Upload
lamnga
View
216
Download
0
Embed Size (px)
Citation preview
Seite 2/42 Catalogue of Modules M. Sc. Security Management February 2014
Impressum
Autor: Prof. Dr. Sachar Paulus
Redaktion: Prof. Dr. Sachar Paulus
Druck: Druckerei der Fachhochschule Brandenburg
Kontakt: Fachhochschule Brandenburg
University of Applied Sciences
Magdeburger Str. 50
14770 Brandenburg an der Havel
T +49 3381 355 - 101
F +49 3381 355 - 199
www.fh-brandenburg.de
Stand: 21. Februar 2014
© Fachhochschule Brandenburg
Seite 3/42 Catalogue of Modules M. Sc. Security Management February 2014
Inhaltsverzeichnis
1 Introduction 4 2 Modules of the first term 5
2.1 Principles of Security Management 5 2.2 Law, Compliance and Data Protection 7 2.3 Principles of ICT Infrastructure Security 9 2.4 Principles of Secure Communication Technology 12 2.5 Principles of forensics and auditing 14 2.6 Term Thesis 1 15
3 Second term 17 3.1 Security and Crisis Management in the international Context 17 3.2 Physical Security 19 3.3 Corporate Governance 21 3.4 Secure Systems Lifecycle Management 23 3.5 Secure IT Services and Business Processes 25 3.6 Project 27 3.7 Term Thesis 2 29
4 Third Term 31 4.1 Master’s Thesis incl. Master’s Seminar 31
5 Examples for Compulsory Optional Modules 33 5.1 ITIL - Information Technology Infrastructure Library 33 5.2 Know-how Protection 35 5.3 Technical Aspects of the IT Forensics 37 5.4 Security Concepts of Nuclear Power Plants 40
Seite 4/42 Catalogue of Modules M. Sc. Security Management February 2014
1 Introduction
This document contains the module descriptions of Brandenburg University of Applied Sciences’ M. Sc.
Degree program on Security Management. The module content is of 2012, the descriptions have been
translated to English early 2014.
Students can choose a profile amongst a number of offerings. Part of the content consists of
compulsory optional modules that the program management selects every term. You can find a number
of descriptions for compulsory optional modules as examples at the end of this publication.
Module overview
Term Module ∑ Modules
∑ CP/ Term
1
Principles of Security
Management (6CP)
Principles of Secure
Communication Technology
(3CP)
Principles of Forensices and
Auditing (3CP)
Principles of ICT Infrastructure
Security (6CP)
Law, Compliance and Data Protection
(6CP)
Term Thesis 1
(3CP)
Compulsory Optional
Module 1 (3CP)
7 30
2
Security and Crisis
Management in International
Contexts (6CP)
Physical Security
(3CP)
Secure System Lifecycle
Management (6CP)
Secure IT-Services and
Business Processes
(3CP)
Corporate Governance
(3CP)
Term Thesis 2
(3CP)
Project (6CP) 7 30
3
Compulsory Optional Module 2 (3CP) Compulsory Optional Module 3 (3CP) 2 6
Master Thesis incl. Colloquium (21CP), Master Seminar (3CP) 24
90
Subject Area
Security Management
IT Security
Mathematical and Technical Principles
Law and Business Management
Compulsory Optional Modules
Seite 5/42 Catalogue of Modules M. Sc. Security Management February 2014
2 Modules of the first term
2.1 Principles of Security Management
Brief module label: SM_Ma_GrundlagenSecurityManagement
Module description: Principles of Security Management
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SM Ma, 1st term, required module
Usability of the module: The module is also offered as a compulsory lecture for the Master’s course in Information Systems. The module can also be offered for Master‘s course in Informatics.
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Sachar Paulus
Language of instruction: German
Prerequisites: None
ECTS-Credits: 6
Total workload and ist composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours Exercise: 15 hours Practical application based on case studies: 30 hours
Study and examination achievements:
Homework (50%), Presentation (50%).
Weighting of the grade in the overall grade:
2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade
Learning outcomes:
The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: • Preparation of security investigations • Conducting risk evaluations • Analysis of conditions of security and the significance of
counter measures • Development of understanding the importance of security
in the process of decision making by entrepreneurs • Assessment of security organisations in enterprises • Implementing exemplary security processes with the use
of IT tools • Designing security measures and successfully presenting
the same to a committee of decision makers In addition, the students are expected to achieve the following results of learning: • Establish a security organisation in an enterprise • Prepare a skill profile for an individual in charge of
Seite 6/42 Catalogue of Modules M. Sc. Security Management February 2014
security • Integrate IT and non IT security relevant aspects • Introduce a security management system in an
organisation • Prepare a strategy for a section of IT, information or
corporate security
Contents:
Primary aspects of corporate security: • Security Governance and Security Management System • Security Organisation • Security Policy • Risk management • Analyzing security • Security processes • Norms and standards for information security • Return-on-Security-Investment calculations • Crisis management • Business Continuity Management Additionally: Selected specific areas of the IT and corporate security
Teaching and learning methods: Interactive combination of lectures, preparations and presentation of contents, demonstration of concepts, practical tasks for groups, preparation of own content and role play.
Literature:
• Security Management 2011: Manual of information security, IT security, security of locations, White-collar criminality and Management liability by Guido Birkner, 2011.
• Handbuch Unternehmenssicherheit [Manual of Corporate Security]: Comprehensive security, continuity and risk management with system by Klaus-Rainer Müller, 2010.
• Unternehmenssicherheit [Corporate Security] by Stephan Gundel, and Lars Mülli, 2009.
• Security Risk Management Body of Knowledge by Julian Talbot, Miles Jakeman, Wiley 2009.
