Learning objectives:
Students acquire the skills to
- know basic concepts and the different areas of IT system security,
- know the security objectives for a system design,
- understand the typical course of an attack on IT systems
- know typical security risks for IT systems, analyze typical threats and be able to take adequate countermeasures,
- know different assessment schemes for IT security and are able to evaluate the security level of an IT system,
- develop an IT security strategy,
- know the tension between usability and security.
Course content:
- Basic concepts:
- Security objectives (e.g. confidentiality, integrity, authenticity, availability, anonymization)
- Vulnerability, risk, authorization
- Attacks: e.g. spoofing, sniffing, denial of service
- Data protection, privacy by design, legal framework conditions
- Fundamentals:
- Cryptography: encryption, signature Random number generators
- Data and instance authentication
- Public key infrastructures
- IT forensics
- Areas and disciplines of IT security: system security, internet security, security for ubiquitous computing, secure software development
- Phases of an attack (e.g. via the network, social engineering) and countermeasures (hardened operating systems, firewalls, intrusion detection systems)
- Security management: IT security through a structured approach, IT security as a continuous process, history, national standards (BSI basic protection), international standards (Common Criteria), separation of functional security requirements and trustworthiness requirements
- Security and usability
