The course teaches the most important guidelines and standards in the area of information security management. Students will learn the basics of the certification, acquire profound basic knowledge for initiating and implementing a continuous information security process, and the ability to demonstrate solution paths for practical use.

Course Organisation

The course is split in two parts

1. The Lecture part, covering the following topics as fixed fundamentals, which will fill roughly one half of the semester. These fixed parts cover the following topics:

• Contemporary Threats
• Basics of IT Security Management
• Enterprise IT-Security
• Security Guidelines and Policies
• Information Security Standards: ISO27k, BSI Grundschutz, Common Criteria

The second half is organized based on students’ individual preferences, via a selection of complementary topics offered in Moodle. The course will cover the topics, which received most votes from the students.

2. The Practicals part, covering the second half of the semester:

• An exercise sheet available on Moodle, with practical examples to work on using the content presented in the lecture
• The exercises are to be submitted through Moodle.
• We will review the exercises and discuss solutions in the practical class.

Grading

Your grading is based on two components:

1. Submission of solutions of exercises, related to the lecture part of the course.
2. A final exam in Moodle (quiz), based on multiple-choice questions (only)

• The exam will cover 2-3 questions per chapter that was covered in the lecture part. Topics/chapters that were not lectured will not be part of the final exam.
• The exam is open book.
• The score on the Moodle quiz will be scaled to a value \(0\leq x\leq 100\), relative to the maximum achievable points.

The overall mark is based on the total score, and gives the mark according to the following table: