How To Pass An It Forensics Course

Transcription

1 Catalogue of Modules M. Sc. Security Management February 2014

2 Impressum Autor: Prof. Dr. Sachar Paulus Redaktion: Prof. Dr. Sachar Paulus Druck: Druckerei der Fachhochschule Brandenburg Kontakt: Fachhochschule Brandenburg University of Applied Sciences Magdeburger Str Brandenburg an der Havel T F E [email protected] Stand: 21. Februar 2014 Fachhochschule Brandenburg Seite 2/42 Catalogue of Modules M. Sc. Security Management February 2014

3 Inhaltsverzeichnis 1 Introduction 4 2 Modules of the first term Principles of Security Management Law, Compliance and Data Protection Principles of ICT Infrastructure Security Principles of Secure Communication Technology Principles of forensics and auditing Term Thesis Second term Security and Crisis Management in the international Context Physical Security Corporate Governance Secure Systems Lifecycle Management Secure IT Services and Business Processes Project Term Thesis Third Term Master s Thesis incl. Master s Seminar 31 5 Examples for Compulsory Optional Modules ITIL - Information Technology Infrastructure Library Know-how Protection Technical Aspects of the IT Forensics Security Concepts of Nuclear Power Plants 40 Seite 3/42 Catalogue of Modules M. Sc. Security Management February 2014

4 1 Introduction This document contains the module descriptions of Brandenburg University of Applied Sciences M. Sc. Degree program on Security Management. The module content is of 2012, the descriptions have been translated to English early Students can choose a profile amongst a number of offerings. Part of the content consists of compulsory optional modules that the program management selects every term. You can find a number of descriptions for compulsory optional modules as examples at the end of this publication. Module overview Term Module Modules CP/ Term 1 Principles of Security Management (6CP) Principles of Secure Communication Technology (3CP) Principles of Forensices and Auditing (3CP) Principles of ICT Infrastructure Security (6CP) Law, Compliance and Data Protection (6CP) Term Thesis 1 (3CP) Compulsory Optional Module 1 (3CP) Security and Crisis Management in International Contexts (6CP) Physical Security (3CP) Secure System Lifecycle Management (6CP) Secure IT- Services and Business Processes (3CP) Corporate Governance (3CP) Term Thesis 2 (3CP) Project (6CP) 7 30 Compulsory Optional Module 2 (3CP) Compulsory Optional Module 3 (3CP) Master Thesis incl. Colloquium (21CP), Master Seminar (3CP) Subject Area Security Management IT Security Mathematical and Technical Principles Law and Business Management Compulsory Optional Modules Seite 4/42 Catalogue of Modules M. Sc. Security Management February 2014

5 2 Modules of the first term 2.1 Principles of Security Management Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Prerequisites: SM_Ma_GrundlagenSecurityManagement Principles of Security Management One term SM Ma, 1st term, required module The module is also offered as a compulsory lecture for the Master s course in Information Systems. The module can also be offered for Master s course in Informatics. Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Sachar Paulus German None ECTS-Credits: 6 Total workload and ist composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 15 hours Exercise: 15 hours Practical application based on case studies: 30 hours Homework (50%), Presentation (50%). 2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: Preparation of security investigations Conducting risk evaluations Analysis of conditions of security and the significance of counter measures Development of understanding the importance of security in the process of decision making by entrepreneurs Assessment of security organisations in enterprises Implementing exemplary security processes with the use of IT tools Designing security measures and successfully presenting the same to a committee of decision makers In addition, the students are expected to achieve the following results of learning: Establish a security organisation in an enterprise Prepare a skill profile for an individual in charge of Seite 5/42 Catalogue of Modules M. Sc. Security Management February 2014

6 Contents: Teaching and learning methods: Literature: security Integrate IT and non IT security relevant aspects Introduce a security management system in an organisation Prepare a strategy for a section of IT, information or corporate security Primary aspects of corporate security: Security Governance and Security Management System Security Organisation Security Policy Risk management Analyzing security Security processes Norms and standards for information security Return-on-Security-Investment calculations Crisis management Business Continuity Management Additionally: Selected specific areas of the IT and corporate security Interactive combination of lectures, preparations and presentation of contents, demonstration of concepts, practical tasks for groups, preparation of own content and role play. Security Management 2011: Manual of information security, IT security, security of locations, White-collar criminality and Management liability by Guido Birkner, Handbuch Unternehmenssicherheit [Manual of Corporate Security]: Comprehensive security, continuity and risk management with system by Klaus-Rainer Müller, Unternehmenssicherheit [Corporate Security] by Stephan Gundel, and Lars Mülli, Security Risk Management Body of Knowledge by Julian Talbot, Miles Jakeman, Wiley Additional information: Seite 6/42 Catalogue of Modules M. Sc. Security Management February 2014

7 2.2 Law, Compliance and Data Protection Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_RechtComplianceDatenschutz Law, Compliance and Data Protection One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Michaela Schröter, Dipl. iur. Raoul Kirmes M.Sc., CISA, QMA German Prerequisites: ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 180 hours = 60 hours of attendance and 120 hours of self-study Lecture: 60 hours Study assignments (30%), Written examination (70%). 2/3 of the subject grade; 8.33% of all subject grades; 2.916% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Identification of relevant legal position of important activities concerned with security in organisations Application of national, European and international legislations in order to meet the compliance specifications for companies Enabling critical discussion with legal target conflicts and for submitting an appropriate evaluation of the risk situation for companies as those affected by regulations 1. Introduction to juristic methodology 2. European and international security law 3. Introduction to the WTO law (focus on international law on product safety) 4. System of fundamental freedom and national security interests 5. Technical trade restrictions in security law 6. Compliance in the international context 7. International, European and national accreditation law 8. Principles of contractual liability ( 280 BGB) Seite 7/42 Catalogue of Modules M. Sc. Security Management February 2014

8 9. Principles of tortious liability ( 823ff BGB, ProdHaftG) 10. Law governing the private security trade 11. Overview of the German law governing weapons 12. Main features of law of criminal proceedings 13. Electronic legal relations (ecommerce/signature law) 14. International emoluments and principles of law governing data security Teaching and learning methods: Literature: Additional information: Lecture - Harald Jele, Wissenschaftliches Arbeiten: Zitieren [Scientific Working Methods: Quoting], Kohlhammer, 3rd ed., Calliess/Ruffert, EUV/AEUV 4th ed Röhl, Akkreditierung und Zertifizierung im Produktsicherheitsrecht [Accreditation and Certification in Law Governing Product Safety], Springer Verlag Ensthaler, Zertifizierung und Akkreditierung technischer Produkte [Certification and Accreditation of Technical Products], Springer Verlag Martin Schulte, Handbuch des Technikrechts [Manual of Law Governing Technology], 2nd ed. Springer Verlag, Abbott/ Kirchner/ et.al., International Standards and the Law, Stämpfli Verlag AG, Kurt Schellhammer, Schuldrecht nach Anspruchsgrundlagen [Law of Obligations According to Principles of Claims], 8 th ed., Martin Kutscha, Handbuch zum Recht der Inneren Sicherheit [Manual of Law Governing Internal Security], 2nd ed., BWV Verlag, Rolf Stober, Sven Eisenmenger, Besonderes Wirtschaftsverwaltungsrecht [Special Business Administration Law], 15th ed., Verlag Kohlhammer, Knemeyer: Polizei- und Ordnungsrecht [Police and Law Governing Public Order], Beck, Busche: Waffenrecht 2012 [Weapons law 2012], Kiel Hoeren: Internet- und Kommunikationsrecht [Internet and communication law], Otto Schmidt Cologne Schade: Arbeitsrecht [Labour law], Kohlhammer Martin T. Biegelman, Building World-Class Compliance Program: Best Practices and Strategies for Success, John Wiley & Sons; Acquisti/ Gritzalis/Lambrinoudakis, Digital Privacy: Theory, Technologies, and Practices, Auerbach Pubn, Sanjay Anand, Essentials of Sarbanes-Oxley, John Wiley & Sons, CCH Incorporated, SEC Compliance and Disclosure Interpretations, Harcourt Professional Publishing, Reyes, Carla, WTO-compliant Protection of Fundamental Rights: Lessons from the EU 'Privacy Directive, Melbourne Journal of International Law, Vol. 12, No. 1, Jun 2011: Spiros Simitis, Bundesdatenschutzgesetz [Federal Law Governing Data Security], Nomos, 7 th ed., Current legal texts Assignments for thorough reading Seite 8/42 Catalogue of Modules M. Sc. Security Management February 2014

9 2.3 Principles of ICT Infrastructure Security Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_IKT-Infrastruktursicherheit Principles of ICT Infrastructure Security One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Eberhard von Faber Prof. Dr. Eberhard von Faber, Dipl. Ing. Dietmar Hausmann Language of instruction: Prerequisites: ECTS-Credits: 6 German Importance of IT security and its role in practice; technical and physical basic knowledge; knowledge of the basics of Internet networks, Operating Systems and cryptography-based techniques Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 180 hours = 60 hours of attendance and 120 hours of self-study lectures in the range of at least 30 hours and exercises up to 30 hours Written examination or oral examination including 20% of the result of project work 1/2 of the subject grade 5% of all subject grades 1.75% of the final grade Familiarization with the threats and challenges in networks, including important counter measures in the form of protocols and various security solutions Familiarization with the functioning of these solutions, understanding of their use, operation and interaction; ability to integrate and deploy independently some of these solutions; familiarization with supplementing measures and solutions Development of the ability to integrate the required solutions adequately into various ITC infrastructures and usage scenarios; familiarization with service models including Cloud Computing and its implications Development of ability to analyse requirements and industrial practical factors and to integrate solutions based on the practical example of an industrial solution Familiarization with security modules and embedded systems as core components for distributed systems; properties, challenges and use; principles of usage and on Seite 9/42 Catalogue of Modules M. Sc. Security Management February 2014

