IT Security Manager
Free
Curriculum
- 11 Sections
- 297 Lessons
- 24 Weeks
Expand all sectionsCollapse all sections
- Module 1 - Fundamentals of IT-Security22
- 1.11. Course Introduction
- 1.21.1 Learning Concept of the Course
- 1.31.2 Module Structure
- 1.42. Conceptual Classifications
- 1.52.1 IT-Security
- 1.62.2 Development of the Modern Internet
- 1.72.3 Next Generation Network (NGN)
- 1.82.4 Internet of Things (IoT)
- 1.92.5 Monitoring
- 1.103. Modern IT-Systems in SMEs
- 1.113.1 Office-IT
- 1.123.2 Production-IT
- 1.133.3 Mobile Devices
- 1.144. Weak Points and Threats in IT-Systems
- 1.154.1 Examples from the Corporate Sector
- 1.164.2 Examples from Politics and Society
- 1.174.3 Examples from the Automotive Industry
- 1.185. Threats to IT-Systems in SMEs
- 1.196. Digression: IT-Security Criteria according to ISO 27001
- 1.20Bibliography
- 1.21List of Figures
- 1.22Questions of Understanding Module 1 – Fundamentals of IT-Security6 Questions
- Module 2 - Data Protection - Technologies and Methods41
- 2.11. Introduction
- 2.22. Data Security and Data Protection
- 2.32.1 Data Backup
- 2.42.2 Data Loss
- 2.52.3 Difference to Data Protection
- 2.62.4 The European GDPR
- 2.72.4.1 The Requirements and Obligations of the GDPR
- 2.82.4.2 Validity of the GDPR
- 2.92.4.3 Order Processing
- 2.102.4.4 Data Protection Officers
- 2.112.4.5 The Principles of the GDPR
- 2.122.5 Trends in Data Protection and Data Recovery
- 2.133. Methods and Technologies of Data Protection
- 2.143.1 Methods
- 2.153.1.1 Simple Full Data Backup
- 2.163.1.2 Differential Data Backup
- 2.173.1.3 Incremental Backup
- 2.183.1.4 Sequential Data Backup
- 2.193.1.5 Partial Data Backup
- 2.203.1.6 Data Protection Strategies
- 2.213.2 Media of Data Protection
- 2.223.2.1 Optical Storage Media (Non-Volatile Memories)
- 2.233.2.2 Magnetic Storage Media (Non-Volatile Memories)
- 2.243.2.3 Electronic Storage Media (Volatile Memory)
- 2.253.3 Handling Storage Media
- 2.264. Data Protection Concept
- 2.274.1 Specifying the Data
- 2.284.2 Select Method of Data Backup
- 2.294.3 Data Backup Medium
- 2.304.4 Create a Backup Plan
- 2.314.5 Organization within the Company
- 2.324.6 Tool Support
- 2.33Appendix: Data Backup Concept – A. Objective
- 2.34B. Definition of Responsibilities
- 2.35C. Risk Assessment
- 2.36D. Data Backup Procedure
- 2.37E. Minimum Organizational and Technical Requirements
- 2.38F. Implementation of the Data Backup Concept
- 2.39Bibliography
- 2.40List of Figures
- 2.41Questions of Understanding Module 2 – Data Protection, Technologies and Methods5 Questions
- Module 3 - Network Architectures and Protocols34
- 3.11. Introduction
- 3.22. Building Networks
- 3.32.1 Network Topologies
- 3.42.1.1 Bus Topology
- 3.52.1.2 Ring Topology
- 3.62.1.3 Star Topology
- 3.72.1.4 Mesh Topology
- 3.82.1.5 Tree Topology
- 3.92.2 Carrier Materials
- 3.102.2.1 Copper
- 3.112.2.2 Fibre Optic Cable/ Optical Fibre
- 3.122.2.3 Air
- 3.132.3 OSI Reference Model
- 3.143. Communication in the Network
- 3.153.1 Packet Switching and Routing
- 3.163.2 Addressing
- 3.173.3 Mac Address
- 3.183.4 NAT
- 3.194. Protocols
- 3.204.1 TCP
- 3.214.2 UDP
- 3.225. Network Security
- 3.235.1 Encryption
- 3.245.2 Authentication
- 3.256. Man-In-The-Middle
- 3.26Appendix 1 – Security Guidelines for the Construction of a Network Infrastructure (Based on the Studies of the BSI)
- 3.27Appendix 2 – Checklist for Setting up a Secure Network (Based on BSI Specifications)
- 3.28Checklist Local Network
- 3.29Checklist Security Gateways and Security Zones
- 3.30Checklist Coupling to the Internet
- 3.31Checklist Network Management
- 3.32Bibliography
- 3.33List of Figures
- 3.34Questions of Understanding – Module 3 – Network Architectures and Protocols5 Questions
- Module 4 - Forms of Network Threats - Cyber Attacks and Malware37