Additional information:
Seite 7/42 Catalogue of Modules M. Sc. Security Management February 2014
2.2 Law, Compliance and Data Protection
Brief module label: SM_Ma_RechtComplianceDatenschutz
Module description: Law, Compliance and Data Protection
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Michaela Schröter, Dipl. iur. Raoul Kirmes M.Sc., CISA, QMA
Language of instruction: German
Prerequisites:
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
Lecture: 60 hours
Study and examination achievements: Study assignments (30%), Written examination (70%).
Weighting of the grade in the overall grade:
2/3 of the subject grade; 8.33% of all subject grades; 2.916% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Identification of relevant legal position of important activities
concerned with security in organisations • Application of national, European and international
legislations in order to meet the compliance specifications for companies
• Enabling critical discussion with legal target conflicts and for submitting an appropriate evaluation of the risk situation for companies as those affected by regulations
Contents:
1. Introduction to juristic methodology 2. European and international security law 3. Introduction to the WTO law (focus on international law on
product safety) 4. System of fundamental freedom and national security
interests 5. Technical trade restrictions in security law 6. Compliance in the international context 7. International, European and national accreditation law 8. Principles of contractual liability (§§280 BGB)
Seite 8/42 Catalogue of Modules M. Sc. Security Management February 2014
9. Principles of tortious liability (§§823ff BGB, ProdHaftG) 10. Law governing the private security trade 11. Overview of the German law governing weapons 12. Main features of law of criminal proceedings 13. Electronic legal relations (eCommerce/Signature law) 14. International emoluments and principles of law governing
data security
Teaching and learning methods: Lecture
Literature:
- Harald Jele, Wissenschaftliches Arbeiten: Zitieren [Scientific Working Methods: Quoting], Kohlhammer, 3rd ed., 2012 - Calliess/Ruffert, EUV/AEUV 4th ed. 2011. - Röhl, Akkreditierung und Zertifizierung im Produktsicherheitsrecht [Accreditation and Certification in Law Governing Product Safety], Springer Verlag 2000. - Ensthaler, Zertifizierung und Akkreditierung technischer Produkte [Certification and Accreditation of Technical Products], Springer Verlag 2007. - Martin Schulte, Handbuch des Technikrechts [Manual of Law Governing Technology], 2nd ed. Springer Verlag, 2010. -Abbott/ Kirchner/ et.al., International Standards and the Law, Stämpfli Verlag AG, 2005. - Kurt Schellhammer, Schuldrecht nach Anspruchsgrundlagen [Law of Obligations According to Principles of Claims], 8th ed., 2011. - Martin Kutscha, Handbuch zum Recht der Inneren Sicherheit [Manual of Law Governing Internal Security], 2nd ed., BWV Verlag, 2006. -Rolf Stober, Sven Eisenmenger, Besonderes Wirtschaftsverwaltungsrecht [Special Business Administration Law], 15th ed., Verlag Kohlhammer, 2011 - Knemeyer: Polizei- und Ordnungsrecht [Police and Law Governing Public Order], Beck, 2007 - Busche: Waffenrecht 2012 [Weapons law 2012], Kiel 2012 - Hoeren: Internet- und Kommunikationsrecht [Internet and communication law], Otto Schmidt Cologne 2012 - Schade: Arbeitsrecht [Labour law], Kohlhammer 2010 - Martin T. Biegelman, Building World-Class Compliance Program: Best Practices and Strategies for Success, John Wiley & Sons; 2008. - Acquisti/ Gritzalis/Lambrinoudakis, Digital Privacy: Theory, Technologies, and Practices, Auerbach Pubn, 2007 - Sanjay Anand, Essentials of Sarbanes-Oxley, John Wiley & Sons, 2007. - CCH Incorporated, SEC Compliance and Disclosure Interpretations, Harcourt Professional Publishing, 2009. - Reyes, Carla, WTO-compliant Protection of Fundamental Rights: Lessons from the EU 'Privacy Directive, Melbourne Journal of International Law, Vol. 12, No. 1, Jun 2011: 141-176. - Spiros Simitis, Bundesdatenschutzgesetz [Federal Law Governing Data Security], Nomos, 7th ed., 2011. - Current legal texts
Additional information: Assignments for thorough reading
Seite 9/42 Catalogue of Modules M. Sc. Security Management February 2014
2.3 Principles of ICT Infrastructure Security
Brief module label: SM_Ma_IKT-Infrastruktursicherheit
Module description: Principles of ICT Infrastructure Security
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Eberhard von Faber
Lecturer: Prof. Dr. Eberhard von Faber, Dipl. Ing. Dietmar Hausmann
Language of instruction: German
Prerequisites:
Importance of IT security and its role in practice; technical and physical basic knowledge; knowledge of the basics of Internet networks, Operating Systems and cryptography-based techniques
ECTS-Credits: 6
Total workload and its composition: 180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
lectures in the range of at least 30 hours and exercises up to 30 hours
Study and examination achievements:
Written examination or oral examination including 20% of the result of project work
Weighting of the grade in the overall grade:
1/2 of the subject grade 5% of all subject grades 1.75% of the final grade
Learning outcomes:
• Familiarization with the threats and challenges in networks, including important counter measures in the form of protocols and various security solutions
• Familiarization with the functioning of these solutions, understanding of their use, operation and interaction; ability to integrate and deploy independently some of these solutions; familiarization with supplementing measures and solutions
• Development of the ability to integrate the required solutions adequately into various ITC infrastructures and usage scenarios; familiarization with service models including Cloud Computing and its implications
• Development of ability to analyse requirements and industrial practical factors and to integrate solutions based on the practical example of an industrial solution
• Familiarization with security modules and embedded systems as core components for distributed systems; properties, challenges and use; principles of usage and on
Seite 10/42 Catalogue of Modules M. Sc. Security Management February 2014
the security of smart cards • Details of PKI as infrastructure for secure communication,
including testing schemes as international infrastructure for the risk management based on the example of payment systems
Contents:
• Extended principles of Internet networks (TCP/IP Protocol, ISO/OSI, Routing, active components, cryptography)
• Dangers in the use of IT, categories of threats, weak points and hazards
• Security management, security audits with tools, network monitoring and network logging
• Attacks and counter measures • Cryptography applications (encrypted communication, VPN
protocols, certificates) • Web Server Security, Email security • In depth study and practical application of project topics on
Firewalls, Honeypots and Intrusion Detection Systems, WLAN security and VPN
• Integration of various solutions in the ITC network: business processes vs. ITC; Usage scenarios vs. ITC; service models and Cloud Computing: division of labour, service models, security management
• Learning situation of a special industry application: requirements and solutions; Practical factors and their outcome, result and practice in industry
• Components for distributed systems and mobility: Embedded Systems; Properties, challenges and solutions; Internet of things; Life Cycle; Device Management and Security Design; Practical seminar: application, technology of the chip cards and practical attacks
• PKI: an infrastructure for secure communication (visible or invisible; function, realization, practice)
• Assurance: an infrastructure for “Trust” and “Security” in a (global) division of labour in industrial value-added chains
Teaching and learning methods: Combination of lectures, exercises based on one’s own computer and lab exercises; lectures deploying different media; tasks and exercise examples; control questions/revision course
Literature:
[1] Cisco Networking Academy: CCNA Exploration Companion Guide, Vol. 1-4, Cisco Press, 2008 [2] Alexander Michael: Netzwerke und Netzwerksicherheit - Das Lehrbuch [Networks and Network Security – the text book], Hüthing publishers, 2006. [3] Plötner Johannes, Wendzel Steffen: Praxishandbuch Netzwerk-Sicherheit [Practical Manual of Network Security], Galileo Computing, 2007. [4] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons [5] Common Criteria for Information Technology Security Evaluation; www.commoncriteriaportal.org or ISO 15408 [6] Rankl, Wolfgang and Wolfgang Effing: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards; [Manual of Chip Cards, Structure, Functioning, Usage of Smart
Seite 11/42 Catalogue of Modules M. Sc. Security Management February 2014
Cards] by Hanser technical publishers Other reference works on special project topics (VPN, IPSec, IPv6, IDS, WLAN, Attacks, and many more) Scripts and other teaching materials will be distributed directly to the students during the lecture, or made available on the learning platform of the university.
Additional information:
Seite 12/42 Catalogue of Modules M. Sc. Security Management February 2014
2.4 Principles of Secure Communication Technology
Brief module label: SM_Ma_SichereKommunikation
Module description: Principles of Secure Communication Technology
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Eberhard von Faber, Prof. Dr. Michael Syriakow
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition: 90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours
Study and examination achievements:
Written examination
Weighting of the grade in the overall grade:
1/4 of subject grade 2.5 % of all subject grades 0.875 % of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Comprehension of the fundamentals and conditions of
secure communication • Thinking out communication scenarios • Comprehension of the cryptographic principles • Evaluation and selection of management tasks around
electronic communication
Contents:
• Logical vs. physical security • Basic concepts of cryptography (symmetrical vs.
asymmetrical methods, encryption, signature, certificates, PKI, RSA, DSA, AES, DES, Hash functions)
• Security modules • Embedded Systems • Devices and key management • Chip cards, incl. management and personalization • Hardware-oriented attacks
Teaching and learning methods: Lecture and exercises in small groups.
Literature: [1] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons, Inc.; 2001
Seite 13/42 Catalogue of Modules M. Sc. Security Management February 2014
[2] FIPS PUB 140-2, Security Requirements for Cryptographic Modules; National Institute of Standards and Technology; 2002; http://csrc.nist.gov/cryptval/ [3] Common Criteria for Information Technology Security Evaluation (also ISO15408), Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements http://www.bsi.de/cc/index.htm or http://www.commoncriteriaportal.org (and: CEM) [4] BSI-PP-0002, Smartcard Integrated Circuit Platform Protection Profile; Version 1.0, July 2001 (E. von Faber main technical editor); Smartcard Integrated Circuit Augmentations; Version 1.0, March 2002; http://www.bsi.bund.de/cc/pplist/pplist.htm [5] Rankl, Wolfgang and Effing, Wolfgang: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards [Manual of Chip Cards, Structure, Functioning, Use of Smart Cards]; published by Hanser Fachbuchverlag, 2002 Beutelspacher, Kryptologie [Cryptology], Vieweg, 2005 C. A. Deavours – L. Kruh, Machine Cryptography and Modern Cryptanalysis, Artech House Publishers, 1985 D. E. Knuth, The Art of Computer Programming 2, Seminumerical Algorithms, Addison-Wesley, 1998 A. J. Menezes - P. van Oorschoot - S. Vanstone, Handbook of Applied Cryptography, CRC, 1996 B. Schneier, Angewandte Kryptographie [Applied Cryptography], Pearson Studium, 2005 A. Sinkov, Elementary Cryptanalysis, The Mathematical Association of America, 1998 M. Welschenbach, Cryptography in C and C++, Apress, 2005 J. Bamford, Body of Secret: Anatomy of the Ultra-Secret National Security Agency, Anchor, Reprint Edition, 2002
Additional information: Use of the E-Learning Program CrypTool http://www.cryptool.de/
Seite 14/42 Catalogue of Modules M. Sc. Security Management February 2014
2.5 Principles of forensics and auditing
Brief module label: SM_Ma_ForensikAuditing
Module description: Principles of forensics and auditing
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Igor Podebrad
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition: 90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours
Study and examination achievements:
Written examination
Weighting of the grade in the overall grade:
1/4 of the subject grade 2.5% of all subject grades 0.875% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
• Organisation of IT forensic analyses and IT audits • Operating IT systems while taking into account the
requirements of IT forensics and IT auditing • Development and implementation of IT forensics
related security guidelines • Evaluation of the usability of IT audit results for
forensics
Contents:
• Legal prerequisites for IT forensics • Principles of IT auditing • Organisation of IT forensic analyses
Teaching and learing methods: Lecture and exercises in small groups
Literature:
• IT-Forensik [IT Forensics] by Alexander Geschonnek, 2011
• The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics by John Sammons, 2012
Additional information:
Seite 15/42 Catalogue of Modules M. Sc. Security Management February 2014
2.6 Term Thesis 1
Brief module label: SM_Ma_Semesterarbeit1
Module description: Term Thesis 1
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Friedrich Holl and all other participating teaching faculty members
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours Seminar with preparation of presentation: 15 hours
Study and examination achievements:
Written assignments
Weighting of the grade in the overall grade:
1/2 of the subject grade 5% of all subject grades 1.75% of the final grade
Learning outcomes: Preparation of scientific papers with tutorial related to the topic of security
Contents:
• Methods of collection of data (statistics, interviews, primary/secondary sources)
• Source discussion: research, reading, evaluation • Creative techniques and self-organisation • Situation-related requirements for writing styles
(advertising, press releases, scientific papers etc.) • Preparation of an exposé • Methodical structure of scientific papers • Phases of scientific working methods • Material collection and research • Material evaluation and selection • Material and topic processing • Method of quoting
Teaching and learning methods: Lecture, discussion, presentation of own results.
