Information on individual educational components (ECTS-Course descriptions) per semester

Degree programme:Master Computer Science
Type of degree:FH MasterĀ“s Degree Programme
 Summer Semester 2022

Course unit titleInformation Security
Course unit code024912020901
Language of instructionEnglish
Type of course unit (compulsory, optional)Compulsory
Semester when the course unit is deliveredSummer Semester 2022
Teaching hours per week2
Year of study2022
Level of course unit (e.g. first, second or third cycle)Second Cycle (Master)
Number of ECTS credits allocated4
Name of lecturer(s)Armin SIMMA

Prerequisites and co-requisites
  • security objectives (CIA);
  • fundamentals of applied cryptology:
    • symmetrical vs. asymmetrical;
    • hashing;
    • signatures
    • certificates etc.;
  • software security basics: secure development lifecycle;
  • threat modeling;
  • fundamentals of computer networks and operating systems (e.g. simple file access rights, user management);
  • basic skills in using the Linux console.
  • fundamentals of systems management
Course content
  • Information Security and Information Security Management (ISMS)
    • ISO 27001/27002 (main focus)
    • BSI basic protection
  • Threats and Hazards:  Technical Failure, Deliberate Actions, Organizational Defects, etc.
  • Risk analysis and management (introduction; no details)
Learning outcomes

Students are able ...

  • to classify information security and explain why it must be viewed and implemented holistically.
  • to explain the three pillars of security management: people, processes and technology.
  • to identify and describe essential measures (main focus are organizational measures)
  • to reflect various approaches to information security management: BSI basic protection ("Grundschutz"), ISO 27001/27002.
  • to choose a suitable approach and develop proposals for implementation in a company or organization.
  • to explain the most important threats and plan standard security measures.
  • to plan and carry out a basic simple risk analysis and derive appropriate (further) measures.
Planned learning activities and teaching methods

Integrated lecture

Partly "Flipped Classroom", i.e. students work on the theory on their own; within the classroom questions of the students are answered and  discussed.  The case study will be further elaborated.

Assessment methods and criteria
  • Assessment of a  written work in the form of a case study to develop a security concept (using ISO 27001) for a company or organization.
  • Final written exam.

mandatory attendance

Recommended or required reading
  • Andress, Jason (2014): The basics of information security: understanding the fundamentals of InfoSec in theory and practice. Second edition. Amsterdam; Boston: Elsevier/Syngress.   
  • Germany (Hrsg.) (1999): IT-Grundschutzhandbuch: Standard-Sicherheitsmaßnahmen. Köln: Bundesanzeiger.    
    • BSI Grundschutz: online unter  
  • Kersten, H. et al. (2016) „IT-Sicherheitsmanagement nach der neuen ISO 27001: ISMS, Risiken, Kennziffern, Controls.“ Springer: 
  • Libmann, Jens (2016): Informationssicherheit kompakt, effizient und unter Kontrolle: praxisorientierte Prinzipien für ein profitables und effizientes Security-Management und -Controlling für Unternehmen. 1. Auflage. Berlin: epubli.   
  • Lincke, Susan (2015): Security Planning - an Applied Approach.  Springer International Publishing. Online im Internet: (Zugriff am: 26.10.2016).
Mode of delivery (face-to-face, distance learning)

Flipped Classroom. Mandatory attendance

Summer Semester 2022go Top