How To Pass An It Forensics Course

Transcription

1 Catalogue of Modules M. Sc. Security Management February 2014

2 Impressum Autor: Prof. Dr. Sachar Paulus Redaktion: Prof. Dr. Sachar Paulus Druck: Druckerei der Fachhochschule Brandenburg Kontakt: Fachhochschule Brandenburg University of Applied Sciences Magdeburger Str Brandenburg an der Havel T F E sachar.paulus@fh-brandenburg.de Stand: 21. Februar 2014 Fachhochschule Brandenburg Seite 2/42 Catalogue of Modules M. Sc. Security Management February 2014

3 Inhaltsverzeichnis 1 Introduction 4 2 Modules of the first term Principles of Security Management Law, Compliance and Data Protection Principles of ICT Infrastructure Security Principles of Secure Communication Technology Principles of forensics and auditing Term Thesis Second term Security and Crisis Management in the international Context Physical Security Corporate Governance Secure Systems Lifecycle Management Secure IT Services and Business Processes Project Term Thesis Third Term Master s Thesis incl. Master s Seminar 31 5 Examples for Compulsory Optional Modules ITIL - Information Technology Infrastructure Library Know-how Protection Technical Aspects of the IT Forensics Security Concepts of Nuclear Power Plants 40 Seite 3/42 Catalogue of Modules M. Sc. Security Management February 2014

4 1 Introduction This document contains the module descriptions of Brandenburg University of Applied Sciences M. Sc. Degree program on Security Management. The module content is of 2012, the descriptions have been translated to English early Students can choose a profile amongst a number of offerings. Part of the content consists of compulsory optional modules that the program management selects every term. You can find a number of descriptions for compulsory optional modules as examples at the end of this publication. Module overview Term Module Modules CP/ Term 1 Principles of Security Management (6CP) Principles of Secure Communication Technology (3CP) Principles of Forensices and Auditing (3CP) Principles of ICT Infrastructure Security (6CP) Law, Compliance and Data Protection (6CP) Term Thesis 1 (3CP) Compulsory Optional Module 1 (3CP) Security and Crisis Management in International Contexts (6CP) Physical Security (3CP) Secure System Lifecycle Management (6CP) Secure IT- Services and Business Processes (3CP) Corporate Governance (3CP) Term Thesis 2 (3CP) Project (6CP) 7 30 Compulsory Optional Module 2 (3CP) Compulsory Optional Module 3 (3CP) Master Thesis incl. Colloquium (21CP), Master Seminar (3CP) Subject Area Security Management IT Security Mathematical and Technical Principles Law and Business Management Compulsory Optional Modules Seite 4/42 Catalogue of Modules M. Sc. Security Management February 2014

5 2 Modules of the first term 2.1 Principles of Security Management Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Prerequisites: SM_Ma_GrundlagenSecurityManagement Principles of Security Management One term SM Ma, 1st term, required module The module is also offered as a compulsory lecture for the Master s course in Information Systems. The module can also be offered for Master s course in Informatics. Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Sachar Paulus German None ECTS-Credits: 6 Total workload and ist composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 15 hours Exercise: 15 hours Practical application based on case studies: 30 hours Homework (50%), Presentation (50%). 2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: Preparation of security investigations Conducting risk evaluations Analysis of conditions of security and the significance of counter measures Development of understanding the importance of security in the process of decision making by entrepreneurs Assessment of security organisations in enterprises Implementing exemplary security processes with the use of IT tools Designing security measures and successfully presenting the same to a committee of decision makers In addition, the students are expected to achieve the following results of learning: Establish a security organisation in an enterprise Prepare a skill profile for an individual in charge of Seite 5/42 Catalogue of Modules M. Sc. Security Management February 2014

