IT Security Manager
- HSB Akademie Leipzig
- 4 (Registered)

Secure communication systems are the central nervous system of our modern society, making them indispensable to a functioning economy.
Never have there been so many ways to network with each other. Society is riding a wave of increasing digitalisation. More and more new technical possibilities are available for communicating over the internet. But these technical innovations and the growing digitalisation also bring risks – threats from security gaps in this digital society. In recent years, there have been huge numbers of IT security incidents that have made headlines around the world and have affected all kinds of companies. This makes cyber-attacks, cyber-crime and cyber-spying a serious threat in the 21st century and the importance of IT security is increasing rapidly.
Responsibilities of the IT Security Manager:
An IT Security Manager is responsible for the whole IT infrastructure and the security of this infrastructure in a company. As a higher-level actor, he/she is able, in coordination with the management level, to enforce IT security goals in companies and organisations and to guide, implement and check suitable measures and comprehensive solutions. The IT Security Manager is the intersection between employees of a company and the management.
Aim of the course:
At the end of the course, participants will be able to independently analyse and evaluate the IT infrastructure in a company and derive appropriate ways to optimise it. In addition, there will be strategic planning, in consultation with management, on resources and the initiation of technical and administrative measures.
Learning objectives:
- Extensive understanding of networks, including securing networks and end devices in the company
- Identifying and eliminating weak points in the IT structure of your company
- Conduct risk analyses and derive appropriate measures to reduce risks
- Conception and establishment of the information security management system (ISMS)
- Professionally instruct, implement and check solutions within the framework of IT security
Course Content
-
Module 1 - Fundamentals of IT-Security
- 1. Course Introduction
- 1.1 Learning Concept of the Course
- 1.2 Module Structure
- 2. Conceptual Classifications
- 2.1 IT-Security Preview
- 2.2 Development of the Modern Internet
- 2.3 Next Generation Network (NGN)
- 2.4 Internet of Things (IoT)
- 2.5 Monitoring
- 3. Modern IT-Systems in SMEs
- 3.1 Office-IT
- 3.2 Production-IT
- 3.3 Mobile Devices
- 4. Weak Points and Threats in IT-Systems
- 4.1 Examples from the Corporate Sector
- 4.2 Examples from Politics and Society
- 4.3 Examples from the Automotive Industry
- 5. Threats to IT-Systems in SMEs
- 6. Digression: IT-Security Criteria according to ISO 27001
- Bibliography
- List of Figures
- Questions of Understanding Module 1 – Fundamentals of IT-Security 6 questions
-
Module 2 - Data Protection - Technologies and Methods
- 1. Introduction
- 2. Data Security and Data Protection
- 2.1 Data Backup
- 2.2 Data Loss
- 2.3 Difference to Data Protection
- 2.4 The European GDPR
- 2.4.1 The Requirements and Obligations of the GDPR
- 2.4.2 Validity of the GDPR
- 2.4.3 Order Processing
- 2.4.4 Data Protection Officers
- 2.4.5 The Principles of the GDPR
- 2.5 Trends in Data Protection and Data Recovery
- 3. Methods and Technologies of Data Protection
- 3.1 Methods
- 3.1.1 Simple Full Data Backup
- 3.1.2 Differential Data Backup
- 3.1.3 Incremental Backup
- 3.1.4 Sequential Data Backup
- 3.1.5 Partial Data Backup
- 3.1.6 Data Protection Strategies
- 3.2 Media of Data Protection
- 3.2.1 Optical Storage Media (Non-Volatile Memories)
- 3.2.2 Magnetic Storage Media (Non-Volatile Memories)
- 3.2.3 Electronic Storage Media (Volatile Memory)
- 3.3 Handling Storage Media
- 4. Data Protection Concept
- 4.1 Specifying the Data
- 4.2 Select Method of Data Backup
- 4.3 Data Backup Medium
- 4.4 Create a Backup Plan
- 4.5 Organization within the Company
- 4.6 Tool Support
- Appendix: Data Backup Concept – A. Objective
- B. Definition of Responsibilities
- C. Risk Assessment
- D. Data Backup Procedure
- E. Minimum Organizational and Technical Requirements
- F. Implementation of the Data Backup Concept
- Bibliography
- List of Figures
- Questions of Understanding Module 2 – Data Protection, Technologies and Methods 5 questions
-
Module 3 - Network Architectures and Protocols
- 1. Introduction
- 2. Building Networks
- 2.1 Network Topologies
- 2.1.1 Bus Topology
- 2.1.2 Ring Topology
- 2.1.3 Star Topology
- 2.1.4 Mesh Topology
- 2.1.5 Tree Topology
- 2.2 Carrier Materials
- 2.2.1 Copper
- 2.2.2 Fibre Optic Cable/ Optical Fibre
- 2.2.3 Air
- 2.3 OSI Reference Model
- 3. Communication in the Network
- 3.1 Packet Switching and Routing
- 3.2 Addressing
- 3.3 Mac Address
- 3.4 NAT
- 4. Protocols
- 4.1 TCP
- 4.2 UDP
- 5. Network Security
- 5.1 Encryption
- 5.2 Authentication
- 6. Man-In-The-Middle
- Appendix 1 – Security Guidelines for the Construction of a Network Infrastructure (Based on the Studies of the BSI)
- Appendix 2 – Checklist for Setting up a Secure Network (Based on BSI Specifications)
- Checklist Local Network
- Checklist Security Gateways and Security Zones
- Checklist Coupling to the Internet
- Checklist Network Management
- Bibliography
- List of Figures
- Questions of Understanding – Module 3 – Network Architectures and Protocols 5 questions
-
Module 4 - Forms of Network Threats - Cyber Attacks and Malware
- 1. Introduction to Network Threats
- 2. Types of Attacks
- 3. Malware
- 3.1 Definition
- 3.2 Types of Malware
- 3.2.1 Computer Viruses
- 3.2.2 Computer Worm
- 3.2.3 Trojan Horse
- 3.2.4 Backdoor
- 3.2.5 Spyware
- 3.2.6 Scareware/Rogueware
- 3.2.7 Bots and Bot Nets
- 3.2.8 Ransomware
- 3.2.9 Phishing
- 3.2.10 Scamming
- 3.2.11 Dialler
- 3.2.12 Third Party Billing
- 3.2.13 Cryptomining
- 3.3 Mixed Forms
- 4. Hacking
- 4.1 Network Hacking
- 4.2 Operating System Hacking
- 4.3 Software Hacking
- 5. Distributed Denial of Service (DDOS)
- 6. Social Engineering and Hardware
- 7. Counter Measures
- 7.1 Knowledge about Typical Attacks
- 7.2 Technical Measures
- 8. Digression: Cyber Warfare
- 8.1 Background and Definition
- 8.2 Methods
- 8.3 Attack Leadership in Cyber Warfare
- 8.4 Cyber Warefare in Reality
- Appendix: Description of the Hazard Analysis for a Subnetwork Scenario
- Bibliography
- List of Figures
- Questions of Understanding Module 4 – Forms of Network Threats – Cyber Attacks and Malware 5 questions
-
Module 5 - IT-Security in the Application I - Security Processes
- 1. Introduction
- 2. Organization and Communication in the Company
- 2.1 Definition of Roles in IT Security Management
- 2.2 Organization of IT Security in the Company
- 2.3 Awareness Management
- 3. IT Compliance
- 3.1 Legal Framework
- 3.2 Standards and Norms
- 4. IT Security Management
- 4.1 Risk Management
- 4.2 Emergency Management
- 4.3 Available Management
- 5. Technical IT Security Measures
- 6. Monitoring and Control Processes
- 6.1 Monitoring IT Security
- 6.2 IT Security Audits
- System Checklist
- Bibliography
- List of Figures
- Questions of Understanding Module 5 – IT-Security in the Application I – Security Processes 4 questions
-
Module 6 - IT-Security in the Application II - Security in Wireless LANs (WLANs)
- 1 Introduction
- 2 Legal Basis
- 3 Functionality of WLANs
- 3.1 Transmission by Radio
- 3.2 Modes
- 3.2.1 Ad-Hoc Mode
- 3.2.2 Infrastructure Mode
- 3.3 Hot Spots
- 3.4 Comparison to LAN
- 4 Encryption and Access Control
- 4.1 WEP
- 4.2 WPA
- 4.3 WPA2
- 5 Security Problems with WLANS and Possible attacks
- 6 Security for WLANs
- 7 Critical Consideration
- Attachment – Checklist for a Secure WLAN environment (Based on BSI technical guidelines)
- Bibliography
- List of Figures
- Questions of Understanding Module 6 – IT-Security in the Application II – Security in Wireless LANs (WLANs) 5 questions
-
Module 7 - Security for Internet Protocols
- 1 Types of Protocols
- 1.1 HTTP
- 1.2 SMTP/IMAP/POP3
- 1.3 FTP
- 1.4 NNTP
- 1.5 XMPP
- 1.6 SOAP