- 4.11. Introduction to Network Threats
- 4.22. Types of Attacks
- 4.33. Malware
- 4.43.1 Definition
- 4.53.2 Types of Malware
- 4.63.2.1 Computer Viruses
- 4.73.2.2 Computer Worm
- 4.83.2.3 Trojan Horse
- 4.93.2.4 Backdoor
- 4.103.2.5 Spyware
- 4.113.2.6 Scareware/Rogueware
- 4.123.2.7 Bots and Bot Nets
- 4.133.2.8 Ransomware
- 4.143.2.9 Phishing
- 4.153.2.10 Scamming
- 4.163.2.11 Dialler
- 4.173.2.12 Third Party Billing
- 4.183.2.13 Cryptomining
- 4.193.3 Mixed Forms
- 4.204. Hacking
- 4.214.1 Network Hacking
- 4.224.2 Operating System Hacking
- 4.234.3 Software Hacking
- 4.245. Distributed Denial of Service (DDOS)
- 4.256. Social Engineering and Hardware
- 4.267. Counter Measures
- 4.277.1 Knowledge about Typical Attacks
- 4.287.2 Technical Measures
- 4.298. Digression: Cyber Warfare
- 4.308.1 Background and Definition
- 4.318.2 Methods
- 4.328.3 Attack Leadership in Cyber Warfare
- 4.338.4 Cyber Warefare in Reality
- 4.34Appendix: Description of the Hazard Analysis for a Subnetwork Scenario
- 4.35Bibliography
- 4.36List of Figures
- 4.37Questions of Understanding Module 4 – Forms of Network Threats – Cyber Attacks and Malware5 Questions
- Module 5 - IT-Security in the Application I - Security Processes20
- 5.11. Introduction
- 5.22. Organization and Communication in the Company
- 5.32.1 Definition of Roles in IT Security Management
- 5.42.2 Organization of IT Security in the Company
- 5.52.3 Awareness Management
- 5.63. IT Compliance
- 5.73.1 Legal Framework
- 5.83.2 Standards and Norms
- 5.94. IT Security Management
- 5.104.1 Risk Management
- 5.114.2 Emergency Management
- 5.124.3 Available Management
- 5.135. Technical IT Security Measures
- 5.146. Monitoring and Control Processes
- 5.156.1 Monitoring IT Security
- 5.166.2 IT Security Audits
- 5.17System Checklist
- 5.18Bibliography
- 5.19List of Figures
- 5.20Questions of Understanding Module 5 – IT-Security in the Application I – Security Processes4 Questions
- Module 6 - IT-Security in the Application II - Security in Wireless LANs (WLANs)20
- 6.11 Introduction
- 6.22 Legal Basis
- 6.33 Functionality of WLANs
- 6.43.1 Transmission by Radio
- 6.53.2 Modes
- 6.63.2.1 Ad-Hoc Mode
- 6.73.2.2 Infrastructure Mode
- 6.83.3 Hot Spots
- 6.93.4 Comparison to LAN
- 6.104 Encryption and Access Control
- 6.114.1 WEP
- 6.124.2 WPA
- 6.134.3 WPA2
- 6.145 Security Problems with WLANS and Possible attacks
- 6.156 Security for WLANs
- 6.167 Critical Consideration
- 6.17Attachment – Checklist for a Secure WLAN environment (Based on BSI technical guidelines)
- 6.18Bibliography
- 6.19List of Figures
- 6.20Questions of Understanding Module 6 – IT-Security in the Application II – Security in Wireless LANs (WLANs)5 Questions
- Module 7 - Security for Internet Protocols34
- 7.11 Types of Protocols
- 7.21.1 HTTP
- 7.31.2 SMTP/IMAP/POP3
- 7.41.3 FTP
- 7.51.4 NNTP
- 7.61.5 XMPP
- 7.71.6 SOAP
- 7.82 Security Issues in Web Applications
- 7.92.1 Programming and Configuration Errors
- 7.102.2 Caching and Cookies
- 7.112.3 Forging E-Mail Addresses
- 7.122.4 Missing Authentication and Encryption
- 7.133 Encryption
- 7.143.1 Historical Outline
- 7.153.2 Basics and Application Areas
- 7.163.3 Symmetric Encryption Methods (secret key)
- 7.173.3.1 DES
- 7.183.3.2 AES
- 7.193.3.3 OTP
- 7.203.4 Asymmetric Encryption Methods (public key)
- 7.213.4.1 RSA
- 7.223.4.2 PGP
- 7.233.4.3 SSL/TLS and SSH
- 7.244 Access, Entry and Access Control
- 7.255 Authentication
- 7.265.1 PIN/Password
- 7.275.2 TAN
- 7.285.3 Biometric Authentication
- 7.295.4 Certificates
- 7.305.5 Smartcard
- 7.31Appendix – Precautions for Using Internet Protocols in the Company
- 7.32Bibliography
- 7.33List of Figures
- 7.34Questions of Understanding Module 7 – Security for Internet Protocols5 Questions
- Module 8 - Security Tasks for the Operating Systems30