6 Contents: Teaching and learning methods: Literature: security Integrate IT and non IT security relevant aspects Introduce a security management system in an organisation Prepare a strategy for a section of IT, information or corporate security Primary aspects of corporate security: Security Governance and Security Management System Security Organisation Security Policy Risk management Analyzing security Security processes Norms and standards for information security Return-on-Security-Investment calculations Crisis management Business Continuity Management Additionally: Selected specific areas of the IT and corporate security Interactive combination of lectures, preparations and presentation of contents, demonstration of concepts, practical tasks for groups, preparation of own content and role play. Security Management 2011: Manual of information security, IT security, security of locations, White-collar criminality and Management liability by Guido Birkner, Handbuch Unternehmenssicherheit [Manual of Corporate Security]: Comprehensive security, continuity and risk management with system by Klaus-Rainer Müller, Unternehmenssicherheit [Corporate Security] by Stephan Gundel, and Lars Mülli, Security Risk Management Body of Knowledge by Julian Talbot, Miles Jakeman, Wiley Additional information: Seite 6/42 Catalogue of Modules M. Sc. Security Management February 2014

7 2.2 Law, Compliance and Data Protection Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_RechtComplianceDatenschutz Law, Compliance and Data Protection One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Michaela Schröter, Dipl. iur. Raoul Kirmes M.Sc., CISA, QMA German Prerequisites: ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 180 hours = 60 hours of attendance and 120 hours of self-study Lecture: 60 hours Study assignments (30%), Written examination (70%). 2/3 of the subject grade; 8.33% of all subject grades; 2.916% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Identification of relevant legal position of important activities concerned with security in organisations Application of national, European and international legislations in order to meet the compliance specifications for companies Enabling critical discussion with legal target conflicts and for submitting an appropriate evaluation of the risk situation for companies as those affected by regulations 1. Introduction to juristic methodology 2. European and international security law 3. Introduction to the WTO law (focus on international law on product safety) 4. System of fundamental freedom and national security interests 5. Technical trade restrictions in security law 6. Compliance in the international context 7. International, European and national accreditation law 8. Principles of contractual liability ( 280 BGB) Seite 7/42 Catalogue of Modules M. Sc. Security Management February 2014

8 9. Principles of tortious liability ( 823ff BGB, ProdHaftG) 10. Law governing the private security trade 11. Overview of the German law governing weapons 12. Main features of law of criminal proceedings 13. Electronic legal relations (ecommerce/signature law) 14. International emoluments and principles of law governing data security Teaching and learning methods: Literature: Additional information: Lecture - Harald Jele, Wissenschaftliches Arbeiten: Zitieren [Scientific Working Methods: Quoting], Kohlhammer, 3rd ed., Calliess/Ruffert, EUV/AEUV 4th ed Röhl, Akkreditierung und Zertifizierung im Produktsicherheitsrecht [Accreditation and Certification in Law Governing Product Safety], Springer Verlag Ensthaler, Zertifizierung und Akkreditierung technischer Produkte [Certification and Accreditation of Technical Products], Springer Verlag Martin Schulte, Handbuch des Technikrechts [Manual of Law Governing Technology], 2nd ed. Springer Verlag, Abbott/ Kirchner/ et.al., International Standards and the Law, Stämpfli Verlag AG, Kurt Schellhammer, Schuldrecht nach Anspruchsgrundlagen [Law of Obligations According to Principles of Claims], 8 th ed., Martin Kutscha, Handbuch zum Recht der Inneren Sicherheit [Manual of Law Governing Internal Security], 2nd ed., BWV Verlag, Rolf Stober, Sven Eisenmenger, Besonderes Wirtschaftsverwaltungsrecht [Special Business Administration Law], 15th ed., Verlag Kohlhammer, Knemeyer: Polizei- und Ordnungsrecht [Police and Law Governing Public Order], Beck, Busche: Waffenrecht 2012 [Weapons law 2012], Kiel Hoeren: Internet- und Kommunikationsrecht [Internet and communication law], Otto Schmidt Cologne Schade: Arbeitsrecht [Labour law], Kohlhammer Martin T. Biegelman, Building World-Class Compliance Program: Best Practices and Strategies for Success, John Wiley & Sons; Acquisti/ Gritzalis/Lambrinoudakis, Digital Privacy: Theory, Technologies, and Practices, Auerbach Pubn, Sanjay Anand, Essentials of Sarbanes-Oxley, John Wiley & Sons, CCH Incorporated, SEC Compliance and Disclosure Interpretations, Harcourt Professional Publishing, Reyes, Carla, WTO-compliant Protection of Fundamental Rights: Lessons from the EU 'Privacy Directive, Melbourne Journal of International Law, Vol. 12, No. 1, Jun 2011: Spiros Simitis, Bundesdatenschutzgesetz [Federal Law Governing Data Security], Nomos, 7 th ed., Current legal texts Assignments for thorough reading Seite 8/42 Catalogue of Modules M. Sc. Security Management February 2014

