Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI

Cyber Security Management (Wintersemester 2022/2023)

Dozent: Prof. Dr. Christian Dörr (Cyber Security - Enterprise Security)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 01.10.2022 - 31.10.2022
  • Prüfungszeitpunkt §9 (4) BAMA-O: 13.02.2023
  • Lehrform: Vorlesung / Übung
  • Belegungsart: Pflichtmodul
  • Lehrsprache: Deutsch

Studiengänge, Modulgruppen & Module

Cybersecurity MA
IT-Systems Engineering MA
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-K Konzepte und Methoden
  • ISAE: Internet, Security & Algorithm Engineering
    • HPI-ISAE-T Techniken und Werkzeuge
  • OSIS: Operating Systems & Information Systems Technology
    • HPI-OSIS-K Konzepte und Methoden
  • OSIS: Operating Systems & Information Systems Technology
    • HPI-OSIS-T Techniken und Werkzeuge
Data Engineering MA
Digital Health MA



The goal of cybersecurity is to identify cyber risks and reduce them to an acceptable level. From a strategic view, an organization’s cybersecurity program and cyber risk management has to fulfill five core functions. There have to be processes to identify cyber risks, a deployment of safeguards and detection capabilities, as well as organizational and technical measures to respond and recover from a cyber incident.

This course covers the relevant standards, frameworks and best practices to establish a cyber risk management program from a technical, governance, and legal perspective. The lecture is accompanied by a semester-long case study, where you identify and evaluate the cyber risk for an organization, and develop a customized cybersecurity program to treat them.

Covered topics:


  • Security governance and risk management standards (i.a. ISO31000 series)
  • Threat identification, cyber threat intelligence and cyber attack analysis models
  • Information Security Management Systems (i.a. ISO27000 series)
  • Compliance standards and frameworks
  • Risk management frameworks specific to critical infrastructures and select sectors



  • Categorization of controls (technical and non-technical; preventive, detective and responsive controls)
  • Security standards (i.a. BSI Grundschutz)
  • Security architectures and best practices (least privileges, defense in depth, security by design)
  • Physical security, asset and identity management
  • Security awareness



  • Logging and monitoring systems
  • Security assessment and metrics



  • Vulnerability management
  • Triage and threat analysis
  • Intelligence-driven incident response



  • Business continuity planning and disaster recovery
  • Crisis management and communication


Kurswebseite im Moodle https://moodle.hpi.de/course/view.php?id=379

Lern- und Lehrformen

Vorlesung mit integrierter Übung


Abschlußklausur, Zulassung zur Klausur mit erfolgreicher Teilnahme an Übungen.


Mo und Di 11.00 Uhr, Übung findet innerhalb der Vorlesungszeiten statt