120 likes | 276 Views
MSE Module Group IT-Security. Module Group Meeting 18.10.2007. Prof. Dr. Marc Rennhard Institut für angewandte Informationstechnologie (InIT) Zürcher Hochschule für angewandte Wissenschaften marc.rennhard@zhaw.ch. Tasks to be Completed until 28.10.2007.
E N D
MSE Module Group IT-Security Module Group Meeting 18.10.2007 Prof. Dr. Marc Rennhard Institut für angewandte Informationstechnologie (InIT) Zürcher Hochschule für angewandte Wissenschaften marc.rennhard@zhaw.ch
Tasks to be Completed until 28.10.2007 • Finalising our internal, detailed module description • Finalising the official module description • Based on our detailed module description • According to the official template • In one of the four official languages (D, E, F, I) • Special focus on the “Lernziele” • A proposal for the “Einsatzplanung” during the first year (2008/09) • The module takes place once a year (FS or HS) • Can take place at different places, but at most once in one place • Should be planned according to the assumption that the module takes place at all 3 locations
Agenda/Goals of Today • Changes with respect to the “group personnel”? • Finalise the internal, detailed module description • Prepare the official module description • Finalise the “Einsatzplanung” • Next Steps • (Is there anything you’d like to add?)
Changes with Respect to the “Group Personnel”? • According to my information • Everyone is still on board • Everyone still wants to play an active role (i.e. teach) • Any changes?
Detailed Module Description (internal) • I have sent you my draft based on your inputs • Comments of absentees: • Rolf Grun: I totally agree with your concept. The teaching proposal is ok for me. I love the idea to have a place for "personal preferences". We won't need to argue about it! • Roland Portmann: Mit der vorgeschlagen Dozenteneinteilung bin ich einverstanden. Über den konkreten Inhalt der Module kann man sicher stundenlang diskutieren. Für eine erste Durchführung dürfte der aktuelle Vorschlag sinnvoll sein. Ein heikler Punkte für mich ist, dass sich der Inhalt im FTAL grundsätzlich vom vermittelten Stoff im Bachelor unterscheiden muss. Sonst wird der Unterricht als langweilige Wiederholung empfunden.
Main Changes to the Original Module Description • First two chapters have been swapped: • Security Goals and Overview of Current Threats • Basic Security Technologies • Basic Security Technologies is now 4 lessons (up from 2) • Advanced Security Technologies is now 8 lessons (10) • The two main chapters (Advanced Security Technologies, Secure Software and System Development) have a core and an optional part: • Core part is +/- fixed by the module description • Optional part (2 + 2 lessons) can be chosen “as the lecturer wishes” • …and many small changes/clarifications with respect to contents • Your comments about the detailed module description?
Official Module Description (1) • Content will be derived from the detailed module description; everything else should be discussed here • General information: • Modulbezeichnung: IT-Security • Lektionen: 2 lectures, 1 exercise per week • Unterrischtssprache: English (?) • Kurzbeschreibung • This module teaches core concepts and technologies of IT security. The topics covered are current security threats, security technologies (both current and advanced), secure software and system development and security testing. The students learn the foundations of designing secure systems and implementing and assessing IT security at the enterprise level.
Official Module Description (2) • Lehr- und Lernziele, zu erwerbende Kompetenzen (from original module description): • The students know the dominant current threats with respect to IT • They know current methods, technologies and tools for securing IT • The students can apply these methods and tools to secure practical scenarios • The students get an overview of information security management and legal aspects of IT-Security • The students know how secure software and systems should be developed and what techniques are available • The students know how software and systems should be tested with respect security
Official Module Description (3) • Lehr- und Lernmethoden: • Lecture: Ex cathedra teaching • Exercises: Case-Studies, Practical Exercises (computer-based), Theoretical Exercises • Voraussetzungen (from original module description): • This module assumes that students have working knowledge of cryptology and secure communication protocols fundamentals (which amounts to approx. a 4 ECTS Bachelor module). See e.g.: Network Security: Private Communication in a Public World, Second Edition Charlie Kaufman, Radia Perlman, Mike Speciner, 2nd Edition, ISBN 0130460192 • Bibliografie: • Slides with comments (?) • Leistungsbewertung: • 90 minutes written exam • Open book
Einsatzplanung – Locations • Our preferences of locations and topics matches well with our task to provide an Einsatzplanung for all three locations • 9 teachers 3 teachers at each of the 3 locations makes sense • Based on your inputs: • Bern: Endre, Carlo, Roland • Lausanne: Christian, Gérald, Jean-Roland • Zürich: Rolf, Marc, Andreas • Is this OK for you?
Einsatzplanung – Lecturers and Topics • I made a teaching proposal that could take into account nearly all teaching preferences we made • Every teacher gets between 8 and 12 lessons • I have assigned people to entire topics for various reasons • Consistent "teaching style" and content throughout an entire topic • Ease of preparation because there are always three people involved with one topic • Ease of replacing one lecturer at one location (by any two of the other teachers with the same topic) if that person can for any reason not teach during a semester • What do you think about the proposal?
Next Steps • Finalising the module description and put it on the Wiki (Re, 22.10.2007) • Filling in the Einsatzplanung and put it on the Wiki (Re, 22.10.2007) • Inform group members per e-mail about finished documents (Re, 22.10.2007) • Review the documents and – if necessary – provide feedback through the Wiki (All, 26.10.2007) • Send the finalised documents to J-M. Piveteau (Re, 28.10.2007)