Literature:
• DIN 1421 (Classification and Numbering System in texts) • Eco, U. (2005) • Wie man eine wissenschaftliche Abschlussarbeit schreibt
Seite 16/42 Catalogue of Modules M. Sc. Security Management February 2014
- Doktor-, Diplom- und Magisterarbeit in den Geistes- und Sozialwissenschaften [How to Compile Final Thesis for Doctorate, Graduate and Postgraduate Studies in Humanity and Social Science Studies], Müller, Heidelberg,
• Theisen, Manuel R.: Scientific Papers – Technique & Methodology, Form, 2000.
• Peterssen, Wilhelm H.: Scientific Papers - An Introduction for School and Studies, 1999.
Additional information:
Seite 17/42 Catalogue of Modules M. Sc. Security Management February 2014
3 Second term
3.1 Security and Crisis Management in international Contexts
Brief module label: SM_Ma_SecurityKrisenManagementInternational
Module description: Security and Crisis Management in international Contexts
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SM Ma, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Sachar Paulus
Language of instruction: German, partly English (10%)
Prerequisites: None
ECTS-Credits: 6
Total workload and its composition:
180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours Exercise: 15 hours Practical application based on case studies: 15 hours
Study and examination achievements:
Written examination or oral examination
Weighting of the grade in the overall grade:
2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade
Learning outcomes:
The objective is to enable the students to acquire knowledge and skills in the following aspects of learning: Analysis of security systems in the international context while taking into account the cultural, political and geographical conditions Management of security organisation in international corporations Preparation of security measures during travel or delegation of employees to foreign countries Introduction of a crisis management system Reaction in international crisis situations Controlling the global crisis communication Influencing the public perception of security topics
Contents:
Security management in global organisations Travel Security Security during delegation of employees Crisis management in the international context Communication during crises: principles and procedures for communication during crisis situations Internal and external crisis communication Message House
Seite 18/42 Catalogue of Modules M. Sc. Security Management February 2014
Handling media during crisis situations Public image of security Campaigns for security topics
Teaching and learning methods:
Interactive combination of lecture, preparation and presentation of content, demonstration of concepts, practical tasks for groups, preparation of own content and role play.
Literature:
Notfall- und Krisenmanagement im Unternehmen [Emergency and Crisis Management in Companies] by Axel Bédé, 2009. Unternehmenskrisen und Krisenmanagement [Corporate Crises and Crisis Management] by Ronny Scharschmidt, 2009. Führen in Krisensituationen [Managing during Crisis Situations] by Markus Klaus, 2008. Global Threat: Target-Centered Assessment and Management by Robert Mandel, 2008. Security Risk Management Body of Knowledge by Julian Talbot and Miles Jakeman, 2009.
Additional information:
Seite 19/42 Catalogue of Modules M. Sc. Security Management February 2014
3.2 Physical Security
Brief module label: SM_Ma_PhysischeSicherheit
Module description: Physical Security
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SM Ma, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Ralph Wölpert, Thorsten Weller, Ralf Dahmer, Thomas Koch
Language of instruction: German
Prerequisites: None
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours
Study and examination achievements:
Written examination or oral examination
Weighting of the grade in the overall grade:
1/5 of the subject grade 6.75% of all subject grades 2.3625% of the final grade
Learning outcomes:
The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: • Knowing the methods of protection and safety
engineering • Analysis of the possibilities of use and effectiveness of
protective mechanisms against elementary damage, mechanical safety installations, hazard alert systems and surveillance systems
• Planning of a security system network • Evaluation of solutions available in the market • Appraisal of the legal aspects for the deployment of
individual security mechanisms
Contents:
• Fundamentals of building safety • Terminology and overview of areas of tasks and
available options • Engineering principles • Physical attacks and their effect • Elementary damage • Attackers, their aims and methods of attack • Weapons and their effect
Seite 20/42 Catalogue of Modules M. Sc. Security Management February 2014
• Radiation of electronic devices • Mechanical safety systems and access control • Locks, locking systems and their security • Securing doors, windows and fences against attacks • Secure storage and data cabinets • Engineering and legal regulations and directives • Hazard alert systems • Fundamentals • Burglary alarm systems • Attack alert systems • Installation failure alert systems • Fire alarm and fire fighting systems • Engineering and legal regulations and directives • Surveillance systems • Technical possibilities • Open and hidden monitoring • Engineering and legal regulations and directives • Emergency planning and operational safety • Consequential damage analysis • Handling untoward incidents
Teaching and learning methods: Lecture
Literature:
Physical Security Systems Handbook by Michael Kairallah, 2005. Current Journals and Magazines covering the topic: kes, Der Sicherheitsberater [The Safety Advisor], S&I.
