| Module: | Case Studies in Information Security |
| Module number: | 30.2592 |
| Language: | english |
| Study programme: | Bachelor 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor dual KITS 2014 - Katalog ITS: IT-Sicherheit
Bachelor dual KoSI 2014 - Katalog I: Anwendungs- und systemorientierte Module
Bachelor KMI 2014 - Katalog I: Anwendungs- und systemorientierte Module |
| Type of course: | V+S = Lecture+Seminar |
| Weekly hours: | 2+1 |
| Credit Points: | 5 |
| Exam: | home work (66%) and presentation (34%) |
| Registering for exam | implicitly by booking |
| Frequency of offering: | each year (lastly in WS 2018/2019) |
| Required knowledge: | IT security on bachelor level |
| Learning objectives: | After this course the students
- have in-depth knowledge on common security risks and typical vulnerabilities of institutional IT systems;
- have good knowledge about well-known Information Security Management Systems and Standards (e.g., ISO 27000);
- are able to design and implement a security management system within a company;
- have a solid understanding of security awareness to enforce security processes within a company;
- can analyse and evaluate the security investment impact;
- can apply sample hacking techniques to penetrate a company network;
- are able to set up basic attack defence mechanisms
|
| Content: | - Identifying security-risks and analysing security aspects of companies on base of case studies:
- Information Security Management Systems (ISMS Family of Standards; ISO 27000-Series)
- Identity & Access Management
- Pros and Cons of Frameworks
- Further case studies on:
- Information Security awareness as a key-factor
- Calculating the utility of Information Security investments and strategies of convincing the board
- Hacking an organization and defence tactics against cybercrime
|
| Literature: | - Hodeghatta Rao, Umesh/Nayak, Umesha: The InfoSec Handbook: An Introduction to Information Security, Apress 2014
- Gardner, Bill/Thomas, Valerie: Building an Information Security Awareness Program, Syngress 2014
- Harkins, Malcolm: Managing Risk and Information Security: Protect to Enable, Apress 2013
- Erickson, Jon: Hacking: The Art of Exploitation: The Art of Exploitation, No Starch Press 2008
- Warren, Matthew: Case Studies in Information Warfare and Security for Researchers, Teachers and Students, ACPIL 2013
- Schneier, Bruce: Data and Goliath, The Hidden Battles to Collect Your Data and Control Your World, W. W. Norton & Company 2015
|
| Lecture style / Teaching aids: | Seminaristic lecture, script, case studies for the seminar |
| Responsibility: | Christoph Krauß |
| Released: | SS 2018 |