IT Security Manager
1.00€
Course Content
Total learning: 297 lessons / 11 quizzes
Time: 24 weeks
-
Module 1 - Fundamentals of IT-Security
- 1. Course Introduction
- 1.1 Learning Concept of the Course
- 1.2 Module Structure
- 2. Conceptual Classifications
- 2.1 IT-Security Preview
- 2.2 Development of the Modern Internet
- 2.3 Next Generation Network (NGN)
- 2.4 Internet of Things (IoT)
- 2.5 Monitoring
- 3. Modern IT-Systems in SMEs
- 3.1 Office-IT
- 3.2 Production-IT
- 3.3 Mobile Devices
- 4. Weak Points and Threats in IT-Systems
- 4.1 Examples from the Corporate Sector
- 4.2 Examples from Politics and Society
- 4.3 Examples from the Automotive Industry
- 5. Threats to IT-Systems in SMEs
- 6. Digression: IT-Security Criteria according to ISO 27001
- Bibliography
- List of Figures
- Questions of Understanding Module 1 – Fundamentals of IT-Security 6 questions
-
Module 2 - Data Protection - Technologies and Methods
- 1. Introduction
- 2. Data Security and Data Protection
- 2.1 Data Backup
- 2.2 Data Loss
- 2.3 Difference to Data Protection
- 2.4 The European GDPR
- 2.4.1 The Requirements and Obligations of the GDPR
- 2.4.2 Validity of the GDPR
- 2.4.3 Order Processing
- 2.4.4 Data Protection Officers
- 2.4.5 The Principles of the GDPR
- 2.5 Trends in Data Protection and Data Recovery
- 3. Methods and Technologies of Data Protection
- 3.1 Methods
- 3.1.1 Simple Full Data Backup
- 3.1.2 Differential Data Backup
- 3.1.3 Incremental Backup
- 3.1.4 Sequential Data Backup
- 3.1.5 Partial Data Backup
- 3.1.6 Data Protection Strategies
- 3.2 Media of Data Protection
- 3.2.1 Optical Storage Media (Non-Volatile Memories)
- 3.2.2 Magnetic Storage Media (Non-Volatile Memories)
- 3.2.3 Electronic Storage Media (Volatile Memory)
- 3.3 Handling Storage Media
- 4. Data Protection Concept
- 4.1 Specifying the Data
- 4.2 Select Method of Data Backup
- 4.3 Data Backup Medium
- 4.4 Create a Backup Plan
- 4.5 Organization within the Company
- 4.6 Tool Support
- Appendix: Data Backup Concept – A. Objective
- B. Definition of Responsibilities
- C. Risk Assessment
- D. Data Backup Procedure
- E. Minimum Organizational and Technical Requirements
- F. Implementation of the Data Backup Concept
- Bibliography
- List of Figures
- Questions of Understanding Module 2 – Data Protection, Technologies and Methods 5 questions
-
Module 3 - Network Architectures and Protocols
- 1. Introduction
- 2. Building Networks
- 2.1 Network Topologies
- 2.1.1 Bus Topology
- 2.1.2 Ring Topology
- 2.1.3 Star Topology
- 2.1.4 Mesh Topology
- 2.1.5 Tree Topology
- 2.2 Carrier Materials
- 2.2.1 Copper
- 2.2.2 Fibre Optic Cable/ Optical Fibre
- 2.2.3 Air
- 2.3 OSI Reference Model
- 3. Communication in the Network
- 3.1 Packet Switching and Routing
- 3.2 Addressing
- 3.3 Mac Address
- 3.4 NAT
- 4. Protocols
- 4.1 TCP
- 4.2 UDP
- 5. Network Security
- 5.1 Encryption
- 5.2 Authentication
- 6. Man-In-The-Middle
- Appendix 1 – Security Guidelines for the Construction of a Network Infrastructure (Based on the Studies of the BSI)
- Appendix 2 – Checklist for Setting up a Secure Network (Based on BSI Specifications)
- Checklist Local Network
- Checklist Security Gateways and Security Zones
- Checklist Coupling to the Internet
- Checklist Network Management
- Bibliography
- List of Figures
- Questions of Understanding – Module 3 – Network Architectures and Protocols 5 questions
-
Module 4 - Forms of Network Threats - Cyber Attacks and Malware
- 1. Introduction to Network Threats
- 2. Types of Attacks
- 3. Malware
- 3.1 Definition
- 3.2 Types of Malware
- 3.2.1 Computer Viruses
- 3.2.2 Computer Worm
- 3.2.3 Trojan Horse
- 3.2.4 Backdoor
- 3.2.5 Spyware
- 3.2.6 Scareware/Rogueware
- 3.2.7 Bots and Bot Nets
- 3.2.8 Ransomware
- 3.2.9 Phishing
- 3.2.10 Scamming
- 3.2.11 Dialler
- 3.2.12 Third Party Billing
- 3.2.13 Cryptomining
- 3.3 Mixed Forms
- 4. Hacking
- 4.1 Network Hacking
- 4.2 Operating System Hacking
- 4.3 Software Hacking
- 5. Distributed Denial of Service (DDOS)
- 6. Social Engineering and Hardware
- 7. Counter Measures
- 7.1 Knowledge about Typical Attacks
- 7.2 Technical Measures
- 8. Digression: Cyber Warfare
- 8.1 Background and Definition
- 8.2 Methods
- 8.3 Attack Leadership in Cyber Warfare
- 8.4 Cyber Warefare in Reality
- Appendix: Description of the Hazard Analysis for a Subnetwork Scenario
- Bibliography
- List of Figures
- Questions of Understanding Module 4 – Forms of Network Threats – Cyber Attacks and Malware 5 questions
-
Module 5 - IT-Security in the Application I - Security Processes
- 1. Introduction
- 2. Organization and Communication in the Company
- 2.1 Definition of Roles in IT Security Management
- 2.2 Organization of IT Security in the Company
- 2.3 Awareness Management
- 3. IT Compliance
- 3.1 Legal Framework
- 3.2 Standards and Norms
- 4. IT Security Management
- 4.1 Risk Management
- 4.2 Emergency Management
- 4.3 Available Management
- 5. Technical IT Security Measures
- 6. Monitoring and Control Processes
- 6.1 Monitoring IT Security
- 6.2 IT Security Audits
- System Checklist
- Bibliography
- List of Figures
- Questions of Understanding Module 5 – IT-Security in the Application I – Security Processes 4 questions
-
Module 6 - IT-Security in the Application II - Security in Wireless LANs (WLANs)
- 1 Introduction
- 2 Legal Basis
- 3 Functionality of WLANs
- 3.1 Transmission by Radio
- 3.2 Modes
- 3.2.1 Ad-Hoc Mode
- 3.2.2 Infrastructure Mode
- 3.3 Hot Spots
- 3.4 Comparison to LAN
- 4 Encryption and Access Control
- 4.1 WEP
- 4.2 WPA
- 4.3 WPA2
- 5 Security Problems with WLANS and Possible attacks
- 6 Security for WLANs
- 7 Critical Consideration
- Attachment – Checklist for a Secure WLAN environment (Based on BSI technical guidelines)
- Bibliography
- List of Figures
- Questions of Understanding Module 6 – IT-Security in the Application II – Security in Wireless LANs (WLANs) 5 questions
-
Module 7 - Security for Internet Protocols
- 1 Types of Protocols
- 1.1 HTTP
- 1.2 SMTP/IMAP/POP3
- 1.3 FTP
- 1.4 NNTP
- 1.5 XMPP
- 1.6 SOAP
- 2 Security Issues in Web Applications
- 2.1 Programming and Configuration Errors
- 2.2 Caching and Cookies
- 2.3 Forging E-Mail Addresses
- 2.4 Missing Authentication and Encryption
- 3 Encryption
- 3.1 Historical Outline
- 3.2 Basics and Application Areas
- 3.3 Symmetric Encryption Methods (secret key)
- 3.3.1 DES
- 3.3.2 AES
- 3.3.3 OTP
- 3.4 Asymmetric Encryption Methods (public key)
- 3.4.1 RSA
- 3.4.2 PGP
- 3.4.3 SSL/TLS and SSH
- 4 Access, Entry and Access Control
- 5 Authentication
- 5.1 PIN/Password
- 5.2 TAN
- 5.3 Biometric Authentication
- 5.4 Certificates
- 5.5 Smartcard
- Appendix – Precautions for Using Internet Protocols in the Company
- Bibliography
- List of Figures
- Questions of Understanding Module 7 – Security for Internet Protocols 5 questions
-
Module 8 - Security Tasks for the Operating Systems
- 1 Introduction
- 2 Tasks and Security Tasks of an Operating System
- 3 Typical Attack
- 4 General Security in Servers and Operating Systems
- 4.1 Basic installation and Minimal System
- 4.2 Installation of Security Programs
- 4.2.1 Firewall
- 4.2.2 Anti-Virus Program/Virus Scanner
- 4.3 User Accounts/Access Control
- 4.4 Securing Ports
- 4.5 Secure Boot
- 4.6 Updates
- 4.7 Backups and Penetration Tests
- 4.8 Other Requirements
- 5 Special Safeguards in Different Operating Systems
- 5.1 Tools for Testing
- 5.2 Microsoft Windows
- 5.2.1 Access Control and Permissions in Windows
- 5.2.2 Vulnerabilities of Windows
- 5.2.3 Windows Defender
- 5.2.4 Windows Firewall
- 5.2.5 Windows Server Update Services
- 5.2.6 Windows Event Viewer
- 5.3 Unix Security – Linux
- 5.3.1 Access Control under Linux
- 5.3.2 Vulnerabilities and Countermeasures
- 6 Checklist for Setting Up and Managing IT Landscapes
- Bibliography
- List of Figures
- Questions of Understanding Module 8 – Security Tasks for the Operating Systems 5 questions
-
Module 9 - Remote Access
-
Module 10 - Development of Secure Software Applications
- 1. Introduction
- 2. Developing Secure Software