10 Contents: Teaching and learning methods: Literature: the security of smart cards Details of PKI as infrastructure for secure communication, including testing schemes as international infrastructure for the risk management based on the example of payment systems Extended principles of Internet networks (TCP/IP Protocol, ISO/OSI, Routing, active components, cryptography) Dangers in the use of IT, categories of threats, weak points and hazards Security management, security audits with tools, network monitoring and network logging Attacks and counter measures Cryptography applications (encrypted communication, VPN protocols, certificates) Web Server Security, security In depth study and practical application of project topics on Firewalls, Honeypots and Intrusion Detection Systems, WLAN security and VPN Integration of various solutions in the ITC network: business processes vs. ITC; Usage scenarios vs. ITC; service models and Cloud Computing: division of labour, service models, security management Learning situation of a special industry application: requirements and solutions; Practical factors and their outcome, result and practice in industry Components for distributed systems and mobility: Embedded Systems; Properties, challenges and solutions; Internet of things; Life Cycle; Device Management and Security Design; Practical seminar: application, technology of the chip cards and practical attacks PKI: an infrastructure for secure communication (visible or invisible; function, realization, practice) Assurance: an infrastructure for Trust and Security in a (global) division of labour in industrial value-added chains Combination of lectures, exercises based on one s own computer and lab exercises; lectures deploying different media; tasks and exercise examples; control questions/revision course [1] Cisco Networking Academy: CCNA Exploration Companion Guide, Vol. 1-4, Cisco Press, 2008 [2] Alexander Michael: Netzwerke und Netzwerksicherheit - Das Lehrbuch [Networks and Network Security the text book], Hüthing publishers, [3] Plötner Johannes, Wendzel Steffen: Praxishandbuch Netzwerk-Sicherheit [Practical Manual of Network Security], Galileo Computing, [4] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons [5] Common Criteria for Information Technology Security Evaluation; or ISO [6] Rankl, Wolfgang and Wolfgang Effing: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards; [Manual of Chip Cards, Structure, Functioning, Usage of Smart Seite 10/42 Catalogue of Modules M. Sc. Security Management February 2014

11 Cards] by Hanser technical publishers Other reference works on special project topics (VPN, IPSec, IPv6, IDS, WLAN, Attacks, and many more) Additional information: Scripts and other teaching materials will be distributed directly to the students during the lecture, or made available on the learning platform of the university. Seite 11/42 Catalogue of Modules M. Sc. Security Management February 2014

12 2.4 Principles of Secure Communication Technology Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_SichereKommunikation Principles of Secure Communication Technology One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Eberhard von Faber, Prof. Dr. Michael Syriakow German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 30 hours Written examination 1/4 of subject grade 2.5 % of all subject grades % of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Learning outcomes: Contents: Teaching and learning methods: Literature: Comprehension of the fundamentals and conditions of secure communication Thinking out communication scenarios Comprehension of the cryptographic principles Evaluation and selection of management tasks around electronic communication Logical vs. physical security Basic concepts of cryptography (symmetrical vs. asymmetrical methods, encryption, signature, certificates, PKI, RSA, DSA, AES, DES, Hash functions) Security modules Embedded Systems Devices and key management Chip cards, incl. management and personalization Hardware-oriented attacks Lecture and exercises in small groups. [1] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons, Inc.; 2001 Seite 12/42 Catalogue of Modules M. Sc. Security Management February 2014

13 Additional information: [2] FIPS PUB 140-2, Security Requirements for Cryptographic Modules; National Institute of Standards and Technology; 2002; [3] Common Criteria for Information Technology Security Evaluation (also ISO15408), Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements or (and: CEM) [4] BSI-PP-0002, Smartcard Integrated Circuit Platform Protection Profile; Version 1.0, July 2001 (E. von Faber main technical editor); Smartcard Integrated Circuit Augmentations; Version 1.0, March 2002; [5] Rankl, Wolfgang and Effing, Wolfgang: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards [Manual of Chip Cards, Structure, Functioning, Use of Smart Cards]; published by Hanser Fachbuchverlag, 2002 Beutelspacher, Kryptologie [Cryptology], Vieweg, 2005 C. A. Deavours L. Kruh, Machine Cryptography and Modern Cryptanalysis, Artech House Publishers, 1985 D. E. Knuth, The Art of Computer Programming 2, Seminumerical Algorithms, Addison-Wesley, 1998 A. J. Menezes - P. van Oorschoot - S. Vanstone, Handbook of Applied Cryptography, CRC, 1996 B. Schneier, Angewandte Kryptographie [Applied Cryptography], Pearson Studium, 2005 A. Sinkov, Elementary Cryptanalysis, The Mathematical Association of America, 1998 M. Welschenbach, Cryptography in C and C++, Apress, 2005 J. Bamford, Body of Secret: Anatomy of the Ultra-Secret National Security Agency, Anchor, Reprint Edition, 2002 Use of the E-Learning Program CrypTool Seite 13/42 Catalogue of Modules M. Sc. Security Management February 2014

14 2.5 Principles of forensics and auditing Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_ForensikAuditing Principles of forensics and auditing One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Igor Podebrad German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: Teaching and learing methods: Literature: 90 hours = 30 hours of attendance and 60 hours of self-study Lecture: 30 hours Written examination 1/4 of the subject grade 2.5% of all subject grades 0.875% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Organisation of IT forensic analyses and IT audits Operating IT systems while taking into account the requirements of IT forensics and IT auditing Development and implementation of IT forensics related security guidelines Evaluation of the usability of IT audit results for forensics Legal prerequisites for IT forensics Principles of IT auditing Organisation of IT forensic analyses Lecture and exercises in small groups IT-Forensik [IT Forensics] by Alexander Geschonnek, 2011 The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics by John Sammons, 2012 Additional information: Seite 14/42 Catalogue of Modules M. Sc. Security Management February 2014