Additional information:
Seite 21/42 Catalogue of Modules M. Sc. Security Management February 2014
3.3 Corporate Governance
Brief module label: SM_Ma_Unternehmensführung
Module description: Corporate Governance
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Robert Franz, Prof. Dr. Friedrich Holl, Prof. Dr. Sachar Paulus
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours Processing case studies: 15 hours
Study and examination achievements:
Oral examination
Weighting of the grade in the overall grade:
1/3 of the subject grade 4.17% of all subject grades 1.46% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Knowing the principles of successful corporate
governance • Influencing the corporate leaders for observing the
security aspects and for constructive handling of crisis situations
• Derivation of a security strategy and security goals out of the corporate strategy
• Development of a strategy to strengthen the ethical aspects of corporate governance
• Resolution of conflicts
Contents:
• Functions of corporate governance (development of corporate goals, principles, culture; Formulation of strategies; Human Resources and Negotiations Management; international aspects in the global competition)
• Integration of security goals with the corporate strategy • Ethical aspects of corporate governance (anti-corruption
strategies, Code of Conduct etc.)
Seite 22/42 Catalogue of Modules M. Sc. Security Management February 2014
• Conflict management (conflict diagnosis, typology of conflicts, escalations, strategies for conflict handling)
Teaching and learning methods: Lecture, processing case studies in small groups, presentation of practice examples, role plays.
Literature:
• K. Macharzina: Unternehmensführung [Corporate Governance]
• T. Hutzschenreuther: Krisenmanagement [Crisis Management]
• F. Glasl: Konfliktmanagement [Conflict Management] • B. Stackpole, E. Osendahl: Security Strategy: From
Requirements to Reality.
Additional information:
Seite 23/42 Catalogue of Modules M. Sc. Security Management February 2014
3.4 Secure Systems Lifecycle Management
Brief module label: SM_Ma_SecureSystems
Module description: Secure Systems Lifecycle Management
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 2nd term, required module
Usability of the module: The module can also be offered as WPF for WI [Business Informatics] and Informatics Master courses.
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Sachar Paulus
Language of instruction: 80% German, 20% English
Prerequisites:
Initial experience in programming web applications for an exemplary scenario. Normally, this should be ensured by studies completed until this point of time. Alternatively: self-study, for example, based on PHP 5.3: Program Dynamic Websites Professionally by Christian Wenz and Tobias Hauser (December 2009)
ECTS-Credits: 6
Total workload and its composition:
180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours Exercise: 30 hours
Study and examination achievements:
Development of a secure web application (30%); Documentation of a secure development cycle for a software application (40%); Carrying out and presentation of a security investigation for another web application (30%).
Weighting of the grade in the overall grade:
2/3 of the subject grade 15% of all subject grades 5.25% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Knowing and application of Best Practices taught during
the development of IT based systems for secure software
• Development of acceptance criteria for non-functional security requirements
• Carrying out threat models • Avoidance of weak points during the development • Carrying out security checks • Secure installation and operation of software • Establishment of a Security Response Program • Analysis of existing software for security-related weak
points
Seite 24/42 Catalogue of Modules M. Sc. Security Management February 2014
• Development and implementation of a protective program for software during the system development
• Establishment of a Management System for security in the development process, and integration of such Management System into a possibly available quality process
• Carrying out security analyses (“Hacking”) • Presentation of investigation results
Contents:
Basic principles of secure software development: • Security requirements • Safe designing and threat models • Architecture analyses • Secure coding • Security checks • Secure systems • Security Response • Protection of own software against manipulation and
know-how theft
Teaching and learning methods:
Interactive combination of lecture, exercises on own computer, lab exercises, preparation and presentation of content, demonstration of concepts, practical tasks in groups.
Literature:
Basiswissen sichere Software [Basics of secure software] by Sachar Paulus, dpunkt 2011. Software-Qualität, Testen, Analysieren und Verifizieren von Software [Software Quality, Testing, Analysis and Verification of Software] by Peter Liggesmeyer, Spektrum Akademischer Verlag, 2002. Writing Secure Code by Michael Howard & David LeBlanc, 2003 www.owasp.org
Additional information:
Seite 25/42 Catalogue of Modules M. Sc. Security Management February 2014
3.5 Secure IT Services and Business Processes
Brief module label: SM_Ma_SichereITDienste
Module description: Secure IT Services and Business Processes
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SM Ma, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Eberhard von Faber
Lecturer: Dr. Eberhard von Faber
Language of instruction: German
Prerequisites:
Basic knowledge of business processes and corporate governance; Knowledge of Information and Communications Technology: Applications, Systems and Networks, including the underlying technology.
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
15 hours: lecture utilizing various media, project assignments for practice, in depth study and self checks, including control questions/revision course
Study and examination achievements:
Written examination or oral examination
Weighting of the grade in the overall grade:
1/3 of the subject grade 7.5% of all subject grades 2.625% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Understanding of technologies and organisation of
modern (industrial) ITC production, and especially the incidental security questions
• Usage and integration of IT services in business processes; assessment of security requirements, evaluation and selection of IT services
• Successful implementation of Identity and Access Management (IAM): understanding of basic terminology, architectures and technologies; planning and implementation in companies and in complex value-added chains
Contents:
1. Fundamentals of ITC production; ITC architectures and infrastructure elements; Security aspects; Management of solutions for the system and network security; processes and organisation; Tasks ranging from weak point management to Disaster Recovery
Seite 26/42 Catalogue of Modules M. Sc. Security Management February 2014
2. User and Producer: IT services; Security requirements, evaluation, selection and integration; Security and risk management in “outsourcing”, basic problems and “sourcing” models
3. Enterprise Security Architecture: ICT Production, Service Design, Transition, Service Delivery Management, Security Management, GRC
4. Basic terminology IAM (from Identification to Accounting),
5. Authentication: Types, methods, technologies; problems and solutions; Architectures and distributed systems (e.g. LDAP, RADIUS, Kerberos, ESSO, Single Sign-On, Federation),
6. Authorization: Services and limitations; Strategies (DAC, MAC, RBAC, IF); Realization (Groups, Roles, ACL, Capabilities); Alternatives; Trends and Outlook including DRM,
7. Identity Management: Administrative tasks, Registration, Workflows, Enrolment; Credential Management, User Self-Service, UHD etc.