9 2.3 Principles of ICT Infrastructure Security Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_IKT-Infrastruktursicherheit Principles of ICT Infrastructure Security One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Eberhard von Faber Prof. Dr. Eberhard von Faber, Dipl. Ing. Dietmar Hausmann Language of instruction: Prerequisites: ECTS-Credits: 6 German Importance of IT security and its role in practice; technical and physical basic knowledge; knowledge of the basics of Internet networks, Operating Systems and cryptography-based techniques Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: 180 hours = 60 hours of attendance and 120 hours of self-study lectures in the range of at least 30 hours and exercises up to 30 hours Written examination or oral examination including 20% of the result of project work 1/2 of the subject grade 5% of all subject grades 1.75% of the final grade Familiarization with the threats and challenges in networks, including important counter measures in the form of protocols and various security solutions Familiarization with the functioning of these solutions, understanding of their use, operation and interaction; ability to integrate and deploy independently some of these solutions; familiarization with supplementing measures and solutions Development of the ability to integrate the required solutions adequately into various ITC infrastructures and usage scenarios; familiarization with service models including Cloud Computing and its implications Development of ability to analyse requirements and industrial practical factors and to integrate solutions based on the practical example of an industrial solution Familiarization with security modules and embedded systems as core components for distributed systems; properties, challenges and use; principles of usage and on Seite 9/42 Catalogue of Modules M. Sc. Security Management February 2014

10 Contents: Teaching and learning methods: Literature: the security of smart cards Details of PKI as infrastructure for secure communication, including testing schemes as international infrastructure for the risk management based on the example of payment systems Extended principles of Internet networks (TCP/IP Protocol, ISO/OSI, Routing, active components, cryptography) Dangers in the use of IT, categories of threats, weak points and hazards Security management, security audits with tools, network monitoring and network logging Attacks and counter measures Cryptography applications (encrypted communication, VPN protocols, certificates) Web Server Security, security In depth study and practical application of project topics on Firewalls, Honeypots and Intrusion Detection Systems, WLAN security and VPN Integration of various solutions in the ITC network: business processes vs. ITC; Usage scenarios vs. ITC; service models and Cloud Computing: division of labour, service models, security management Learning situation of a special industry application: requirements and solutions; Practical factors and their outcome, result and practice in industry Components for distributed systems and mobility: Embedded Systems; Properties, challenges and solutions; Internet of things; Life Cycle; Device Management and Security Design; Practical seminar: application, technology of the chip cards and practical attacks PKI: an infrastructure for secure communication (visible or invisible; function, realization, practice) Assurance: an infrastructure for Trust and Security in a (global) division of labour in industrial value-added chains Combination of lectures, exercises based on one s own computer and lab exercises; lectures deploying different media; tasks and exercise examples; control questions/revision course [1] Cisco Networking Academy: CCNA Exploration Companion Guide, Vol. 1-4, Cisco Press, 2008 [2] Alexander Michael: Netzwerke und Netzwerksicherheit - Das Lehrbuch [Networks and Network Security the text book], Hüthing publishers, [3] Plötner Johannes, Wendzel Steffen: Praxishandbuch Netzwerk-Sicherheit [Practical Manual of Network Security], Galileo Computing, [4] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons [5] Common Criteria for Information Technology Security Evaluation; or ISO [6] Rankl, Wolfgang and Wolfgang Effing: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards; [Manual of Chip Cards, Structure, Functioning, Usage of Smart Seite 10/42 Catalogue of Modules M. Sc. Security Management February 2014