15 2.6 Term Thesis 1 Brief module label: SM_Ma_Semesterarbeit1 Module description: Term Thesis 1 Division in teaching sessions, if applicable: Duration of module: One term Classification in the curriculum: SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Friedrich Holl and all other participating teaching faculty members German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Seminar with preparation of presentation: 15 hours Written assignments 1/2 of the subject grade 5% of all subject grades 1.75% of the final grade Preparation of scientific papers with tutorial related to the topic of security Methods of collection of data (statistics, interviews, primary/secondary sources) Source discussion: research, reading, evaluation Creative techniques and self-organisation Situation-related requirements for writing styles (advertising, press releases, scientific papers etc.) Preparation of an exposé Methodical structure of scientific papers Phases of scientific working methods Material collection and research Material evaluation and selection Material and topic processing Method of quoting Teaching and learning methods: Literature: Lecture, discussion, presentation of own results. DIN 1421 (Classification and Numbering System in texts) Eco, U. (2005) Wie man eine wissenschaftliche Abschlussarbeit schreibt Seite 15/42 Catalogue of Modules M. Sc. Security Management February 2014

16 - Doktor-, Diplom- und Magisterarbeit in den Geistesund Sozialwissenschaften [How to Compile Final Thesis for Doctorate, Graduate and Postgraduate Studies in Humanity and Social Science Studies], Müller, Heidelberg, Theisen, Manuel R.: Scientific Papers Technique & Methodology, Form, Peterssen, Wilhelm H.: Scientific Papers - An Introduction for School and Studies, Additional information: Seite 16/42 Catalogue of Modules M. Sc. Security Management February 2014

17 3 Second term 3.1 Security and Crisis Management in international Contexts Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_SecurityKrisenManagementInternational Security and Crisis Management in international Contexts One term SM Ma, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Sachar Paulus Language of instruction: German, partly English (10%) Prerequisites: None ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 30 hours Exercise: 15 hours Practical application based on case studies: 15 hours Written examination or oral examination 2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade The objective is to enable the students to acquire knowledge and skills in the following aspects of learning: Analysis of security systems in the international context while taking into account the cultural, political and geographical conditions Management of security organisation in international corporations Preparation of security measures during travel or delegation of employees to foreign countries Introduction of a crisis management system Reaction in international crisis situations Controlling the global crisis communication Influencing the public perception of security topics Security management in global organisations Travel Security Security during delegation of employees Crisis management in the international context Communication during crises: principles and procedures for communication during crisis situations Internal and external crisis communication Message House Seite 17/42 Catalogue of Modules M. Sc. Security Management February 2014

18 Teaching and learning methods: Literature: Additional information: Handling media during crisis situations Public image of security Campaigns for security topics Interactive combination of lecture, preparation and presentation of content, demonstration of concepts, practical tasks for groups, preparation of own content and role play. Notfall- und Krisenmanagement im Unternehmen [Emergency and Crisis Management in Companies] by Axel Bédé, Unternehmenskrisen und Krisenmanagement [Corporate Crises and Crisis Management] by Ronny Scharschmidt, Führen in Krisensituationen [Managing during Crisis Situations] by Markus Klaus, Global Threat: Target-Centered Assessment and Management by Robert Mandel, Security Risk Management Body of Knowledge by Julian Talbot and Miles Jakeman, Seite 18/42 Catalogue of Modules M. Sc. Security Management February 2014

19 3.2 Physical Security Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_PhysischeSicherheit Physical Security One term SM Ma, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Prerequisites: Every academic year Prof. Dr. Sachar Paulus Ralph Wölpert, Thorsten Weller, Ralf Dahmer, Thomas Koch German None ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 30 hours Written examination or oral examination 1/5 of the subject grade 6.75% of all subject grades % of the final grade The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: Knowing the methods of protection and safety engineering Analysis of the possibilities of use and effectiveness of protective mechanisms against elementary damage, mechanical safety installations, hazard alert systems and surveillance systems Planning of a security system network Evaluation of solutions available in the market Appraisal of the legal aspects for the deployment of individual security mechanisms Fundamentals of building safety Terminology and overview of areas of tasks and available options Engineering principles Physical attacks and their effect Elementary damage Attackers, their aims and methods of attack Weapons and their effect Seite 19/42 Catalogue of Modules M. Sc. Security Management February 2014

20 Radiation of electronic devices Mechanical safety systems and access control Locks, locking systems and their security Securing doors, windows and fences against attacks Secure storage and data cabinets Engineering and legal regulations and directives Hazard alert systems Fundamentals Burglary alarm systems Attack alert systems Installation failure alert systems Fire alarm and fire fighting systems Engineering and legal regulations and directives Surveillance systems Technical possibilities Open and hidden monitoring Engineering and legal regulations and directives Emergency planning and operational safety Consequential damage analysis Handling untoward incidents Teaching and learning methods: Literature: Additional information: Lecture Physical Security Systems Handbook by Michael Kairallah, Current Journals and Magazines covering the topic: kes, Der Sicherheitsberater [The Safety Advisor], S&I. Seite 20/42 Catalogue of Modules M. Sc. Security Management February 2014