- 2 Security Issues in Web Applications
- 2.1 Programming and Configuration Errors
- 2.2 Caching and Cookies
- 2.3 Forging E-Mail Addresses
- 2.4 Missing Authentication and Encryption
- 3 Encryption
- 3.1 Historical Outline
- 3.2 Basics and Application Areas
- 3.3 Symmetric Encryption Methods (secret key)
- 3.3.1 DES
- 3.3.2 AES
- 3.3.3 OTP
- 3.4 Asymmetric Encryption Methods (public key)
- 3.4.1 RSA
- 3.4.2 PGP
- 3.4.3 SSL/TLS and SSH
- 4 Access, Entry and Access Control
- 5 Authentication
- 5.1 PIN/Password
- 5.2 TAN
- 5.3 Biometric Authentication
- 5.4 Certificates
- 5.5 Smartcard
- Appendix – Precautions for Using Internet Protocols in the Company
- Bibliography
- List of Figures
- Questions of Understanding Module 7 – Security for Internet Protocols 5 questions
-
Module 8 - Security Tasks for the Operating Systems
- 1 Introduction
- 2 Tasks and Security Tasks of an Operating System
- 3 Typical Attack
- 4 General Security in Servers and Operating Systems
- 4.1 Basic installation and Minimal System
- 4.2 Installation of Security Programs
- 4.2.1 Firewall
- 4.2.2 Anti-Virus Program/Virus Scanner
- 4.3 User Accounts/Access Control
- 4.4 Securing Ports
- 4.5 Secure Boot
- 4.6 Updates
- 4.7 Backups and Penetration Tests
- 4.8 Other Requirements
- 5 Special Safeguards in Different Operating Systems
- 5.1 Tools for Testing
- 5.2 Microsoft Windows
- 5.2.1 Access Control and Permissions in Windows
- 5.2.2 Vulnerabilities of Windows
- 5.2.3 Windows Defender
- 5.2.4 Windows Firewall
- 5.2.5 Windows Server Update Services
- 5.2.6 Windows Event Viewer
- 5.3 Unix Security – Linux
- 5.3.1 Access Control under Linux
- 5.3.2 Vulnerabilities and Countermeasures
- 6 Checklist for Setting Up and Managing IT Landscapes
- Bibliography
- List of Figures
- Questions of Understanding Module 8 – Security Tasks for the Operating Systems 5 questions
-
Module 9 - Remote Access
-
Module 10 - Development of Secure Software Applications
- 1. Introduction
- 2. Developing Secure Software
- 2.1 Software Development Process
- 2.2 Typical Programming Languages
- 2.3 Typical Databases
- 2.4 Object-oriented Programming
- 2.4.1 Encapsulation and Visibility
- 2.4.2 Defining and Checking Variable Ranges
- 2.5 Encryption of Network Traffic
- 3. Testing the Software
- 3.1 Test Coverage through Unit Tests
- 3.2 Attention to Corner Cases
- 4. Encryption of User Data
- 4.1 Encryption for Authentication
- 4.2 Encryption of Other User Data
- 4.3 Securing Data Collection
- 5. Identifying and Closing Security Gaps
- 6. Preventing Typical Problems
- 6.1 Buffer Overflow
- 6.2 Integer Overflow
- 6.3 SQL Injection
- 6.4 Denial of Services
- 6.5 Temporary Files
- Podcast
- Bibliography
- List of Figures
- Questions of Understanding Module 10 – Development of Secure Software Applications 5 questions
-
Module 11 - Mobile Safety and Security
- 1. Introduction
- 2. Communication Technologies
- 2.1 Mobile Radio Standards
- 2.2 Wireless LAN Technology
- 2.3 Bluetooth Technology
- 2.4 NFC Technology
- 3. Mobile Terminals
- 3.1 Hardware
- 3.2 Software/Operating Systems and Applications
- 3.2.1 iOS
- 3.2.2 Android
- 3.2.3 Windows Mobile
- 3.2.4 Other Operating Systems
- 3.3 Security Basics of Android and iOS
- 4. Threats
- 4.1 Physical intrusion and Hardware Manipulation
- 4.2 Operating System and Services
- 4.3 Mobile Apps
- 4.4 Malware
- 4.5 Tampering with Communication Channels
- 5. Protective Measures
- 6. Enterprise Mobility Management (EMM)
- 6.1 Inventory and Device Management
- 6.2 Role and Authorisation Management
- 6.3 Management of Updates and Application Software
- 6.4 Data Backup and Recovery
- 6.5 Documentation and Reporting
- Appendix: Checklist for the Introduction of Mobile Device Management (based on BSI (German Federal Institute for Security) guidelines)
- Bibliography
- List of Figures
- Questions of Understanding Module 11 – Mobile Safety and Security 5 questions10 minutes
Instructor
Students List
-
adminLearning0.34 %
-
testLearning0.34 %
-
Carolina GuhlmannLearning0 %
-
Mandy KaselLearning0 %