Information Security

Overview/Introduction

Digitized processes and digital business models are becoming increasingly important for companies in order to maintain or further expand competitive advantages. With the increasing use of information technology in companies, the demands on information security are rising. In order to guarantee the protection goals of confidentiality, integrity and availability, companies must create, implement and operate comprehensive security concepts. Such security concept always consists of technical, organisational and staff-related security measures. In particular, the users must not be neglected, as they have recently become the focus of attackers.

Having completed the specialisation Information Security, students have been taught solid knowledge in the area of information security in companies. Among others, this includes the following: an understanding for attack scenarios and their evaluation; knowledge of security mechanisms of existing communication protocols; creating security concepts, designing and implementing technical and organisational measures (e.g. role-based access control, security guidelines); an understanding for the role of the individual for information security, raising information security awareness; standards and models of information security management.

The specialisation Information Security is open for students from the bachelor’s programmes E-Commerce, Computer Science, and Business Information Systems. A detailed introduction to this area of specialisation is available from the document Specialisation Information Security.

Specialisation 1: IT Security

Lecturer: Prof. Dr. Sebastian Biedermann

Description

The focus of this course are technological aspects of information security. In this, the appropriate use of cryptographic methods to guarantee the protection goals of confidentiality, integrity, availability and the (legal) binding character plays a major role. To a certain extent, the way an attacker is thinking is to be taught so that possible weak points can be recognized in time and effective countermeasures can be operated in case of an attack.

Contents

Teaching contents include the following:

  • Procedures for secure authentication
  • System security: From secure hardware to secure application development
  • Communication security
  • Security Engineering
  • Basics of computer forensics

At the end, there is a written exam (duration: 90 min).

Learning Outcomes

The students

  • will understand the different aspects in the field of IT security and will deepen their knowledge in the fields of application and communication security in particular.
  • will know and master technological procedures to achieve the security of IT systems.
  • will be able to conduct a risk analysis for a medium-complex system as well as execute rather simple tasks in the field of penetration testing and computer forensics.

Specialisation Seminar

Lecturers: Prof. Dr. Kristin Weber, Prof. Dr. Sebastian Biedermann

Description

The specialisation seminar deals with various topics in relation to current issues in the area of information security. In addition, it will teach methods for writing scientific papers. It is characterised by the interaction of students and lecturers. Attendance sessions will alternate with periods of self-study.

Participants will do a presentation of their chosen topic as well as write an assignment (term paper). The grade consists of presentation and term paper with 50% each. The work progress in the chosen seminar topic is closely supervised by the lecturers.

Contents

Introduction and assignment of topics is done during the course sessions. Lecturers will suggest topics, but students can suggest their own topics as well. During the attendance sessions, students will do various exercises to acquire methods for scientific work under the assistance of the lecturers.

Learning Outcomes

The students

  • will deepen their knowledge of current problems in the field of information security as well as possible solutions to them.
  • will present and document their findings during the seminar.
  • will learn how to further deepen and expand issues from the field of information security independently.
  • will learn and apply the fundamentals of scientific work.
  • will be able to prepare a written assignment that meets scientific standards.

Specialisation 2: Information Security Management

Lecturer: Prof. Dr. Kristin Weber

Description

This specialisation focuses on the organisational and staff-related information security measures. In particular, it deals with people and their motivations; be it in their role as users, superiors, security experts, victims or attackers. Latest scientific findings in the area of information security awareness are part of this course. Specialisation 2 will also consider standards and models of information security management (e.g. ISO 2700X, IT basic security, ISIS 12), information security guidelines as well as structural and procedural issues.

Specialisation II will use English as medium of instruction. The grade will be established from a portfolio assignment.

Contents

Contents are constantly updated according to current demands. Contents include the following:

  • Basic Concepts in Information Security Management.
  • Information Security Policy.
  • The Human Factor in Information Security.
  • Information Security Program.
  • Information Security Frameworks.
  • Organising for Information Security.

Learning Outcomes

The students

  • will gain deep insights into the duties of an information security manager. The focus will be on the role of the “factor” human for information security in companies.
  • will know the most important methods and models of information security management and are able to select and apply them dependent on the situation.
  • will understand the partly contradictory demands of different information security stakeholders and will be able to act in this area of potential conflicts.
  • will be able to make themselves familiar with new topics independently, to get information on current developments in the area of information security and assess their practical meaning correctly.
  • will be able to put security requirements into practice using concrete examples and test their effectiveness.

Suitable core electives (FWPM)

Technical Data Protection (winter semester)

The first part of the course “Technical Data Protection” deals with data protection topics from the perspective of a German data protection officer. Starting with an overview of the current legal framework, we will deduce and thoroughly discuss the practical tasks of a data protection officer.

The second part deals with technical aspects related to the protection of data and systems. The course aims at viewing attacks on data from different perspectives. There is the perspective of those who want to store data securely, of those who want to recognise and detect attacks, but also the attacker’s perspective.

IT Risk Management (summer semester)

The contents include:

  • Risk management vs IT risk management
  • Standards, norms and best practices for IT risk management
  • Organisational structures of IT risk management
  • IT risk management process
  • Methods and tools for IT risk management
  • Risk management in IT operations, IT projects, and IT outsourcing.
  • Introducing IT risk management

Topics for bachelor's theses

Complementing the topics of this specialisation, the lecturers offer topics for projects and final theses. If you are interested in a certain topic, please contact the lecturer(s) in time.

Additional Information

Upon arrangement, students specialising in Information Security can use our NET.lab and BIX.lab for preparing their seminar papers or final theses.