21 3.3 Corporate Governance Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_Unternehmensführung Corporate Governance One term SecMan Master, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Robert Franz, Prof. Dr. Friedrich Holl, Prof. Dr. Sachar Paulus German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Processing case studies: 15 hours Oral examination 1/3 of the subject grade 4.17% of all subject grades 1.46% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Knowing the principles of successful corporate governance Influencing the corporate leaders for observing the security aspects and for constructive handling of crisis situations Derivation of a security strategy and security goals out of the corporate strategy Development of a strategy to strengthen the ethical aspects of corporate governance Resolution of conflicts Functions of corporate governance (development of corporate goals, principles, culture; Formulation of strategies; Human Resources and Negotiations Management; international aspects in the global competition) Integration of security goals with the corporate strategy Ethical aspects of corporate governance (anti-corruption strategies, Code of Conduct etc.) Seite 21/42 Catalogue of Modules M. Sc. Security Management February 2014

22 Teaching and learning methods: Literature: Conflict management (conflict diagnosis, typology of conflicts, escalations, strategies for conflict handling) Lecture, processing case studies in small groups, presentation of practice examples, role plays. K. Macharzina: Unternehmensführung [Corporate Governance] T. Hutzschenreuther: Krisenmanagement [Crisis Management] F. Glasl: Konfliktmanagement [Conflict Management] B. Stackpole, E. Osendahl: Security Strategy: From Requirements to Reality. Additional information: Seite 22/42 Catalogue of Modules M. Sc. Security Management February 2014

23 3.4 Secure Systems Lifecycle Management Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: Usability of the module: Frequency of offering of modules: Author: Lecturer: SM_Ma_SecureSystems Secure Systems Lifecycle Management One term SecMan Master, 2nd term, required module The module can also be offered as WPF for WI [Business Informatics] and Informatics Master courses. Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Sachar Paulus Language of instruction: Prerequisites: ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 80% German, 20% English Initial experience in programming web applications for an exemplary scenario. Normally, this should be ensured by studies completed until this point of time. Alternatively: selfstudy, for example, based on PHP 5.3: Program Dynamic Websites Professionally by Christian Wenz and Tobias Hauser (December 2009) 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 30 hours Exercise: 30 hours Development of a secure web application (30%); Documentation of a secure development cycle for a software application (40%); Carrying out and presentation of a security investigation for another web application (30%). 2/3 of the subject grade 15% of all subject grades 5.25% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Knowing and application of Best Practices taught during the development of IT based systems for secure software Development of acceptance criteria for non-functional security requirements Carrying out threat models Avoidance of weak points during the development Carrying out security checks Secure installation and operation of software Establishment of a Security Response Program Analysis of existing software for security-related weak points Seite 23/42 Catalogue of Modules M. Sc. Security Management February 2014

24 Contents: Teaching and learning methods: Literature: Additional information: Development and implementation of a protective program for software during the system development Establishment of a Management System for security in the development process, and integration of such Management System into a possibly available quality process Carrying out security analyses ( Hacking ) Presentation of investigation results Basic principles of secure software development: Security requirements Safe designing and threat models Architecture analyses Secure coding Security checks Secure systems Security Response Protection of own software against manipulation and know-how theft Interactive combination of lecture, exercises on own computer, lab exercises, preparation and presentation of content, demonstration of concepts, practical tasks in groups. Basiswissen sichere Software [Basics of secure software] by Sachar Paulus, dpunkt Software-Qualität, Testen, Analysieren und Verifizieren von Software [Software Quality, Testing, Analysis and Verification of Software] by Peter Liggesmeyer, Spektrum Akademischer Verlag, Writing Secure Code by Michael Howard & David LeBlanc, Seite 24/42 Catalogue of Modules M. Sc. Security Management February 2014

25 3.5 Secure IT Services and Business Processes Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_SichereITDienste Secure IT Services and Business Processes One term SM Ma, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Eberhard von Faber Dr. Eberhard von Faber Language of instruction: Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: German Basic knowledge of business processes and corporate governance; Knowledge of Information and Communications Technology: Applications, Systems and Networks, including the underlying technology. 90 hours = 30 hours of attendance and 60 hours of selfstudy 15 hours: lecture utilizing various media, project assignments for practice, in depth study and self checks, including control questions/revision course Written examination or oral examination 1/3 of the subject grade 7.5% of all subject grades 2.625% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Understanding of technologies and organisation of modern (industrial) ITC production, and especially the incidental security questions Usage and integration of IT services in business processes; assessment of security requirements, evaluation and selection of IT services Successful implementation of Identity and Access Management (IAM): understanding of basic terminology, architectures and technologies; planning and implementation in companies and in complex value-added chains 1. Fundamentals of ITC production; ITC architectures and infrastructure elements; Security aspects; Management of solutions for the system and network security; processes and organisation; Tasks ranging from weak point management to Disaster Recovery Seite 25/42 Catalogue of Modules M. Sc. Security Management February 2014

26 Teaching and learning methods: Literature: Additional information: 2. User and Producer: IT services; Security requirements, evaluation, selection and integration; Security and risk management in outsourcing, basic problems and sourcing models 3. Enterprise Security Architecture: ICT Production, Service Design, Transition, Service Delivery Management, Security Management, GRC 4. Basic terminology IAM (from Identification to Accounting), 5. Authentication: Types, methods, technologies; problems and solutions; Architectures and distributed systems (e.g. LDAP, RADIUS, Kerberos, ESSO, Single Sign-On, Federation), 6. Authorization: Services and limitations; Strategies (DAC, MAC, RBAC, IF); Realization (Groups, Roles, ACL, Capabilities); Alternatives; Trends and Outlook including DRM, 7. Identity Management: Administrative tasks, Registration, Workflows, Enrolment; Credential Management, User Self-Service, UHD etc. 8. Accounting; Analytics; Attestation; Intelligence, SOD 9. IAM-Architectures (the whole picture); Infrastructures 10. Erection and implementation of IAM programs in large enterprises Lecture utilizing various media, project assignments for practice, in depth study and self checks, including control questions/revision course [1] Alexander Tsolkas and Klaus Schmidt: Rollen und Berechtigungskonzepte, Ansätze für das Identity- und Access Management im Unternehmen [Roles and Authorization Concepts, Approaches for the Identity and Access Management in the Company]; August 2010, Vieweg+Teubner [2] Martin Kappes: Netzwerk- und Datensicherheit, Eine praktische Einführung [Network and Data Security, A Practical Introduction]; Vieweg+Teubner [3] Hans-Peter Königs: IT-Risiko-Management mit System, Von den Grundlagen bis zur Realisierung. Ein praxisorientierter Leitfaden [IT Risk Management with System, From the Basics to Realization. A Practice-oriented Guide], Vieweg [4] Claudia Eckert: IT Security, Concepts - Methods Protocols [5 : J. R. Winkler: Securing the Cloud: Cloud Computer Security Techniques and Tactics, Syngress. [6] Current Journals and Magazines on the topic: kes, Der Sicherheitsberater [The Security Advisor], S&I. Seite 26/42 Catalogue of Modules M. Sc. Security Management February 2014

27 3.6 Project Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_Projekt Project One term SecMan Master, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Friedrich Holl and all other participating teaching faculty members German Prerequisites: ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 15 hours Practical work: 45 hours + self-study time Project report (50%) Presentation (50%) 2/5 of the subject grade 9% of all subject grades 3.15% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Conducting security projects Planning a security-related project while following all requirements of security Application of project management methodologies Problem identification: - Systematic preparation of the State of the Art technology - Integration into the available practical context - Basic conditions of deployment - Use of different techniques of analysis such as interview method, questionnaire Delphi method, preparation of the context concerning documents and so on. Development of expected concepts: - Systematically founded development of a practiceoriented approach to solutions - Use of creative methods - Cost-benefit analyses - Development of basic conditions for deployment Prototypical implementation Seite 27/42 Catalogue of Modules M. Sc. Security Management February 2014

28 Teaching and learning methods: Literature: Additional information: - the prototypical implementation is carried out by developing a software prototype - implementation in an enterprise/organisation or e.g. development of an application for R&D sponsorship Lecture, practical work in groups comprising maximum 7 participants, presentation of own results. A Guide to the Project Management Body of Knowledge, PMI, 2008 For this course, the candidate s willingness to undertake practical work with cooperating partners is a prerequisite. Seite 28/42 Catalogue of Modules M. Sc. Security Management February 2014

29 3.7 Term Thesis 2 Brief module label: SM_Ma_Semesterarbeit2 Module description: Term Thesis 2 Division in teaching sessions, if applicable: Duration of module: One term Classification in the curriculum: SecMan Master, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Friedrich Holl and all other participating faculty members German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: Teaching and learning methods: Literature: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Seminar including topic presentation: 15 hours Writing assignment 1/2 of the subject grade 5% of all subject grades 1.75% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Preparation of independent scientific paper on the topic of security Source discussion: research, reading, evaluation Covering all relevant topics Logical coherence and consistency Formulate complex coherences comprehensibly Present own findings Lecture, discussion, presentation of own findings. DIN 1421 (Classification and Numbering System in Texts) Eco, U. (2005) Wie man eine wissenschaftliche Abschlussarbeit schreibt - Doktor-, Diplom- und Magisterarbeit in den Geistes- und Sozialwissenschaften [How to Compile Final Thesis for Doctorate, Graduate and Postgraduate Studies in Humanity and Social Science Studies], Müller, Heidelberg, Theisen, Manuel R.: Scientific Papers Technique & Methodology, Form, Peterßen, Wilhelm H.: Wissenschaftliche(s) Arbeiten - Eine Einführung für Schule und Studium [Scientific Papers An Introduction to Schools and Studies], Seite 29/42 Catalogue of Modules M. Sc. Security Management February 2014

30 Additional information: Ideally, the student should prepare his own scientific publication during this course. Seite 30/42 Catalogue of Modules M. Sc. Security Management February 2014

31 4 Third Term 4.1 Master s Thesis incl. Master s Seminar Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_Masterarbeit Master s Thesis incl. Master s Seminar Master s seminar is offered simultaneously, where state of work done is appraised without grading. One term SecMan Master, 3rd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Sachar Paulus All faculty members of the university teaching in the course Language of instruction: Prerequisites: ECTS-Credits: 24 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: Teaching and learning methods: Literature: German / English (as per student s option). Only candidates may register themselves for Master s Thesis, who have successfully completed all examinations and course achievements expected to be completed until incl. the 2 nd term. 690 hours of self-study, 30 hours of attendance (Master s seminar) Self-study. Master s Thesis (75%) Colloquium (25%) 30% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Preparation of a scientific paper under the guidance with own creative and/or constructive portions of the topic Security Management within a period of 4 months The Master s Thesis is intended as related preoccupation with an extensive topic and the resulting solution for a theoretical or practical problem. Self-study. Booth, W. C. et a. (1995). The draft of research. Chicago London Brown, S. R. et al. (1990) Experimental Design and Analysis. London Cialdini, R. B. (2001). Influence, Science and Practice. Bosten, M.A. Hussley, J., Hussley, R. (1997). Business Research. A practical guide for undergraduate and postgraduate Seite 31/42 Catalogue of Modules M. Sc. Security Management February 2014

32 students Karmasin, M. et al. (1999). Die Gestaltung wissenschaftlicher Arbeiten: ein Leitfaden für Haus-, Seminar- und Diplomarbeiten sowie Dissertationen [The Designing of Scientific Papers: A Guide for Homework, Seminar and Graduation Papers and Dissertations]. Vienna Pyrczak, S. et. Al. (1998). Writing empirical Research Reports. Los Angeles. C.A. Seale, C. (1999). The quality of quantitative research. London Trachim, W. M. K. (2000). The Research Knowledge Base. Cincinatti. Ohio Additional information: Seite 32/42 Catalogue of Modules M. Sc. Security Management February 2014

33 5 Examples for Compulsory Optional Modules 5.1 ITIL - Information Technology Infrastructure Library Brief module label: Module description: SM_Ma_ITIL ITIL - Information Technology Infrastructure Library Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: One term SecMan Master, 1 st / 2 nd /3 rd terms, elective module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Thekla Ludwig Timothy Ross German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 30 hours Homework (100%) 1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: - Application of the ITIL model - Evaluation of company/security processes in regard to the implementation of the ITIL model Seite 33/42 Catalogue of Modules M. Sc. Security Management February 2014

34 Contents: Teaching and learning methods: Literature: The students are introduced to ITIL (IT Infrastructure Library v3 ) and IT Service Management, comprising: - ITIL model - 5 Phases of the ITIL lifecycle (Service Strategy, Service Design, Service Transition, Service Operation and Continual Service Improvement) and their individual processes. Supplementing the theoretical introduction, various practical scenarios are presented and practically developed. Different situations of ITIL introductions are presented and the significance of ITIL is highlighted through examples. Individual topics are studied in depth through presentations. In addition to this, the option is offered to acquire an official ITIL Foundation certificate. Lecture with projector, Flipchart, Whiteboard, exercises (in groups and plenary sessions, presentations. - Jan van Bon, et al., Foundations in IT Service Management based on ITIL v3, Van Haren Publishing, Zaltbommel Jan van Bon, et al., Foundations in IT Service Management based on ITIL, Zaltbommel David Cannon, et al., ITIL Service Strategy 2011 Edition, TSO, London, Lou Hunnebeck, et al., ITIL Service Design 2011 Edition, TSO, London, Stuart Rance, et al., ITIL Service Transition 2011 Edition, TSO, London, Randy Steinberg, et al. ITIL Service Operation 2011 Edition, TSO, London, Vernon Lloyd, et al., ITIL Continual Service Improvement 2011 Edition, TSO, London, 2011 Additional information: Seite 34/42 Catalogue of Modules M. Sc. Security Management February 2014

35 5.2 Know-how Protection Brief module label: Module description: SM_Ma_Know-HowSchutz Know-how Protection Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: One term SecMan Master, 1 st / 2 nd / 3rd terms, elective module Usability of the module: Frequency of offering of modules: Every academic year Author: Lecturer: Language of instruction: Thekla Ludwig Peter Mnich and Dr. Jörg Treffke German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Oral examination Weighting of the grade in the overall grade: Learning outcomes: Contents14: 1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: - Evaluation of corporate risks in regard to the Know-how protection The students learn about contents related to: - the explanation of protection of know-how and products - definitions and differentiation of information outflow and espionage - current position of espionage worldwide - risks for German enterprises - offenders, offender models and their modus operandi - protective measures, processes and current spheres of activity in the domain of Know-how Protection Seite 35/42 Catalogue of Modules M. Sc. Security Management February 2014