11 Cards] by Hanser technical publishers Other reference works on special project topics (VPN, IPSec, IPv6, IDS, WLAN, Attacks, and many more) Additional information: Scripts and other teaching materials will be distributed directly to the students during the lecture, or made available on the learning platform of the university. Seite 11/42 Catalogue of Modules M. Sc. Security Management February 2014

12 2.4 Principles of Secure Communication Technology Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_SichereKommunikation Principles of Secure Communication Technology One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Eberhard von Faber, Prof. Dr. Michael Syriakow German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 30 hours Written examination 1/4 of subject grade 2.5 % of all subject grades % of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Learning outcomes: Contents: Teaching and learning methods: Literature: Comprehension of the fundamentals and conditions of secure communication Thinking out communication scenarios Comprehension of the cryptographic principles Evaluation and selection of management tasks around electronic communication Logical vs. physical security Basic concepts of cryptography (symmetrical vs. asymmetrical methods, encryption, signature, certificates, PKI, RSA, DSA, AES, DES, Hash functions) Security modules Embedded Systems Devices and key management Chip cards, incl. management and personalization Hardware-oriented attacks Lecture and exercises in small groups. [1] Anderson, Ross: Security Engineering, A Guide to Building Dependable Distributed Systems; John Wiley & Sons, Inc.; 2001 Seite 12/42 Catalogue of Modules M. Sc. Security Management February 2014

13 Additional information: [2] FIPS PUB 140-2, Security Requirements for Cryptographic Modules; National Institute of Standards and Technology; 2002; [3] Common Criteria for Information Technology Security Evaluation (also ISO15408), Part 1: Introduction and general model, Part 2: Security functional requirements, Part 3: Security assurance requirements or (and: CEM) [4] BSI-PP-0002, Smartcard Integrated Circuit Platform Protection Profile; Version 1.0, July 2001 (E. von Faber main technical editor); Smartcard Integrated Circuit Augmentations; Version 1.0, March 2002; [5] Rankl, Wolfgang and Effing, Wolfgang: Handbuch der Chipkarten, Aufbau, Funktionsweise, Einsatz von Smart Cards [Manual of Chip Cards, Structure, Functioning, Use of Smart Cards]; published by Hanser Fachbuchverlag, 2002 Beutelspacher, Kryptologie [Cryptology], Vieweg, 2005 C. A. Deavours L. Kruh, Machine Cryptography and Modern Cryptanalysis, Artech House Publishers, 1985 D. E. Knuth, The Art of Computer Programming 2, Seminumerical Algorithms, Addison-Wesley, 1998 A. J. Menezes - P. van Oorschoot - S. Vanstone, Handbook of Applied Cryptography, CRC, 1996 B. Schneier, Angewandte Kryptographie [Applied Cryptography], Pearson Studium, 2005 A. Sinkov, Elementary Cryptanalysis, The Mathematical Association of America, 1998 M. Welschenbach, Cryptography in C and C++, Apress, 2005 J. Bamford, Body of Secret: Anatomy of the Ultra-Secret National Security Agency, Anchor, Reprint Edition, 2002 Use of the E-Learning Program CrypTool Seite 13/42 Catalogue of Modules M. Sc. Security Management February 2014