- 2.1 Software Development Process
- 2.2 Typical Programming Languages
- 2.3 Typical Databases
- 2.4 Object-oriented Programming
- 2.4.1 Encapsulation and Visibility
- 2.4.2 Defining and Checking Variable Ranges
- 2.5 Encryption of Network Traffic
- 3. Testing the Software
- 3.1 Test Coverage through Unit Tests
- 3.2 Attention to Corner Cases
- 4. Encryption of User Data
- 4.1 Encryption for Authentication
- 4.2 Encryption of Other User Data
- 4.3 Securing Data Collection
- 5. Identifying and Closing Security Gaps
- 6. Preventing Typical Problems
- 6.1 Buffer Overflow
- 6.2 Integer Overflow
- 6.3 SQL Injection
- 6.4 Denial of Services
- 6.5 Temporary Files
- Podcast
- Bibliography
- List of Figures
- Questions of Understanding Module 10 – Development of Secure Software Applications 5 questions
-
Module 11 - Mobile Safety and Security
- 1. Introduction
- 2. Communication Technologies
- 2.1 Mobile Radio Standards
- 2.2 Wireless LAN Technology
- 2.3 Bluetooth Technology
- 2.4 NFC Technology
- 3. Mobile Terminals
- 3.1 Hardware
- 3.2 Software/Operating Systems and Applications
- 3.2.1 iOS
- 3.2.2 Android
- 3.2.3 Windows Mobile
- 3.2.4 Other Operating Systems
- 3.3 Security Basics of Android and iOS
- 4. Threats
- 4.1 Physical intrusion and Hardware Manipulation
- 4.2 Operating System and Services
- 4.3 Mobile Apps
- 4.4 Malware
- 4.5 Tampering with Communication Channels
- 5. Protective Measures
- 6. Enterprise Mobility Management (EMM)
- 6.1 Inventory and Device Management
- 6.2 Role and Authorisation Management
- 6.3 Management of Updates and Application Software
- 6.4 Data Backup and Recovery
- 6.5 Documentation and Reporting
- Appendix: Checklist for the Introduction of Mobile Device Management (based on BSI (German Federal Institute for Security) guidelines)
- Bibliography
- List of Figures
- Questions of Understanding Module 11 – Mobile Safety and Security 5 questions10 minutes
2.1 IT-Security
IT-Security, i.e. information security, is a complex and multilayered topic. A uniform definition is difficult at this point because IT security comprises many components. Basically, information security is concerned with all technical measures to reduce the risk potential for IT applications and systems.
Its task is thus to protect companies and their assets from hackers and data robbers and thus also to prevent economic damage in advance. After all, a targeted attack on specific company data or sensitive customer and personnel data can also quickly lead to disruptions and losses in the economic sphere due to a breach of confidentiality.
IT security officers must therefore take protective measures to reduce the risk potential, i.e. develop security concepts, coordinate the allocation of access authorisations and implement security standards. The scope of activities also includes vulnerability analyses, system hardening, data protection, training to sensitise staff and risk analysis of existing IT systems. Thus, IT security is the technical implementation of security concepts under economic aspects (Lipinksi, 2007).
IT security not only includes software and applications, but also all endangered and vulnerable facilities such as buildings, people, networks and hardware. The aim of IT security is thus to protect confidential information, data and systems for the company so that unauthorised persons cannot access files, even during a transmission process, for example. IT security must also ensure the availability and authenticity of data and systems.
The figure below illustrates how complex a security concept is and how it should ideally be structured:
One hundred percent security can of course almost never be guaranteed. Because first of all, the term “security” first arises in the minds of our society. If this idea of security already exists, the urgency or necessity of the problem is usually not recognized and savings are quickly made on security measures or trained personnel in security matters.
Modal title
Main Content