36 Teaching and learning methods: Literature: Lecture, exercises in small groups. - Lindemann U. et al.: Know-How-Schutz im Wettbewerb: Gegen Produktpiraterie und unerwünschten Wissenstransfer [Know-how Protection in the World of Competition: Against Product Piracy and undesired Transfer of Knowledge], Springer Berlin Heidelberg, Kochmann, K.: Schutz des Know-How gegen ausspähende Produktanalysen [Protection of know-how against spying product analyses], De Gruyter, Abele, E. at all.: Schutz vor Produktpiraterie: Ein Handbuch für den Maschinen- und Anlagenbau [Protection against Proct Piracy: a Manual for Construction of Machines and Installations], Springer Berlin Heidelberg, Kahle/Merkel: Fall- und Schadensanalyse bzg. Know-how-/Informationsverlusten in Baden- Württemberg ab 1995 [Case and Damage Analysis reg. Know-how/Information losses in the State of Baden- Würtemberg from 1995], Uni Lüneburg, Wurzer/Kaiser: Praxishandbuch Internationaler Know-how-Schutz [Practical manual for international Know-how Protection], Bundesanzeiger Verlag, Lux/Peske: Competitive Intelligence und Wirtschaftsspionage [Competitive Intelligence and Industrial espionage], Gabler Verlag, Michaeli, Competitive Intelligence, Springer Verlag, Schaaf, Industriespionage [Industrial espionage], Boorberg, Fussan: Managementmaßnahmen gegen Produktpiraterie und Industriespionage [Management measures against product piracy and industrial espionage], Gabler Verlag, Fink, Lauschziel Wirtschaft [Business world, the target of bugging], Boorberg, Kenan, Vertrag versus Vertrauen [Contract vs. Trust], VDM, Liman: Bewertung des irregulären Verlustes von Know-how [Assessment of irregular loss of knowhow], Wirtschaftsverlag Bachem, Westermann: Handbuch Know-how-Schutz [Manual of Know-how Protection], Verlag C.H. Beck, Additional information: Seite 36/42 Catalogue of Modules M. Sc. Security Management February 2014

37 5.3 Technical Aspects of the IT Forensics Brief module label: Module description: SM_Ma_IT-Forensik Technical Aspects of IT Forensics Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: One term SecMan Master, 1 st / 2 nd / 3 rd terms, elective module Usability of the module: Frequency of offering of modules: Every academic year Author: Lecturer: Language of instruction: Thekla Ludwig Prof. Dr. Igor Podebrad German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 2 term hours per week Homework (100%) 1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: - Analysis of data media, Operating Systems and networks - Evaluation of data media and Operating Systems in regard to their forensic case-related information Seite 37/42 Catalogue of Modules M. Sc. Security Management February 2014

38 The students will receive leaning content concerning: Data media analysis - Overview of types of hard disks - Overview of physical and logical distribution of a disk - Overview of file systems and file administration - Details of hard disk analysis (files and their properties, including the types of files) - Details of FAT Analysis of Operating Systems - Server vs. Workstation - Location of OS on the disk - Process analysis Contents14: - Network connectivity - Registry - NTFS - Details of Alternate Datastreams and Filetypes - Windows artefacts - Timelining - Details of Registry - analysis Network analysis - Fundamentals - Protocols - Details of analysis (anomalies, hidden communication, types of attacks) Teaching and learning methods: Lecture, exercises in small groups. Seite 38/42 Catalogue of Modules M. Sc. Security Management February 2014

39 Literature: - Dewald, A. et al.: Forensische Informatik [Forensic Informatics], Books on Demand, Geschoneck, A.: Computer-Forensik: Computerstraftaten erkennen, ermitteln, aufklären [Computer Forensics: Identifying, investigating, solving computer criminality], dpunkt.verlag, Carrier, B.: File System Forensic Analysis, Addision-Wesley Professional, Carvey, H.: Windows Forensic Analysis DVD Toolkit, Syngress, Pogue, C.: UNIX and Linux Frensic Analysis DVD Toolkit, Syngress, 2008 Additional information: Seite 39/42 Catalogue of Modules M. Sc. Security Management February 2014

40 5.4 Security Concepts of Nuclear Power Plants Brief module label: Module description: SM_Ma_KonzepteSicherheitKernkraftwerken Security Concepts of Nuclear Power Plants Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: One term SecMan Master, 1 st /2 nd / 3 rd terms, elective module Usability of the module: Frequency of offering of modules: Every academic year Author: Thekla Ludwig Lecturer: Language of instruction: German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 2 term hours per week Homework (100%) 1/5 of the subject grade; 4.5% of all subject grades; 1.575% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: - Application of the ITIL model - Evaluation of corporate/security processes in regard to the implementation of the ITIL model Seite 40/42 Catalogue of Modules M. Sc. Security Management February 2014

41 The students receive comprehensive information concerning the fundamentals and requirements of: - Integrated management system (interaction between Man-Technology-Organisation (MTO concept)) - Aims of security (radiological and technical aims) - Defence in Depth concept, independence of security levels - Barrier concept - Events and situations on security levels - Installation internal emergency protection concept - Protection against overlapping impacts Contents14: - Principles of proofs of safety (deterministic and probabilistic approaches) CCF concept - Classification concept - Concept for practical exclusion of events - Principles of layout o o o o o o Diversity principle avoidance of Individual error concept 30 minute concept Inherent safety, fail-safe principle Passive principles of operation Basic safety, leak-before-break - Safety requirements for future nuclear power plants Teaching and learning methods: Lecture, exercises in small groups. Seite 41/42 Catalogue of Modules M. Sc. Security Management February 2014

42 Literature: - Borlein, M.: Kerntechnik [Nuclear Technology], Vogel Business Media, Smidt, D.: Reaktor-Sicherheitstechnik [Reactor Safety Technology], Springer-Verlag, Berlin, IAEA: - WENRA: nce=1&action=pod_show - KTA: - GRS: - Handbuch für Reaktorsicherheit und Strahlenschutz, - BMU: Sicherheitskriterien für Kernkraftwerke, hriften_technische_regeln/doc/40327.php Additional information: Seite 42/42 Catalogue of Modules M. Sc. Security Management February 2014