 |
| Detailed information |
| Original study plan |
Master's programme Computer Science 2025W |
| Learning Outcomes |
Competences |
| Students can apply different information security standards to practical security management challenges. They know where to find specialized information and can systematically assess security risks, identify countermeasures and can establish and maintain security management projects.
|
|
| Skills |
Knowledge |
Students
- understand security management principles (K5)
- can apply different security management standards to systematically mitigate threats (K5)
- can systematically create lists of threats and countermeasures (K6)
- understand and implement security management processes (K4)
- know about the basic principles of security certification (K3)
- can demonstrate solution paths for risk mitigation in practical situations (K5)
- can apply mathematical methods for risk control and security resource optimization (K3)
- know about methods of decision making under uncertainty for security (K4)
|
- General Security- and Risk Management Processes
- Mathematical methods applicable in risk management and decision making
- BSI Grundschutz Compendium Security Management Standards
- Common Criteria, protection profiles and security targets, security functional requirements and security assurance requirements, EALs
- ISO/IEC 27000 family, certification of the ISMS, risk management, security controls, etc.
- Selected Attack Strategies and Threats (Social Engineering, Advanced Persistent Threats, …)* Security Testing methods and Secure Software Development Best Practices
|
|
| Criteria for evaluation |
Assignment submissions and presentations in the class
|
| Methods |
Lecture and Practical work
|
| Language |
English |
| Study material |
- basic literature:
Bundeskanzleramt, Informationssicherheitsbüro: Österreichisches Informationssicherheitshandbuch. books@ocg Band 226. www.a-sit.at, in der aktuellen Auflage.
- International Organization for Standardization: ISO/IEC 27001 Information Security Management Systems – Requirements.
- International Organization for Standardization: ISO/IEC 27005 Information Security Risk Management.
- BSI 100-1, BSI 100-2, BSI 100-3 + IT-Grundschutzkataloge, www.bsi.de.
- ISACA: CobiT 4.1.
- Common Criteria, Parts 1 – 3. www.commoncriteriaportal.org.
Additional literature is announced in every semester.
|
| Changing subject? |
No |
| Further information |
The course interleaves lectures with practical classes. Each chapter of the lecture is followed by practical assignments, whose results are presented and discussed in practical classes. The grading is based on the submission of solutions to assignments and the quality of presentations in the practical classes. An optional exam can be taken to cover for missing points in practical classes or to gain additional points for a better mark.
https://www.jku.at/en/institute-of-networks-and-security/
|
| Corresponding lecture |
921NESEISMV13: VL Information Security Management (3 ECTS)
|
|