8. Accounting; Analytics; Attestation; Intelligence, SOD 9. IAM-Architectures (the whole picture); Infrastructures 10. Erection and implementation of IAM programs in large
enterprises
Teaching and learning methods: Lecture utilizing various media, project assignments for practice, in depth study and self checks, including control questions/revision course
Literature:
[1] Alexander Tsolkas and Klaus Schmidt: Rollen und Berechtigungskonzepte, Ansätze für das Identity- und Access Management im Unternehmen [Roles and Authorization Concepts, Approaches for the Identity and Access Management in the Company]; August 2010, Vieweg+Teubner [2] Martin Kappes: Netzwerk- und Datensicherheit, Eine praktische Einführung [Network and Data Security, A Practical Introduction]; Vieweg+Teubner [3] Hans-Peter Königs: IT-Risiko-Management mit System, Von den Grundlagen bis zur Realisierung. Ein praxisorientierter Leitfaden [IT Risk Management with System, From the Basics to Realization. A Practice-oriented Guide], Vieweg [4] Claudia Eckert: IT Security, Concepts - Methods – Protocols [5|: J. R. Winkler: Securing the Cloud: Cloud Computer Security Techniques and Tactics, Syngress. [6] Current Journals and Magazines on the topic: kes, Der Sicherheitsberater [The Security Advisor], S&I.
Additional information:
Seite 27/42 Catalogue of Modules M. Sc. Security Management February 2014
3.6 Project
Brief module label: SM_Ma_Projekt
Module description: Project
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Friedrich Holl and all other participating teaching faculty members
Language of instruction: German
Prerequisites:
ECTS-Credits: 6
Total workload and its composition:
180 hours = 60 hours of attendance and 120 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours Practical work: 45 hours + self-study time
Study and examination achievements:
Project report (50%) Presentation (50%)
Weighting of the grade in the overall grade:
2/5 of the subject grade 9% of all subject grades 3.15% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Conducting security projects • Planning a security-related project while following all
requirements of security • Application of project management methodologies
Contents:
Problem identification: -‐ Systematic preparation of the “State of the Art”
technology -‐ Integration into the available practical context -‐ Basic conditions of deployment -‐ Use of different techniques of analysis such as interview
method, questionnaire Delphi method, preparation of the context concerning documents and so on.
Development of expected concepts: -‐ Systematically founded development of a practice-
oriented approach to solutions -‐ Use of creative methods -‐ Cost-benefit analyses -‐ Development of basic conditions for deployment Prototypical implementation
Seite 28/42 Catalogue of Modules M. Sc. Security Management February 2014
-‐ the prototypical implementation is carried out by developing a software prototype
-‐ implementation in an enterprise/organisation or e.g. development of an application for R&D sponsorship
Teaching and learning methods: Lecture, practical work in groups comprising maximum 7 participants, presentation of own results.
Literature: A Guide to the Project Management Body of Knowledge, PMI, 2008
Additional information: For this course, the candidate’s willingness to undertake practical work with cooperating partners is a prerequisite.
Seite 29/42 Catalogue of Modules M. Sc. Security Management February 2014
3.7 Term Thesis 2
Brief module label: SM_Ma_Semesterarbeit2
Module description: Term Thesis 2
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 2nd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: Prof. Dr. Friedrich Holl and all other participating faculty members
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours Seminar including topic presentation: 15 hours
Study and examination achievements:
Writing assignment
Weighting of the grade in the overall grade:
1/2 of the subject grade 5% of all subject grades 1.75% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Preparation of independent scientific paper on the topic of security
Contents:
Source discussion: research, reading, evaluation Covering all relevant topics Logical coherence and consistency Formulate complex coherences comprehensibly Present own findings
Teaching and learning methods: Lecture, discussion, presentation of own findings.
Literature:
DIN 1421 (Classification and Numbering System in Texts) Eco, U. (2005) Wie man eine wissenschaftliche Abschlussarbeit schreibt - Doktor-, Diplom- und Magisterarbeit in den Geistes- und Sozialwissenschaften [How to Compile Final Thesis for Doctorate, Graduate and Postgraduate Studies in Humanity and Social Science Studies], Müller, Heidelberg, Theisen, Manuel R.: Scientific Papers – Technique & Methodology, Form, 2000. Peterßen, Wilhelm H.: Wissenschaftliche(s) Arbeiten - Eine Einführung für Schule und Studium [Scientific Papers – An Introduction to Schools and Studies], 1999.
Seite 30/42 Catalogue of Modules M. Sc. Security Management February 2014
Additional information: Ideally, the student should prepare his own scientific publication during this course.
Seite 31/42 Catalogue of Modules M. Sc. Security Management February 2014
4 Third Term
4.1 Master’s Thesis incl. Master’s Seminar
Brief module label: SM_Ma_Masterarbeit
Module description: Master’s Thesis incl. Master’s Seminar
Division in teaching sessions, if applicable:
Master’s seminar is offered simultaneously, where state of work done is appraised without grading.
Duration of module: One term
Classification in the curriculum: SecMan Master, 3rd term, required module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Prof. Dr. Sachar Paulus
Lecturer: All faculty members of the university teaching in the course
Language of instruction: German / English (as per student’s option).
Prerequisites:
Only candidates may register themselves for Master’s Thesis, who have successfully completed all examinations and course achievements expected to be completed until incl. the 2nd term.
ECTS-Credits: 24
Total workload and its composition:
690 hours of self-study, 30 hours of attendance (Master’s seminar)
Form of teaching/term hours per week:
Self-study.