- 8.11 Introduction
- 8.22 Tasks and Security Tasks of an Operating System
- 8.33 Typical Attack
- 8.44 General Security in Servers and Operating Systems
- 8.54.1 Basic installation and Minimal System
- 8.64.2 Installation of Security Programs
- 8.74.2.1 Firewall
- 8.84.2.2 Anti-Virus Program/Virus Scanner
- 8.94.3 User Accounts/Access Control
- 8.104.4 Securing Ports
- 8.114.5 Secure Boot
- 8.124.6 Updates
- 8.134.7 Backups and Penetration Tests
- 8.144.8 Other Requirements
- 8.155 Special Safeguards in Different Operating Systems
- 8.165.1 Tools for Testing
- 8.175.2 Microsoft Windows
- 8.185.2.1 Access Control and Permissions in Windows
- 8.195.2.2 Vulnerabilities of Windows
- 8.205.2.3 Windows Defender
- 8.215.2.4 Windows Firewall
- 8.225.2.5 Windows Server Update Services
- 8.235.2.6 Windows Event Viewer
- 8.245.3 Unix Security – Linux
- 8.255.3.1 Access Control under Linux
- 8.265.3.2 Vulnerabilities and Countermeasures
- 8.276 Checklist for Setting Up and Managing IT Landscapes
- 8.28Bibliography
- 8.29List of Figures
- 8.30Questions of Understanding Module 8 – Security Tasks for the Operating Systems5 Questions
- Module 9 - Remote Access12
- 9.11 Introduction
- 9.22 Remote Access Methodology
- 9.33 Remote Internet Access / VPN
- 9.43.1 Software VPN
- 9.53.2 Hardware VPN
- 9.64 Encryption of VPN
- 9.75 Cloud Computing
- 9.86 Thin Client
- 9.97 Authentication via Kerberos
- 9.10Bibliography
- 9.11List of Figures
- 9.12Questions of Understanding Module 9 – Remote Access5 Questions
- Module 10 - Development of Secure Software Applications27
- 10.11. Introduction
- 10.22. Developing Secure Software
- 10.32.1 Software Development Process
- 10.42.2 Typical Programming Languages
- 10.52.3 Typical Databases
- 10.62.4 Object-oriented Programming
- 10.72.4.1 Encapsulation and Visibility
- 10.82.4.2 Defining and Checking Variable Ranges
- 10.92.5 Encryption of Network Traffic
- 10.103. Testing the Software
- 10.113.1 Test Coverage through Unit Tests
- 10.123.2 Attention to Corner Cases
- 10.134. Encryption of User Data
- 10.144.1 Encryption for Authentication
- 10.154.2 Encryption of Other User Data
- 10.164.3 Securing Data Collection
- 10.175. Identifying and Closing Security Gaps
- 10.186. Preventing Typical Problems
- 10.196.1 Buffer Overflow
- 10.206.2 Integer Overflow
- 10.216.3 SQL Injection
- 10.226.4 Denial of Services
- 10.236.5 Temporary Files
- 10.24Podcast
- 10.25Bibliography
- 10.26List of Figures
- 10.27Questions of Understanding Module 10 – Development of Secure Software Applications5 Questions
- Module 11 - Mobile Safety and Security31
- 11.11. Introduction
- 11.22. Communication Technologies
- 11.32.1 Mobile Radio Standards
- 11.42.2 Wireless LAN Technology
- 11.52.3 Bluetooth Technology
- 11.62.4 NFC Technology
- 11.73. Mobile Terminals
- 11.83.1 Hardware
- 11.93.2 Software/Operating Systems and Applications
- 11.103.2.1 iOS
- 11.113.2.2 Android
- 11.123.2.3 Windows Mobile
- 11.133.2.4 Other Operating Systems
- 11.143.3 Security Basics of Android and iOS
- 11.154. Threats
- 11.164.1 Physical intrusion and Hardware Manipulation
- 11.174.2 Operating System and Services
- 11.184.3 Mobile Apps
- 11.194.4 Malware
- 11.204.5 Tampering with Communication Channels
- 11.215. Protective Measures
- 11.226. Enterprise Mobility Management (EMM)
- 11.236.1 Inventory and Device Management
- 11.246.2 Role and Authorisation Management
- 11.256.3 Management of Updates and Application Software
- 11.266.4 Data Backup and Recovery
- 11.276.5 Documentation and Reporting
- 11.28Appendix: Checklist for the Introduction of Mobile Device Management (based on BSI (German Federal Institute for Security) guidelines)
- 11.29Bibliography
- 11.30List of Figures
- 11.31Questions of Understanding Module 11 – Mobile Safety and Security10 Minutes5 Questions
Modal title
Main Content