Security for Systems Engineering teaches technological as well as organizational aspects for
- design
- setup and
- operation of dependable systems.
Students develop an understanding for security relevant aspects of IT systems based on practical examples. Required technological aspects of operating systems, network technologies and the development of webbased as well as mobile applications are presented with details that are needed for understanding the presented security measures. By presenting the point of views of attackers and security employees students learn the mindset of attackers and defenders.
Internet security or network security for itself is not sufficient to get a secure overall it systems. Therefore, Security for Systems Engineering combines many aspects of IT security to get an adequate level of IT security.
After visiting Security for Systems Engineering students have profound knowledge about information objects that need to be protected in operational settings, possible attacks as well as theoretically reasonable and economically justifiable technological and organizational security mechanisms needed to protect IT systems. Practical relevance, especially with regards to efficiency is shown by inviting external guest lectors from economy. The exercises which are primarily group work help learning practical skills to implement security mechanisms as well as exploiting security holes.
The topics of the lecture are among others
- Operating System Security
- Network Security
- Intrusion Detection, Intrusion Prevention
- Security in Software Development
- Web Application Security
- Security of Mobile Applications
- Organizational Security
- Risk Management
- Security Architectures
- Cryptography
- Finding Security Holes
Didactic approach: In the lecture the necessary technical foundations are taught, research in depth is guided on demand, and real, often large, case studies are presented. In the exercises the application of different aspects of the lecture are deepened and extended in 3 single and group tasks (among them an optional CTF contest) in our IT security lab infrastructure.