Study and examination achievements:
Master’s Thesis (75%) Colloquium (25%)
Weighting of the grade in the overall grade:
30% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: • Preparation of a scientific paper under the guidance
with own creative and/or constructive portions of the topic “Security Management” within a period of 4 months
Contents: The Master’s Thesis is intended as related preoccupation with an extensive topic and the resulting solution for a theoretical or practical problem.
Teaching and learning methods: Self-study.
Literature:
• Booth, W. C. et a. (1995). The draft of research. Chicago London
• Brown, S. R. et al. (1990) Experimental Design and Analysis. London
• Cialdini, R. B. (2001). Influence, Science and Practice. Bosten, M.A.
• Hussley, J., Hussley, R. (1997). Business Research. A practical guide for undergraduate and postgraduate
Seite 32/42 Catalogue of Modules M. Sc. Security Management February 2014
students • Karmasin, M. et al. (1999). Die Gestaltung
wissenschaftlicher Arbeiten: ein Leitfaden für Haus-, Seminar- und Diplomarbeiten sowie Dissertationen [The Designing of Scientific Papers: A Guide for Homework, Seminar and Graduation Papers and Dissertations]. Vienna
• Pyrczak, S. et. Al. (1998). Writing empirical Research Reports. Los Angeles. C.A.
• Seale, C. (1999). The quality of quantitative research. London
• Trachim, W. M. K. (2000). The Research Knowledge Base. Cincinatti. Ohio
Additional information:
Seite 33/42 Catalogue of Modules M. Sc. Security Management February 2014
5 Examples for Compulsory Optional Modules
5.1 ITIL - Information Technology Infrastructure Library
Brief module label: SM_Ma_ITIL
Module description: ITIL - Information Technology Infrastructure Library
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st / 2nd /3rd terms, elective module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Thekla Ludwig
Lecturer: Timothy Ross
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 30 hours
Study and examination achievements:
Homework (100%)
Weighting of the grade in the overall grade:
1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
- Application of the ITIL model - Evaluation of company/security processes in
regard to the implementation of the ITIL model
Seite 34/42 Catalogue of Modules M. Sc. Security Management February 2014
Contents:
The students are introduced to ITIL (IT Infrastructure Library “v3“) and IT Service Management, comprising:
- ITIL model
- 5 Phases of the ITIL lifecycle (Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement) and their individual processes.
Supplementing the theoretical introduction, various practical scenarios are presented and practically developed. Different situations of ITIL introductions are presented and the significance of ITIL is highlighted through examples. Individual topics are studied in depth through presentations. In addition to this, the option is offered to acquire an official “ITIL Foundation” certificate.
Teaching and learning methods: Lecture with projector, Flipchart, Whiteboard, exercises (in groups and plenary sessions, presentations.
Literature:
- Jan van Bon, et al., Foundations in IT Service Management based on ITIL v3, Van Haren Publishing, Zaltbommel 2008
- Jan van Bon, et al., Foundations in IT Service Management based on ITIL, Zaltbommel 2006
- David Cannon, et al., ITIL Service Strategy 2011 Edition, TSO, London, 2011
- Lou Hunnebeck, et al., ITIL Service Design 2011 Edition, TSO, London, 2011
- Stuart Rance, et al., ITIL Service Transition 2011 Edition, TSO, London, 2011
- Randy Steinberg, et al. ITIL Service Operation 2011 Edition, TSO, London, 2011
- Vernon Lloyd, et al., ITIL Continual Service Improvement 2011 Edition, TSO, London, 2011
Additional information:
Seite 35/42 Catalogue of Modules M. Sc. Security Management February 2014
5.2 Know-how Protection
Brief module label: SM_Ma_Know-HowSchutz
Module description: Know-how Protection
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st / 2nd / 3rd terms, elective module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Thekla Ludwig
Lecturer: Peter Mnich and Dr. Jörg Treffke
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 15 hours
Study and examination achievements:
Oral examination
Weighting of the grade in the overall grade:
1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
- Evaluation of corporate risks in regard to the Know-how protection
Contents14:
The students learn about contents related to: - the explanation of protection of know-how and products
- definitions and differentiation of information outflow and espionage - current position of espionage worldwide
- risks for German enterprises - offenders, offender models and their modus operandi - protective measures, processes and current spheres of activity in the domain of Know-how Protection
Seite 36/42 Catalogue of Modules M. Sc. Security Management February 2014
Teaching and learning methods: Lecture, exercises in small groups.
