Cyber Security Management (Wintersemester 2022/2023)

Dozent: Prof. Dr. Christian Dörr (Cyber Security - Enterprise Security)

Allgemeine Information

Semesterwochenstunden: 4
ECTS: 6
Benotet: Ja
Einschreibefrist: 01.10.2022 - 31.10.2022
Prüfungszeitpunkt §9 (4) BAMA-O: 13.02.2023
Lehrform: Vorlesung / Übung
Belegungsart: Pflichtmodul
Lehrsprache: Deutsch

Studiengänge, Modulgruppen & Module

Cybersecurity MA

IT-Systems Engineering MA

ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-K Konzepte und Methoden
ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-T Techniken und Werkzeuge
OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-K Konzepte und Methoden
OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-T Techniken und Werkzeuge

Data Engineering MA

CODS: Complex Data Systems
- HPI-CODS-K Konzepte und Methoden
CODS: Complex Data Systems
- HPI-CODS-T Techniken und Werkzeuge
CODS: Complex Data Systems
- HPI-CODS-S Spezialisierung
SYSE: Systems Engineering
- HPI-SYSE-K Konzepte und Methoden
SYSE: Systems Engineering
- HPI-SYSE-T Techniken und Werkzeuge
SYSE: Systems Engineering
- HPI-SYSE-S Spezialisierung

Digital Health MA

Beschreibung

The goal of cybersecurity is to identify cyber risks and reduce them to an acceptable level. From a strategic view, an organization’s cybersecurity program and cyber risk management has to fulfill five core functions. There have to be processes to identify cyber risks, a deployment of safeguards and detection capabilities, as well as organizational and technical measures to respond and recover from a cyber incident.

This course covers the relevant standards, frameworks and best practices to establish a cyber risk management program from a technical, governance, and legal perspective. The lecture is accompanied by a semester-long case study, where you identify and evaluate the cyber risk for an organization, and develop a customized cybersecurity program to treat them.

Covered topics:

Identify

Security governance and risk management standards (i.a. ISO31000 series)
Threat identification, cyber threat intelligence and cyber attack analysis models
Information Security Management Systems (i.a. ISO27000 series)
Compliance standards and frameworks
Risk management frameworks specific to critical infrastructures and select sectors

Protect

Categorization of controls (technical and non-technical; preventive, detective and responsive controls)
Security standards (i.a. BSI Grundschutz)
Security architectures and best practices (least privileges, defense in depth, security by design)
Physical security, asset and identity management
Security awareness

Detect

Logging and monitoring systems
Security assessment and metrics

Respond

Vulnerability management
Triage and threat analysis
Intelligence-driven incident response

Recover

Business continuity planning and disaster recovery
Crisis management and communication

Literatur

Kurswebseite im Moodle https://moodle.hpi.de/course/view.php?id=379

Lern- und Lehrformen

Vorlesung mit integrierter Übung

Leistungserfassung

Abschlußklausur, Zulassung zur Klausur mit erfolgreicher Teilnahme an Übungen.

Termine

Mo und Di 11.00 Uhr, Übung findet innerhalb der Vorlesungszeiten statt

Zurück