14 2.5 Principles of forensics and auditing Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_ForensikAuditing Principles of forensics and auditing One term SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Igor Podebrad German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: Teaching and learing methods: Literature: 90 hours = 30 hours of attendance and 60 hours of self-study Lecture: 30 hours Written examination 1/4 of the subject grade 2.5% of all subject grades 0.875% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Organisation of IT forensic analyses and IT audits Operating IT systems while taking into account the requirements of IT forensics and IT auditing Development and implementation of IT forensics related security guidelines Evaluation of the usability of IT audit results for forensics Legal prerequisites for IT forensics Principles of IT auditing Organisation of IT forensic analyses Lecture and exercises in small groups IT-Forensik [IT Forensics] by Alexander Geschonnek, 2011 The Basics of Digital Forensics: The Primer for Getting Started in Digital Forensics by John Sammons, 2012 Additional information: Seite 14/42 Catalogue of Modules M. Sc. Security Management February 2014

15 2.6 Term Thesis 1 Brief module label: SM_Ma_Semesterarbeit1 Module description: Term Thesis 1 Division in teaching sessions, if applicable: Duration of module: One term Classification in the curriculum: SecMan Master, 1st term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Friedrich Holl and all other participating teaching faculty members German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Seminar with preparation of presentation: 15 hours Written assignments 1/2 of the subject grade 5% of all subject grades 1.75% of the final grade Preparation of scientific papers with tutorial related to the topic of security Methods of collection of data (statistics, interviews, primary/secondary sources) Source discussion: research, reading, evaluation Creative techniques and self-organisation Situation-related requirements for writing styles (advertising, press releases, scientific papers etc.) Preparation of an exposé Methodical structure of scientific papers Phases of scientific working methods Material collection and research Material evaluation and selection Material and topic processing Method of quoting Teaching and learning methods: Literature: Lecture, discussion, presentation of own results. DIN 1421 (Classification and Numbering System in texts) Eco, U. (2005) Wie man eine wissenschaftliche Abschlussarbeit schreibt Seite 15/42 Catalogue of Modules M. Sc. Security Management February 2014

16 - Doktor-, Diplom- und Magisterarbeit in den Geistesund Sozialwissenschaften [How to Compile Final Thesis for Doctorate, Graduate and Postgraduate Studies in Humanity and Social Science Studies], Müller, Heidelberg, Theisen, Manuel R.: Scientific Papers Technique & Methodology, Form, Peterssen, Wilhelm H.: Scientific Papers - An Introduction for School and Studies, Additional information: Seite 16/42 Catalogue of Modules M. Sc. Security Management February 2014

17 3 Second term 3.1 Security and Crisis Management in international Contexts Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_SecurityKrisenManagementInternational Security and Crisis Management in international Contexts One term SM Ma, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Sachar Paulus Language of instruction: German, partly English (10%) Prerequisites: None ECTS-Credits: 6 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 180 hours = 60 hours of attendance and 120 hours of selfstudy Lecture: 30 hours Exercise: 15 hours Practical application based on case studies: 15 hours Written examination or oral examination 2/5 of the subject grade 13.5% of all subject grades 4.725% of the final grade The objective is to enable the students to acquire knowledge and skills in the following aspects of learning: Analysis of security systems in the international context while taking into account the cultural, political and geographical conditions Management of security organisation in international corporations Preparation of security measures during travel or delegation of employees to foreign countries Introduction of a crisis management system Reaction in international crisis situations Controlling the global crisis communication Influencing the public perception of security topics Security management in global organisations Travel Security Security during delegation of employees Crisis management in the international context Communication during crises: principles and procedures for communication during crisis situations Internal and external crisis communication Message House Seite 17/42 Catalogue of Modules M. Sc. Security Management February 2014

18 Teaching and learning methods: Literature: Additional information: Handling media during crisis situations Public image of security Campaigns for security topics Interactive combination of lecture, preparation and presentation of content, demonstration of concepts, practical tasks for groups, preparation of own content and role play. Notfall- und Krisenmanagement im Unternehmen [Emergency and Crisis Management in Companies] by Axel Bédé, Unternehmenskrisen und Krisenmanagement [Corporate Crises and Crisis Management] by Ronny Scharschmidt, Führen in Krisensituationen [Managing during Crisis Situations] by Markus Klaus, Global Threat: Target-Centered Assessment and Management by Robert Mandel, Security Risk Management Body of Knowledge by Julian Talbot and Miles Jakeman, Seite 18/42 Catalogue of Modules M. Sc. Security Management February 2014

19 3.2 Physical Security Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_PhysischeSicherheit Physical Security One term SM Ma, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Prerequisites: Every academic year Prof. Dr. Sachar Paulus Ralph Wölpert, Thorsten Weller, Ralf Dahmer, Thomas Koch German None ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 30 hours Written examination or oral examination 1/5 of the subject grade 6.75% of all subject grades % of the final grade The objective is to enable the students to acquire basic knowledge and skills in the following aspects of learning: Knowing the methods of protection and safety engineering Analysis of the possibilities of use and effectiveness of protective mechanisms against elementary damage, mechanical safety installations, hazard alert systems and surveillance systems Planning of a security system network Evaluation of solutions available in the market Appraisal of the legal aspects for the deployment of individual security mechanisms Fundamentals of building safety Terminology and overview of areas of tasks and available options Engineering principles Physical attacks and their effect Elementary damage Attackers, their aims and methods of attack Weapons and their effect Seite 19/42 Catalogue of Modules M. Sc. Security Management February 2014

20 Radiation of electronic devices Mechanical safety systems and access control Locks, locking systems and their security Securing doors, windows and fences against attacks Secure storage and data cabinets Engineering and legal regulations and directives Hazard alert systems Fundamentals Burglary alarm systems Attack alert systems Installation failure alert systems Fire alarm and fire fighting systems Engineering and legal regulations and directives Surveillance systems Technical possibilities Open and hidden monitoring Engineering and legal regulations and directives Emergency planning and operational safety Consequential damage analysis Handling untoward incidents Teaching and learning methods: Literature: Additional information: Lecture Physical Security Systems Handbook by Michael Kairallah, Current Journals and Magazines covering the topic: kes, Der Sicherheitsberater [The Safety Advisor], S&I. Seite 20/42 Catalogue of Modules M. Sc. Security Management February 2014

21 3.3 Corporate Governance Brief module label: Module description: Division in teaching sessions, if applicable: Duration of module: Classification in the curriculum: SM_Ma_Unternehmensführung Corporate Governance One term SecMan Master, 2nd term, required module Usability of the module: Frequency of offering of modules: Author: Lecturer: Language of instruction: Every academic year Prof. Dr. Sachar Paulus Prof. Dr. Robert Franz, Prof. Dr. Friedrich Holl, Prof. Dr. Sachar Paulus German Prerequisites: ECTS-Credits: 3 Total workload and its composition: Form of teaching/term hours per week: Study and examination achievements: Weighting of the grade in the overall grade: Learning outcomes: Contents: 90 hours = 30 hours of attendance and 60 hours of selfstudy Lecture: 15 hours Processing case studies: 15 hours Oral examination 1/3 of the subject grade 4.17% of all subject grades 1.46% of the final grade This course aims to enable the students to acquire knowledge and skills in the following aspects of learning: Knowing the principles of successful corporate governance Influencing the corporate leaders for observing the security aspects and for constructive handling of crisis situations Derivation of a security strategy and security goals out of the corporate strategy Development of a strategy to strengthen the ethical aspects of corporate governance Resolution of conflicts Functions of corporate governance (development of corporate goals, principles, culture; Formulation of strategies; Human Resources and Negotiations Management; international aspects in the global competition) Integration of security goals with the corporate strategy Ethical aspects of corporate governance (anti-corruption strategies, Code of Conduct etc.) Seite 21/42 Catalogue of Modules M. Sc. Security Management February 2014