Information Security Management

30 Präsenzstunden Vorlesung, 30 Präsenzstunden Praktikum, 45 Stunden Vor-/Nachbereitung des Praktikums, 45 Stunden Nachbereitung der Vorlesung und Prüfungsvorbereitung

Foundations of computer science and basic programming skills

Students who successfully complete this module will be able to:

• Apply and implement information security principles in any kind of organisation.
• Distinguish between computer, information and cyber security.
• Know the managerial and soft aspects of information security.
• Know the technical aspects of information security.
• Apply standard best practices of information security management using ISO international standards.
• Identify the risks within any organisation
• Understand the risk analysis process within any organisation.
• Quantify information security and risk.
• Experience various information security tools, techniques, mechanisms and technologies.
• Know how to design information security policies and implement them in any organisation.

Information Security Management is the process of establishing and maintaining a secure information environment and can be called an Information Security Management System. This ISMS must address the implementation and maintenance of processes and procedures to manage Information Security. These actions include identification of information security needs, implementation of strategies to meet these needs, the measurement of results, and improving both the rotection strategies and the ISMS over time. Information Security includes all aspects related to defining, achieving and maintaining the five security services of identification & authentication, authorisation, confidentiality, integrity and nonrepudiation as specified by the ISO/IEC 27002 international standard.

The domain of Information Security Management is no longer exclusively of a managerial nature, since technical aspects also need to be considered on management level. Information Security Management can be approached from various perspectives. One way of establishing an ISMS is from a strategic perspective, addressing amongst others corporate governance, policies and pure management issues. Another approach can be from a ‘human’ side, addressing issues such as security culture, awareness, training, ethics and other human related issues such as legal aspects.

Veranstaltungsspezifische Website, Moodle, Tafel und Folien (Powerpoint)

ISO/IEC 27043: Incident investigation principles and processes (Will be made available during lectures)

Various state-of-the-art academic papers will be made available during lectures.