1 Marc Rennhard, 16.10.2007, 1 MSE Module Group IT-Security Module Group Meeting 18.10.2007 Prof. Dr. Marc Rennhard Institut für angewandte Informationstechnologie (InIT) Zürcher Hochschule für angewandte Wissenschaften [email protected]

2 Marc Rennhard, 16.10.2007, 2 Tasks to be Completed until 28.10.2007 Finalising our internal, detailed module description Finalising the official module description Based on our detailed module description According to the official template In one of the four official languages (D, E, F, I) Special focus on the Lernziele A proposal for the Einsatzplanung during the first year (2008/09) The module takes place once a year (FS or HS) Can take place at different places, but at most once in one place Should be planned according to the assumption that the module takes place at all 3 locations

3 Marc Rennhard, 16.10.2007, 3 Agenda/Goals of Today Changes with respect to the group personnel? Finalise the internal, detailed module description Prepare the official module description Finalise the Einsatzplanung Next Steps (Is there anything youd like to add?)

4 Marc Rennhard, 16.10.2007, 4 Changes with Respect to the Group Personnel? According to my information Everyone is still on board Everyone still wants to play an active role (i.e. teach) Any changes?

5 Marc Rennhard, 16.10.2007, 5 Detailed Module Description (internal) I have sent you my draft based on your inputs Comments of absentees: Rolf Grun: I totally agree with your concept. The teaching proposal is ok for me. I love the idea to have a place for "personal preferences". We won't need to argue about it! Roland Portmann: Mit der vorgeschlagen Dozenteneinteilung bin ich einverstanden. Über den konkreten Inhalt der Module kann man sicher stundenlang diskutieren. Für eine erste Durchführung dürfte der aktuelle Vorschlag sinnvoll sein. Ein heikler Punkte für mich ist, dass sich der Inhalt im FTAL grundsätzlich vom vermittelten Stoff im Bachelor unterscheiden muss. Sonst wird der Unterricht als langweilige Wiederholung empfunden.

6 Marc Rennhard, 16.10.2007, 6 Main Changes to the Original Module Description First two chapters have been swapped: Security Goals and Overview of Current Threats Basic Security Technologies Basic Security Technologies is now 4 lessons (up from 2) Advanced Security Technologies is now 8 lessons (10) The two main chapters (Advanced Security Technologies, Secure Software and System Development) have a core and an optional part: Core part is +/- fixed by the module description Optional part (2 + 2 lessons) can be chosen as the lecturer wishes …and many small changes/clarifications with respect to contents Your comments about the detailed module description?

7 Marc Rennhard, 16.10.2007, 7 Official Module Description (1) Content will be derived from the detailed module description; everything else should be discussed here General information: Modulbezeichnung: IT-Security Lektionen: 2 lectures, 1 exercise per week Unterrischtssprache: English (?) Kurzbeschreibung This module teaches core concepts and technologies of IT security. The topics covered are current security threats, security technologies (both current and advanced), secure software and system development and security testing. The students learn the foundations of designing secure systems and implementing and assessing IT security at the enterprise level.

8 Marc Rennhard, 16.10.2007, 8 Official Module Description (2) Lehr- und Lernziele, zu erwerbende Kompetenzen (from original module description): The students know the dominant current threats with respect to IT They know current methods, technologies and tools for securing IT The students can apply these methods and tools to secure practical scenarios The students get an overview of information security management and legal aspects of IT-Security The students know how secure software and systems should be developed and what techniques are available The students know how software and systems should be tested with respect security

9 Marc Rennhard, 16.10.2007, 9 Official Module Description (3) Lehr- und Lernmethoden: Lecture: Ex cathedra teaching Exercises: Case-Studies, Practical Exercises (computer-based), Theoretical Exercises Voraussetzungen (from original module description): This module assumes that students have working knowledge of cryptology and secure communication protocols fundamentals (which amounts to approx. a 4 ECTS Bachelor module). See e.g.: Network Security: Private Communication in a Public World, Second Edition Charlie Kaufman, Radia Perlman, Mike Speciner, 2nd Edition, ISBN 0130460192 Bibliografie: Slides with comments (?) Leistungsbewertung: 90 minutes written exam Open book

10 Marc Rennhard, 16.10.2007, 10 Einsatzplanung – Locations Our preferences of locations and topics matches well with our task to provide an Einsatzplanung for all three locations 9 teachers 3 teachers at each of the 3 locations makes sense Based on your inputs: Bern: Endre, Carlo, Roland Lausanne: Christian, Gérald, Jean-Roland Zürich: Rolf, Marc, Andreas Is this OK for you?

11 Marc Rennhard, 16.10.2007, 11 Einsatzplanung – Lecturers and Topics I made a teaching proposal that could take into account nearly all teaching preferences we made Every teacher gets between 8 and 12 lessons I have assigned people to entire topics for various reasons Consistent "teaching style" and content throughout an entire topic Ease of preparation because there are always three people involved with one topic Ease of replacing one lecturer at one location (by any two of the other teachers with the same topic) if that person can for any reason not teach during a semester What do you think about the proposal?

12 Marc Rennhard, 16.10.2007, 12 Next Steps Finalising the module description and put it on the Wiki (Re, 22.10.2007) Filling in the Einsatzplanung and put it on the Wiki (Re, 22.10.2007) Inform group members per e-mail about finished documents (Re, 22.10.2007) Review the documents and – if necessary – provide feedback through the Wiki (All, 26.10.2007) Send the finalised documents to J-M. Piveteau (Re, 28.10.2007)