Inhalt

[ 921NESEISMV13 ] VL Information Security Management

Versionsauswahl
(*) Unfortunately this information is not available in english.
Workload Education level Study areas Responsible person Hours per week Coordinating university
3 ECTS M1 - Master's programme 1. year Computer Science Michael Sonntag 2 hpw Johannes Kepler University Linz
Detailed information
Original study plan Master's programme Computer Science 2013W
Objectives Students learn the most important guidelines and standards in the area of incformation security management as well as basics of its certification. They have profound basic knowledge for initiating and implementing a continuous information security process and can demonstrate solution paths for practical use.
Subject Austrian Information Security Handbook, security management process, information security policies, classifications of data and systems, InfoSiG (information security law), InfoSiV (information security regulation), industrial security, SSRS, accreditation.

ISO/IEC 27000 family, certification of the ISMS according to ISO/IEC 27001, ISO/IEC 27002, risk management according to ISO/IEC 27005, security measures (ISO/IEC 27004 and related standards), additional standards of the ISO/IEC 27000 family, future developments.

Basic IT security according to the BSI (IT-Grundschutz), idea and process, BSI 100-1, 100-2, 100-3, GSTOOL, certification.

CobiT, Controls, indicators, maturity level model.

Common Criteria, protection profiles and security targets, security functional requirements and security assurance requirements, EALs, discretionary vs. mandatory access control, certifcation.

Criteria for evaluation Written exam
Methods Lecture
Language English
Study material basic literature:
* Bundeskanzleramt, Informationssicherheitsbüro: Österreichisches Informationssicherheitshandbuch. books@ocg Band 226. www.a-sit.at, in der aktuellen Auflage.
* International Organization for Standardization: ISO/IEC 27001 Information Security Management Systems – Requirements.
* International Organization for Standardization: ISO/IEC 27005 Information Security Risk Management.
* BSI 100-1, BSI 100-2, BSI 100-3 + IT-Grundschutzkataloge, www.bsi.de.
* ISACA: CobiT 4.1.
* Common Criteria, Parts 1 – 3. www.commoncriteriaportal.org.

Additional literature is announced in every semester.

Changing subject? No
Further information https://www.jku.at/en/institute-of-networks-and-security/
Corresponding lecture (*)INMNPVOINSM: VO Informationssicherheitsmanagement (1,5 ECTS) + any Complementary course (1,5 ECTS)
On-site course
Maximum number of participants -
Assignment procedure Direct assignment