Literature:
- Lindemann U. et al.: Know-How-Schutz im Wettbewerb: Gegen Produktpiraterie und unerwünschten Wissenstransfer [Know-how Protection in the World of Competition: Against Product Piracy and undesired Transfer of Knowledge], Springer Berlin Heidelberg, 2012
- Kochmann, K.: Schutz des „Know-How“ gegen ausspähende Produktanalysen [Protection of ”know-how” against spying product analyses], De Gruyter, 2009
- Abele, E. at all.: Schutz vor Produktpiraterie: Ein Handbuch für den Maschinen- und Anlagenbau [Protection against Proct Piracy: a Manual for Construction of Machines and Installations], Springer Berlin Heidelberg, 2011
- Kahle/Merkel: Fall- und Schadensanalyse bzg. Know-how-/Informationsverlusten in Baden-Württemberg ab 1995 [Case and Damage Analysis reg. Know-how/Information losses in the State of Baden-Würtemberg from 1995], Uni Lüneburg, 2004
- Wurzer/Kaiser: Praxishandbuch Internationaler Know-how-Schutz [Practical manual for international Know-how Protection], Bundesanzeiger Verlag, 2010
- Lux/Peske: Competitive Intelligence und Wirtschaftsspionage [Competitive Intelligence and Industrial espionage], Gabler Verlag, 2002
- Michaeli, Competitive Intelligence, Springer Verlag, 2004
- Schaaf, Industriespionage [Industrial espionage], Boorberg, 2009
- Fussan: Managementmaßnahmen gegen Produktpiraterie und Industriespionage [Management measures against product piracy and industrial espionage], Gabler Verlag, 2010
- Fink, Lauschziel Wirtschaft [Business world, the target of bugging], Boorberg, 1996
- Kenan, Vertrag versus Vertrauen [Contract vs. Trust], VDM, 2008
- Liman: Bewertung des irregulären Verlustes von Know-how [Assessment of irregular loss of know-how], Wirtschaftsverlag Bachem, 1999
- Westermann: Handbuch Know-how-Schutz [Manual of Know-how Protection], Verlag C.H. Beck, 2007
- http://www.sicherheitsforum-bw.de/ - http://www.verfassungsschutz.de/ - http://www.verfassungsschutz-bw.de - http://www.verfassungsschutz.bayern.de/
Additional information:
Seite 37/42 Catalogue of Modules M. Sc. Security Management February 2014
5.3 Technical Aspects of the IT Forensics
Brief module label: SM_Ma_IT-Forensik
Module description: Technical Aspects of IT Forensics
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st / 2nd / 3rd terms, elective module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Thekla Ludwig
Lecturer: Prof. Dr. Igor Podebrad
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 2 term hours per week
Study and examination achievements:
Homework (100%)
Weighting of the grade in the overall grade:
1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
- Analysis of data media, Operating Systems and networks
- Evaluation of data media and Operating Systems in regard to their forensic case-related information
Seite 38/42 Catalogue of Modules M. Sc. Security Management February 2014
Contents14:
The students will receive leaning content concerning: Data media analysis
- Overview of types of hard disks
- Overview of physical and logical distribution of a disk
- Overview of file systems and file administration
- Details of hard disk analysis (files and their properties, including the types of files)
- Details of FAT
Analysis of Operating Systems
- Server vs. Workstation
- Location of OS on the disk
- Process analysis
- Network connectivity
- Registry
- NTFS
- Details of Alternate Datastreams and Filetypes
- Windows artefacts
- Timelining
- Details of Registry
- Email analysis
Network analysis
- Fundamentals
- Protocols
- Details of analysis (anomalies, hidden communication, types of attacks)
Teaching and learning methods: Lecture, exercises in small groups.
Seite 39/42 Catalogue of Modules M. Sc. Security Management February 2014
Literature:
- Dewald, A. et al.: Forensische Informatik [Forensic Informatics], Books on Demand, 2011
- Geschoneck, A.: Computer-Forensik: Computerstraftaten erkennen, ermitteln, aufklären [Computer Forensics: Identifying, investigating, solving computer criminality], dpunkt.verlag, 2011
- Carrier, B.: File System Forensic Analysis, Addision-Wesley Professional, 2005
- Carvey, H.: Windows Forensic Analysis DVD Toolkit, Syngress, 2009
- Pogue, C.: UNIX and Linux Frensic Analysis DVD Toolkit, Syngress, 2008
Additional information:
Seite 40/42 Catalogue of Modules M. Sc. Security Management February 2014
5.4 Security Concepts of Nuclear Power Plants
Brief module label: SM_Ma_KonzepteSicherheitKernkraftwerken
Module description: Security Concepts of Nuclear Power Plants
Division in teaching sessions, if applicable:
Duration of module: One term
Classification in the curriculum: SecMan Master, 1st /2nd / 3rd terms, elective module
Usability of the module:
Frequency of offering of modules: Every academic year
Author: Thekla Ludwig
Lecturer:
Language of instruction: German
Prerequisites:
ECTS-Credits: 3
Total workload and its composition:
90 hours = 30 hours of attendance and 60 hours of self-study
Form of teaching/term hours per week:
Lecture: 2 term hours per week
Study and examination achievements:
Homework (100%)
Weighting of the grade in the overall grade:
1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade
Learning outcomes:
This course aims to enable the students to acquire knowledge and skills in the following aspects of learning:
- Application of the ITIL model
- Evaluation of corporate/security processes in regard to the implementation of the ITIL model
Seite 41/42 Catalogue of Modules M. Sc. Security Management February 2014
Contents14:
The students receive comprehensive information concerning the fundamentals and requirements of:
- Integrated management system (interaction between Man-Technology-Organisation (MTO concept))
- Aims of security (radiological and technical aims)
- Defence in Depth concept, independence of security levels
- Barrier concept
- Events and situations on security levels
- Installation internal emergency protection concept
- Protection against overlapping impacts
- Principles of proofs of safety (deterministic and probabilistic approaches)
- Classification concept
- Concept for practical exclusion of events
- Principles of layout
o Diversity principle – avoidance of CCF
o Individual error concept
o 30 minute concept
o Inherent safety, fail-safe principle
o Passive principles of operation
o Basic safety, leak-before-break concept
- Safety requirements for future nuclear power plants
Teaching and learning methods: Lecture, exercises in small groups.
Seite 42/42 Catalogue of Modules M. Sc. Security Management February 2014
Literature:
- Borlein, M.: Kerntechnik [Nuclear Technology], Vogel Business Media, 2011
- Smidt, D.: Reaktor-Sicherheitstechnik [Reactor Safety Technology], Springer-Verlag, Berlin, 1979
- IAEA: http://www-ns.iaea.org/standards/default.asp?s=11&l=90
- WENRA: http://www.wenra.org/extra/pod/?id=20&module_instance=1&action=pod_show
- KTA: http://www.kta-gs.de/
- GRS: http://www.grs.de/content/kerntechnisches-regelwerk
- Handbuch für Reaktorsicherheit und Strahlenschutz, http://www.bfs.de/de/bfs/recht/RSH
- BMU: Sicherheitskriterien für Kernkraftwerke, http://www.bmu.de/atomenergie_sicherheit/rechtsvorschriften_technische_regeln/doc/40327.php
Additional information: