • Course immanent assessment method, i.e. active participation in class activities and timely completion of assignments
IT Law (ITR)
German / VO
1.50
1.00

Course description

Teaching of information concerning society relevant legislations.

Methodology

LectureDiscussions

Learning outcomes

After passing this course successfully students are able to ...

  • Understanding of applicable law.

Course contents

  • E-Commerce ActIP RightsTelecommunication ActMedia Act

Prerequisites

Basic knowledge in the field of law

Literature

  • Charts and lecture notes

Assessment methods

  • Exam
Project Management 2 (PRM2)
German / ILV
1.50
1.00

Course description

Projects in the areas of Information Management and IT-Security, combined with a lecture in specific topics in these areas. The training shows the special aspects of the project management for engineers. The content of this course is based on the PMI Standard. This course focuses on project management for technical projects, consulting projects and research projects.

Methodology

Lecture, Practise, Case studies

Learning outcomes

After passing this course successfully students are able to ...

  • plan projects considering risks and costs.
  • define the quality of projects
  • plan and implement reviews in projects.
  • write Documentation in agile projects and adapted to the project context.

Course contents

  • Project management from view of the project controlling:
  • Processes for problem solving
  • risk management
  • cost management
  • quality management
  • project reviews
  • documentation for agile projects

Prerequisites

Projectmanagement 1 from the first semester

Literature

  • Jakoby, W. (2013): Projektmanagement für Ingenieure, 2. Auflage, Springer Verlag
  • PMBOK (2014) - A Guide to the Project Management Body of Knowledge (PMBOK® Guide) - 5th Edition

Assessment methods

  • Case Study
  • Presentation
  • Exam
Module 6 Applied IT-Security (MOD6)
German / kMod
9.00
-
ICT Architectures (IKT)
German / ILV, FL
3.00
2.00

Course description

Development and implementation of security concepts at an operational level. Handling relevant topics, for example: Log management, mobile device management or monitoring.

Methodology

Distance learning: Reading of relevant papers Class: Presentations which are held by students

Learning outcomes

After passing this course successfully students are able to ...

  • recognize and analyze the dangers in the use of information and communication systems.
  • know and use the basic security measures to protect information and communication systems.
  • create concepts for secure it-systems.

Course contents

  • Informationmanagement
  • holistic security concepts
  • ICT Architectures

Prerequisites

Basic knowledge of security, operational it-business, network engineering, computer science.

Literature

  • Papers of well known institutions regarding security: BSI, NIST, SANS.

Assessment methods

  • Written test
  • presentation
Incident Management (INMA)
German / ILV, FL
3.00
2.00
System Integration (SINT)
German / ILV, FL
3.00
2.00

Course description

This lecture convesy the most important concepts of system integration and practises them in the course of a web service implementation

Methodology

Open and Distance LearningStudent presentationsDiscussionLecturePractical project

Learning outcomes

After passing this course successfully students are able to ...

  • explain the subtasks and most important concepts (distribution, middleware, enterprise application integration, workflows, web, service orientation) of system integration and describe their interrelations• describe the web service technology stack
  • develop a simple web service and integrate several web services in a simple web or mobile application

Course contents

  • Distributed Information Systems
  • Middleware
  • Enterprise Application Integration
  • Web Application Integration
  • Web Services: Basic technologies and coordination protocols
  • BPEL: Web service workflows

Prerequisites

• Software engineering• Programming (Java) • Distributed systems

Literature

  • G.Alonso / F.Casati / H.Kuno / V.Machiraju (2004): Web Services: Concepts, Architectures and Applications, Springer
  • Ingo Melzer (2010): Service-orientierte Architekturen mit Web Services: Konzepte - Standards – Praxis, Spektrum Akademischer Verlag
  • Nicolai Josuttis (2008): SOA in der Praxis: System-Design für verteilte Geschäftsprozesse, dpunkt
  • lecture notes
  • additional material (scientific articles)

Assessment methods

  • Continuous immanent assessment
  • Lab project
  • Complementary written exam
Module 7 Information Security Management (MOD7)
German / kMod
6.00
-
Applied Information Security (AINF)
German / ILV, FL
3.00
2.00

Course description

Overview of actual security risks and analysis of newest investigation reports. In addition to this students have to analyse, interprete and present actual security bulletins - and to write a term paper.

Learning outcomes

After passing this course successfully students are able to ...

  • describe actual state of cyber threats.
  • interprete a security incident.
  • analyse a security incident in regard to technical aspects.
  • explain complex coherences tailored to the target group's specific requirements.

Course contents

  • • Latest Security- resp. Cyber-Reports• Latest security threats• Presentation to specific audiences

Prerequisites

- Skills at networking- Operating systems- IT-Security- Presentation techniques

Literature

  • Stuttard, Dafydd / Pinto, Marcus (2011): "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws" 2nd Ed., John Wiley & Sons, ISBN-10: 0470170778 & 1118026470
  • Erickson, Jon (2006): "Forbidden Code" 2nd Ed., mitp/bhv, ISBN-10: 3826616677

Assessment methods

  • Continuous assessment
  • Presentations
  • Term paper
Information Security Management (ISM)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of information security so that in terms of learning projects applying relevant remuneration are discussed. In addition, in-depth knowledge is provided, which serve to design information security as an interdisciplinary task in the context of security-relevant processes to plan, to do, to check and to improve (act).

Learning outcomes

After passing this course successfully students are able to ...

  • essential security risks in the use of information and communication systems and the fundamental security mechanisms to describe,
  • methods to describe the assessment of security risks and to explain the use,
  • the project even and consistent process approach in risk and security analysis to describe and explain the implementation,
  • the principles of information security and data protection target groups and to describe specific,
  • the organizational integration, the responsibilities and quality assurance groups to describe and explain the measures to implement

Course contents

  • Identification of differences in the characteristics, requirements and specification of the frameworks:
  • Austrian Information Security Manual,
  • Germany Federal Office for Information Security – Baseline Protection Manual,
  • ISO / IEC 27001 - "Information Technology - Security Techniques - Information Security Management System"
  • Control Objectives for Information and related Technology (COBIT)
  • Payment Card Industry Data Security Standard (PCI DSS)Identification of the interface and the applications with the frameworks:
  • ISO / IEC 2000 - "Information Technology - Service Management"
  • ISO 31000 - "Enterprise Risk Management"
  • ONR 49000 standard series "Risk management for organizations and systems“In the exercises, the emphasis is on hands-on training using:
  • the correct choice of procedure for the creation of an information security plan, taking into account the possible frame work,
  • the creation of information security guidelines,
  • the development of an appropriate organizational concept,
  • creating a catalog of measures for the implementation of information securitya practical case study as part of guided small projects.

Prerequisites

Theoretical and practical basic knowledge of computer science and of frameworks for information security management (equivalent knowledge - LV 1 SIS). Ability to recognize complex structures and to analyze, identify identical issues in different contexts and to look holistically. Knowledge of project and process management are desirable (but not essential). In addition, basic knowledge of the ISO / OSI network architecture and TCP / IP protocols used are provided.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Kriha Walter, Schmitz Roland: Internet-Security aus Software-Sicht - Grundlagen der Software-Erstellung für sicher-heits¬kritische Bereiche, Springer, 2009, ISBN 978-3-540-68906-5

Assessment methods

  • moodle tests: 60%seminar thesis: 25% (weighting: 0.7 quality and elaboration or style: 0.3)presentations: 15% (the weighting in the presentation: 0.7 quality and elaboration or style: 0.3)denomination: up 50.0% = 5, to 62.5% = 4, to 75.0% = 3, up 87.5% = 2 to 100% = 1
Module 8 Project (MOD8)
German / iMod
4.50
-
Project Work 2 (PRJ2)
German / PRJ
4.50
2.00

Course description

Planning and implementation of R&D projects in small teams. In the second part detailed planning and the implementation is done.

Methodology

Project work

Learning outcomes

After passing this course successfully students are able to ...

  • transfer functional requirements into a detailed implementation plan
  • estimate and plan time and resources
  • implement requirements according to plan

Course contents

  • Planning and implementation of R&D projects in teams
  • Maintain a project handbook
  • Detailed specification
  • Time and resource planning
  • Implementation of the requirements according to the plan

Prerequisites

Project work from the first semester. Projects are continued.

Literature

  • Depending on project

Assessment methods

  • Remarks are given as a combination of project results and project management.
Module 9 Selected Topics 2 (MOD9)
German / kMod
6.00
-
Big Data and Data Retrieval (Elective Course) (WF15)
German / ILV, FL
3.00
2.00

Course description

The course gives an insight into the methods of data and knowledge extraction from different data sources. Emphasis is given to areas of (internet) search engines and Big Data systems, primarily Hadoop. Examples of data analytics methods are discussed in more detail.

Learning outcomes

After passing this course successfully students are able to ...

  • characterize the terms Big Data, Data Mining and Information Retrieval and use related procedures and methods
  • assess the technical basics of search engines
  • use Hadoop as a basis for simple Big Data applications
  • assess processing steps in a data mining process
  • easily go through similar topics independently and incorporate specific knowledge into known basics

Course contents

  • Introduction to topics of Information Retrieval and Data Mining
  • Basic models of Information Retrieval (Boolean Model, Vector Space Model, Propabiistic Model)
  • Insights into Big Data techniques (Hadoop, MapReduce, HDFS, Hadoop ecosystem)
  • Special topics depending on the interest of students in the fields of crawling, indexing, ranking, clustering, classification, big data analytics, machine learning, processing of unstructured data, various methods of mining and retrieval, various tools

Prerequisites

- Baisc knowledge of statistics and mathematics- Basic technologies from Computer Science (RDBMS, XML, ...)

Literature

  • Baeza-Yates, R., Ribeiro-Neto, B., 2011. Modern information retrieval: the concepts and technology behind search, Second edition. ed. Addison Wesley, New York.
  • Baron, P., 2013. Big Data für IT-Entscheider: riesige Datenmengen und moderne Technologien gewinnbringend nutzen. Hanser, München.
  • Ferber, R., 2003. Information Retrieval: Suchmodelle und Data-Mining-Verfahren für Textsammlungen und das Web, 1. Aufl. ed. dpunkt-Verl, Heidelberg.
  • Leskovec, J., Rajaraman, A., Ullman, J.D., 2014. Mining of massive datasets. Cambridge University Press.
  • Lewandowski, D., 2005. Web Information Retrieval: Technologien zur Informationssuche im Internet, Reihe Informationswissenschaft der DGI. Dt. Ges. für Informationswiss. und Informationspraxis, Frankfurt am Main.
  • Manning, C.D., Raghavan, P., Schütze, H., 2008. Introduction to information retrieval. Cambridge University Press, New York.
  • Mayer-Schönberger, V., Cukier, K., Mallett, D., 2013. Big Data: die Revolution, die unser Leben verändern wird, 2. Aufl. ed. Redline-Verl, München.
  • Wartala, R., 2012. Hadoop: zuverlässige, verteilte und skalierbare Big-Data-Anwendungen, Professional reference. Open Source Press, München.

Assessment methods

  • Exercises
  • Short presentations
CISSP Introduction (Elective Course) (WF16)
German / ILV, FL
3.00
2.00

Course description

The course covers the 10 common bodies of knowledge of CISSP. All topics are presented in an overview, some selected are covered in depth.1. Security and Risk Management2. Asset Security3. Security Engineering4. Communications and Network Security5. Identity and Access Management6. Security Assessment and Testing7. Security Operations8. Software Development Security

Learning outcomes

After passing this course successfully students are able to ...

  • to explain how the CISSP exam works
  • enumerate typical question types and give examples
  • reproduce selected expertise in the necessary depth for CISSP
  • to restructure the content of CISSP domains not covered in class and prepare for certification by develop typical CISSP questions.

Course contents

  • The course is a first preparation for the CISSP certification. The content is therefore the aligned to ISC2’s 8 domains. We will cover a selection of following topics; the topics are a verbatim copy of ISC2 https://www.isc2.org/cissp-domains/default.aspxSecurity and Risk Management (Security, Risk, Compliance, Law, Regulations, and Business Continuity)
  • Confidentiality, integrity, and availability concepts
  • Security governance principles
  • Compliance
  • Legal and regulatory issues
  • Professional ethic
  • Security policies, standards, procedures and guidelinesAsset Security (Protecting Security of Assets)
  • Information and asset classification
  • Ownership (e.g. data owners, system owners)
  • Protect privacy
  • Appropriate retention
  • Data security controls
  • Handling requirements (e.g. markings, labels, storage)Security Engineering (Engineering and Management of Security)
  • Engineering processes using secure design principles
  • Security models fundamental concepts
  • Security evaluation models
  • Security capabilities of information systems
  • Security architectures, designs, and solution elements vulnerabilities
  • Web-based systems vulnerabilities
  • Mobile systems vulnerabilities
  • Embedded devices and cyber-physical systems vulnerabilities
  • Cryptography
  • Site and facility design secure principles
  • Physical security Communication and Network Security (Designing and Protecting Network Security)
  • Secure network architecture design (e.g. IP & non-IP protocols, segmentation)
  • Secure network components
  • Secure communication channels
  • Network attacks Identity and Access Management (Controlling Access and Managing Identity)
  • Physical and logical assets control
  • Identification and authentication of people and devices
  • Identity as a service (e.g. cloud identity)
  • Third-party identity services (e.g. on-premise)
  • Access control attacks
  • Identity and access provisioning lifecycle (e.g. provisioning review) Security Assessment and Testing (Designing, Performing, and Analyzing Security Testing)
  • Assessment and test strategies
  • Security process data (e.g. management and operational controls)
  • Security control testing
  • Test outputs (e.g. automated, manual)
  • Security architectures vulnerabilitiesSecurity Operations (Foundational Concepts, Investigations, Incident Management, and Disaster Recovery)
  • Investigations support and requirements
  • Logging and monitoring activities
  • Provisioning of resources
  • Foundational security operations concepts
  • Resource protection techniques
  • Incident management
  • Preventative measures
  • Patch and vulnerability management
  • Change management processes
  • Recovery strategies
  • Disaster recovery processes and plans
  • Business continuity planning and exercises
  • Physical security
  • Personnel safety concernsSoftware Development Security (Understanding, Applying, and Enforcing Software Security)
  • Security in the software development lifecycle
  • Development environment security controls
  • Software security effectiveness
  • Acquired software security impact

Prerequisites

The CISSP certification is a thematically broad certification and therefore basic knowledge of network technology, programming, system administration and mathematics are required.In summary: skills that are taught in undergrad CS and MIS classes.

Literature

  • Adam Gordon, Official (ISC)²® Guide to the CISSP® CBK®, ISC2, Fourth Edition (optional)
  • Harris Shon, CISSP All-in-One Exam Guide, 6th Edition. McGraw-Hill., 2012 (optional).

Assessment methods

  • Multiple Choice Exam (CISSP Style)
Case Studies in IT-Service Management (Elective Course) (WF20)
German / ILV, FL
3.00
2.00
Detection and Prevention of Cyber Attacks (Elective Course) (WF19)
German / ILV, FL
3.00
2.00

Course description

Early detection of (successfull Cyeber attacks) have bevome essential to cope with data leakage and advanced persistent threats. Many of the traditional security systems (anti-virus, IPS, firewalls, ..) are no longer able to successfully detect or prevent these cyber attacks. during this course modern attack methods and detection/mitigation methods will be presented.

Methodology

Integrated course. Combination of eLearning, self organized learning and execises (Seminararbeit)

Learning outcomes

After passing this course successfully students are able to ...

  • show the limits of traditional security systems
  • to explain new advanced methods of cyber attacks
  • To detect and analyze cyber attacks on the basis of current methods

Course contents

  • Modern methods of cyber attacks and APT (advanced persistent threats), industrial espionage

Prerequisites

- Experience in administration of IT systems- network basics (TCP/IP)- AKIMS 1

Literature

  • Online Articles, studies and papers from AV vendors, will be provided via CIS

Assessment methods

  • Seminar thesis
ITIL Foundation (Elective Course) (WF6)
German / ILV, FL
3.00
2.00

Course description

ITIL is the most relevant framework for IT Service Management. Many companies worldwide rely on ITIL as a source of good practices to improve their capabilities in terms of providing value to their clients in the forms of IT services. This class provides basic insights into the concepts of IT Service Management based on ITIL. Terms and definitions that serve as a cornerstone are introduced and subsequently all relevant processes are discussed – complemented by examples and insights gained from practical experience.

Methodology

Presentation

Learning outcomes

After passing this course successfully students are able to ...

  • enumerate the different lifecycle phases of ITIL,
  • assign the processes and functions to the corresponding lifecycle phases,
  • illustrate the task sequences and activities necessary to render the processes
  • reproduce the definitions introduced by ITIL
  • elaborate on benefits and feasible risks during the establishment of IT Service Management

Course contents

  • General overview of IT Service Management including the evolution of ITIL and the concept of “adopt and adapt”
  • Introduction into the basic concepts of IT Service Management and the ITIL Life Cycle
  • Discussion of the five core books: Service Strategy, Service Design, Service Transition, Service Operations und Continual Service Improvement

Literature

  • The official five ITIL core books.
  • Slide Deck (will be provided in Moodle)
  • ITSM Primer (will be provided in Moodle)

Assessment methods

  • The exam will be administered as an open book exam. Multiple choice questions and some open questions need to be answered to pass the exam. The actual procedure will be discussed and agreed during the first class.

Anmerkungen

A primer on IT Service Management will be provided in Moodle. This is a mandatory pre-reading exercise in order to have ample time for discussions in class.

Securityaspects of Cloud Computing (Elective Course) (WF17)
German / ILV, FL
3.00
2.00

Course description

In the course of this lecture, we will intensively discuss security and privacy aspects of cloud computing. After an introduction to cloud architectures and use cases in practice, we will cover the following topics:- Common cloud architectures- Data security- Privacy- Infrastructure Security- Access control and authenticationIntrusion detection and forensics

Learning outcomes

After passing this course successfully students are able to ...

  • explain security and privacy aspects of cloud computing
  • evaluate cloud providers and architectures with respect to security and privacy aspects
  • develop cloud migration strategies
  • develop access control concepts in cloud-based systems
  • evaluate data administration aspects in clouds

Course contents

  • Cloud Computing Basics
  • Cloud Architectures
  • Use cases in practice
  • Security risks and attacks
  • Data security and privacy aspects of cloud computing
  • Access control and authentication in cloud-based systems
  • Intrusion detection and cloud forensics

Prerequisites

Basics in information security and network security

Literature

  • Christian Metzger, Thorsten Reitz, Juan Villar. (2011): Cloud Computing: Chancen und Risiken aus technischer und unternehmerischer Sicht, Hanser
  • Tim Mather, Subra Kumaraswamy, Shahed Latif. (2009) Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance (Theory in Practice) (O'Reilly Media)

Assessment methods

  • Written exam in the last lecture, open questions
  • Presentation of a state of the art scientific paper that covers security and privacy aspects of cloud computing
  • Short essay that discusses cloud service providers based on aspects that
White Hat – Offensive Security 2 (Elective Course) (WF22)
German / ILV, FL
3.00
2.00

Course description

The course provides a basic introduction to the field of IT penetration test systems with focus on the post-exploitation phase.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • perform the different phases of penetration testing
  • assign and use tools for the various phases of penetration testing
  • find and develop an exploit for simple Buffer Overflows in applications
  • adapt source code of exploits so that they apply for the IT System they are pentesting

Course contents

  • Vulnerability Scanner
  • Metasploit
  • Priviledge Escalation
  • DLL Hijacking
  • DLL Injection
  • Application Backdooring
  • Antivirus Evasion

Prerequisites

- White Hat 1 - Network Basics- Linux Basics- C, Python experience is an advantage- Debugger- Basic knowledge in Assembly

Literature

  • Erickson, J. (2008): Hacking the art of Exploitation, no starch press
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Beggs, R. (2014): Mastering Kali Linux for Advanced penetration testing, packt publishing
  • Widman, G. (2014): Penetration Testing, no starch press
  • Broad, J./ Bindner, A. (2014): Hacking with Kali, Newnes
  • Middleton, B. (2014): Conducting Network Penetration and Espionage in a Global Environment, Auerbach Publications
  • Kim, P. (2014): Hacker Playbook, Secure Planet LLC

Assessment methods

  • Exercise dokumentation

3. Semester

Name ECTS
SWS
Module 11 Information Security Organization (MOD11)
German / kMod
9.00
-
Business Continuity & Desaster Recovery (BCDR)
German / ILV, FL
3.00
2.00

Course description

The goal of the module is to treat relevant aspects of business continuity & Disaster recovery so that in terms of learning projects applying relevant remuneration are discussed. In addition, in-depth knowledge is provided, which serve to design business continuity & Disaster recovery as an interdisciplinary task in the context of security-relevant processes to plan, to do, to check and to improve (act).

Methodology

Work in groups on course-relevant areas.

Learning outcomes

After passing this course successfully students are able to ...

  • describe the essential use of business continuity planning and disaster recovery planning and the basic mechanisms,
  • explain the used methods to describe the assessment of business continuity planning & disaster recovery planning,
  • describe and explain the implementation of the project even and consistent process approach of business continuity planning & disaster recovery planning,
  • describe specific principles of the business continuity planning & disaster recovery planning target groups,
  • describe and explain the measures to implement the organizational integration, the responsibilities and quality assurance groups

Course contents

  • Identification of differences in the characteristics, requirements and specifications in terms of business continuity planning and disaster recovery planning in the frameworks:
  • Austrian Information Security Manual,
  • Germany Federal Office for Information Security – Baseline Protection Manual,
  • ISO / IEC 27001 - "Information Technology - Security Techniques - Information Security Management System"
  • Control Objectives for Information and related Technology (COBIT)
  • Payment Card Industry Data Security Standard (PCI DSS)Identification of the interface as well as the possibilities in terms of business continuity planning and disaster recovery planning in the frameworks:
  • ISO / IEC 2000 - "Information Technology - Service Management"
  • ISO 31000 - "Enterprise Risk Management"
  • ONR 49000 standard series "Risk management for organizations and systems“In the exercises, the emphasis is on hands-on training using:
  • the correct selection of the procedure for creating a business continuity plan and disaster recovery plan, taking into account the possible frame work,
  • creating a training concept for a business continuity plan and disaster recovery plan
  • performing an exercise for a business continuity plan and disaster recovery plan

Prerequisites

Theoretical basic knowledge of risk management and of frameworks for information security management (equivalent knowledge - LV 2 ISM). Ability to recognize complex structures and to analyze, identify identical issues in different contexts and to look holistically. Knowledge of project and process management.

Literature

  • Ebert Christof: Risikomanagement kompakt- Risiken und Unsicherheiten bewerten und beherrschen, 2. Auflage, Springer Vieweg, 2013, 978-3-642-41048-2
  • Königs Hans-Peter: IT-Risikomanagement mit System - Praxisorientiertes Management von Informations-sicherheits- und IT-Risiken, 4. Auflage, Springer, 2013, ISBN 978-3-8348-2165-2
  • Müller Klaus-Rainer: Handbuch Unternehmenssicherheit - Umfassendes Sicherheits-, Kontinuitäts- und Risiko-management mit System, 2. Auflage, Springer Vieweg, 2010, ISBN 978-3-8348-9772-5
  • Müller Klaus-Rainer: IT-Sicherheit mit System - Integratives IT-Sicherheits-, Kontinuitäts- und Risikomanagement - Sichere Anwendungen - Standards und Practices, 5. Auflage, Springer Vieweg, 2014, ISBN 978-3-658-04334-6

Assessment methods

  • Evaluation of the project
Current Topics in Security & Privacy (AIS)
German / ILV, FL
3.00
2.00

Course description

The course provides a brief theoretical overview of privacy or account privacy enhancing technologies (PET) and allows students to experiment with different system and evaluate them.

Methodology

Lectures, presentations, assignments, exam

Learning outcomes

After passing this course successfully students are able to ...

  • explain the theoretical concepts of homomorphic cryptography, k-anonymity and l-diversity
  • use Tor in a secure way and explain its configuration
  • evaluate different privacy and crypto tools such as OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger

Course contents

  • Homomorphic Cryptography,
  • k-anonymity & l-diversity,
  • Differential privacy
  • Identity management & Pseudonmity
  • Access management
  • System Architectures for identity management systems
  • Tor – The Onion Router
  • Online anonymity & Web Privacy, Fingerprinting, Metadata, Censorship
  • Certificate Trust Model
  • Applied examples: Kerberos, OAuth, Mozilla Persona, Facebook Connect etc.
  • Crypto tools (OTR, Pond, Flock, Redphone, Textsecure, prism-break, secure messenger)

Prerequisites

- Basic algebra (high school level)- Fundamental programming skills- Basic experience in system administration / Linux.

Literature

  • Current research articles will be provided by the lecturer.

Assessment methods

  • Presentation in groups
  • Written assignment and documentation of practical work
  • Written final exam.
Integrated Management Systems & Audit (IMA)
German / ILV, FL
3.00
2.00
Module 12 Specialization (MOD12)
German / iMod
10.50
-
Specialization (SPEC)
German / PRJ
10.50
2.00

Course description

Scientific analysis of special fields concerning the topics of the individual master theses in small groups. Formulation of scientific research question, literature research, state of the art and discussion of current research results as input an possible basis of the individual master theses.

Methodology

Work in small groups on course-relevant areas.

Learning outcomes

After passing this course successfully students are able to ...

  • prepare scientific and practical principles, methods, technologies and applications in the field of the respective master thesis
  • use the results of LV to realize their master thesis according to the requirements on a scientifically exalted level

Course contents

  • Literature research and state of the art (list of literature), discussion of scientific papers and developing synergies, work on scientific questions and methodologies, Master Thesis proposal, Source and knowledge map

Prerequisites

Technical expertise of the preceding semesters, Scientific Work

Literature

  • depends on selected field

Assessment methods

  • course immanent
Module 13 Selected Topics 3 (MOD13)
German / kMod
6.00
-
Cost Estimate and Feasibility Study of SW and ICT Projects in Practice (Elective Course) (WF4)
German / ILV, FL
3.00
2.00

Course description

This course shows up 12 different methods of software and IT project estimation. It focuses on prediction of a projects size, duration, costs and other important parameters.

Methodology

Based on a book of Steve McConnell 12 estimation methods are shown, compared and discussed. Some of these methods are being practiced during small labworksThis course consists of 50% distance learning where the students will prepare some estimations methods in small groups

Learning outcomes

After passing this course successfully students are able to ...

  • estimate parameters of software projects in early project phases
  • analyze typical risks during the preproject phase to prevent them
  • appropriately communicate the project size, duration and costs

Course contents

  • 12 Estimation Methods:
  • Comparing Projects
  • Proxy Methods
  • Counting & Measuring & Calculating
  • Function Point Analysis
  • Broadband Delphi, etc.Project Management during the pre-projct phase:
  • Rapid Development
  • Typical milestones
  • ORDER Framework (Mahan Khalsa)

Prerequisites

Project Management

Literature

  • Steve McConnell: Software Aufwandschätzung, Rapid Development, Software Project Survival Guide
  • Tom DeMarco: Spielräume, Bärentango
  • Fabry/Bundschuh: Aufwandschätzung bei Softwareprojekten

Assessment methods

  • Teams prepare and hold presentations about various estimation methods during the course.
Reverse Engineering and Malware Analysis (Elective Course) (WF5)
German / ILV, FL
3.00
2.00

Course description

Cybercrime has become a big business segment and the amount of malicious software is growing steadily. Although automated processes are helping with detection, manual work still needs to be done. Therefore, this course equips the students with the required basic knowledge to analyze Windows-based malware on their own.

Methodology

Practice-oriented lectures with exercises

Learning outcomes

After passing this course successfully students are able to ...

  • describe actions of a Windows executable with the help of analysis tools,
  • disassemble and debug Windows executables,
  • explain relations between x86 disassembly and calls to Windows API functions,
  • detect and bypass anti-analysis methods.

Course contents

  • Overview over static and dynamic analysis tools
  • Crash course about x86 assembly
  • Introduction to Windows internals
  • Excerpt of methods to detect that an analysis is happening

Prerequisites

- Basic knowledge about operating systems (especially Windows)- Fundamental concepts of programming

Literature

  • Bachaalany, E. / Dang, B. / Gazet, A. (2014): Practical Reverse Engineering, Wiley

Assessment methods

  • Exercises after each lecture block
Web Application Security (Elective Course) (WF6)
German / ILV, FL
3.00
2.00

Course description

This course imparts practical and theoretical knowledge about Security in Web-Applications (HTTP/S). The student learn how hackers work when they attack Applications and how they can protect them.

Methodology

Integrated course

Learning outcomes

After passing this course successfully students are able to ...

  • Testing Web-Applications pertaining to secure itImproving the securtiy of Web-Applications

Course contents

  • Cross Side Scripting (XSS)SQL-InjectionRCECSRFLFI/RCEXXE

Prerequisites

HTTPHTMLJavaScriptSQLScriptlanguages (PHP is beneficial)

Literature

  • PHP-Sicherheit (ISBN: 3-89864-369-7)

Assessment methods

  • ExercisesCollaboration

Anmerkungen

Blockveranstaltung

White Hat – Offensive Security 3 (Elective Course) (WF3)
German / ILV, FL
3.00
2.00

Course description

The course provides advanced topics of Penetrationtesting of IT systems.

Methodology

Lectures and exercises

Learning outcomes

After passing this course successfully students are able to ...

  • exploit more complex BOF
  • evade the countermeasure Data Execution Prevention (DEP)
  • use Egghunter to find their own shellcode placed somewhere in the memory

Course contents

  • DLL Forward
  • Fuzzing & SEH BOF
  • Egghunter
  • Return Orientated Programing
  • Memory Dumping

Prerequisites

WHH1&2 Basic assembly knowledge not necessary but beneficial

Literature

  • Kim, P. (2015): Hacker Playbook 2, Secure Planet LLC
  • Baloch, R. (2015): Ethical Hacking and Penetration Testing guide, crc press
  • Eagle, C. (2015): The IDA Pro Book: The Unofficial Guide to the World's Most Popular Disassembler, No Starch Press

Assessment methods

  • Exercise dokumentation

Anmerkungen

This class is, like the previous WHH lectures, challenging and recommended only for students who want to dig deeper into the subject of penetration testing.

Module 14 Personal Skills 3 (MOD14)
German / kMod
4.50
-
IT-Governance (ITG)
German / ILV, FL
3.00
2.00

Course description

Introduction into the topics governance & audits from the perspective of a security professional

Methodology

integrated course (lecture, exercises, discussions, case studies)

Learning outcomes

After passing this course successfully students are able to ...

  • implement and continually improve IT Compliance & Governance (Risk Management) in organizations/institutions with the aid of security relevant standards and best practices
  • analyze and evaluate security and quality requirements in organizations/institutions based on internal or external audits

Course contents

  • internal & external Audits, international standards & frameworks (e.g. ISO 9001, 20000, 27001, ISAE 3402,...), standardization, IT & enterprise risk management & governance

Prerequisites

Information security & information security management basics, standardization (ISO) fundamentals, self-responsibility

Literature

  • ISO 9001:2015
  • ISO 20000:2011
  • ISO 27001:2013
  • ISO 31000:2009
  • ONR 4900x:2014

Assessment methods

  • term paper, written exam
Scientific Work (WA)
German / ILV
1.50
1.00

Course description

Scientific working

Methodology

- Workshop- Presentations- Review

Learning outcomes

After passing this course successfully students are able to ...

  • autonomously write a scientific paper/thesis at master level, adhere to the code of ethics, and to deliberate this process.
  • review a different scientific paper/thesis.
  • present a scientific paper/thesis.

Course contents

  • Scientific working techniques and literature research
  • Writing: Structure, State of the art, Related work, Reproducible proof of concept.
  • Writer’s block and writing techniques
  • Peer Review
  • Effective short presentations

Prerequisites

Bachelor Thesis

Literature

  • Justin Zobel (2009): Writing for Computer Science, Springer.
  • Brigitte Pyerin (2014): Kreatives wissenschaftliches Schreiben, Beltz Juventa.
  • articles and relevant web sites.

Assessment methods

  • Peer review of another master thesis

4. Semester

Name ECTS
SWS
Module 15 Personal Skills 4 (MOD15)
German / kMod
3.00
-
Communication in IT-Projects (KITP)
German / SE
1.50
1.00

Course description

The course imparts the participants basics about the efficient cooperation of IT-experts and customers in IT-projects.

Methodology

Workshop: theory inputs, group work, practice, reflections, discussions, video analysis and feedback

Learning outcomes

After passing this course successfully students are able to ...

  • prepare the process and completion of a specific conversation with non-experts (for example Harvard principled negotiation) and to implement a close to reality goal-and partner oriented conversation.
  • describe possibilities for contact support with conversation partners and properly conversation accesses and to apply them exemplarily.
  • analyse others and own interests, motives, resistance and objections in IT-specific conversations and to describe constructive behaviour patterns.

Course contents

  • Negotiation strategies
  • Goal-, partner- and resources-oriented conversation techniques (verbal and nonverbal)
  • Dealing with resistance and objections
  • Psychology of persuasion
  • Impact of the own conversation behavior

Literature

  • Cialdini, Robert B. (2007): Die Psychologie des Überzeugens, Bern: Verlag Hans Huber
  • Dieken, Connie (2009): Talk Less, Say More: Three Habits to Influence Others and Make Things Happen, Wiley & Sons 10/2009
  • Fisher, R./Ury, W./Patton, B. (2009): Das Harvard-Konzept. Klassiker der Verhandlungstechnik, Frankfurt/Main: Campus Verlag
  • Goulston, Mark/ Ferrazzi, Keith (2009): Just Listen: Discover the Secret to Getting Through to Absolutely Anyone, Amacom Books
  • Vigenschow, Uwe/Schneider, Björn/Meyrose, Ines (2009): Soft Skills für Softwareentwickler: Fragetechniken, Konfliktmanagement, Kommunikationstypen und -modelle, Dpunkt Verlag

Assessment methods

  • continuous assessment
Scientific Writing (SW)
English / SE
1.50
1.00

Course description

The focus of the course is an overview of academic language and formal criteria required for writing and presenting a conference paper, and writing an abstract

Methodology

Teaching methods will be used to give the students opportunities to improve and refine their written language skills. Mini- lectures will be used for input on writing techniques and use of language. However, students will also be given in-class activities to actively engage in using the language in order to enhance language awareness and sensitivity. These activities may include pair activities, group activities, etc. Students will be encouraged to approach written language analytically and critically, for example by giving constructive feedback after in-class writing activities, comparing and analyzing texts, etc. Students will be encouraged to use appropriate language when presenting

Learning outcomes

After passing this course successfully students are able to ...

  • structure a conference paper according to the formal criteria given
  • write a conference paper according to the language related criteria given
  • write an abstract according to the formal related criteria given
  • write an abstract according to the language related criteria given
  • present a conference paper

Course contents

  • The role, content, structure, and style of a conference paper
  • The role, content, style and types of scientific abstracts
  • Language-related criteria of a conference paper and an abstract
  • Writing a conference paper and abstract
  • Presenting the conference paper

Prerequisites

Completion of previous semester courses

Literature

  • Göschka, M. et al (2014) Guidelines for Scientific Writing, Skriptum
  • Additional current handouts

Assessment methods

  • Active participation in class activities and timely completion of assignments
Module 16 Master Thesis (MOD16)
German / iMod
27.00
-
Master's Thesis (MT)
German / SO
24.00
0.00

Course description

Scientific work based on relevant topic and writing of Master’s thesis.

Learning outcomes

After passing this course successfully students are able to ...

  • formulate a scientific question for a subject-specific topic
  • apply scientific methods to the research question
  • write a research paper (Master’s thesis)

Course contents

  • Writing the master thesis

Prerequisites

- Master seminar- All relevant topic of the course program

Literature

  • depends on topic

Assessment methods

  • Master Thesis
Master's Thesis Seminar (MTS)
German / SE
3.00
1.00

Course description

Preparing and discussing in-depth topics of the Master Thesis

Learning outcomes

After passing this course successfully students are able to ...

  • reflect and improve the Master thesis

Course contents

  • Preparing and discussing in-depth topics of the Master Thesis

Prerequisites

Scientific work

Literature

  • depends on topic

Assessment methods

  • Course immanent assessment method