Overview The intertwinement of telecommunications, mobile communications and data networks is turning IT security into an explosive topic and a key risk factor in today's businesses. Services such as e-commerce, e-government or digital media and their copyright protection severely stress data, network and transmission security. In the Master's degree program you will be specializing in aspects of technical security and the "human risk factor"Until further notice, the admissions appointments will take place at regular intervals via telephone or video conference. Applicants will be informed of details by e-mail.Apply nowContact usContact us!Gabriella Juhász Favoritenstraße 226, B.3.25 1100 Vienna T: +43 1 606 68 77-2460 F: +43 1 606 68 77-2469its@fh-campuswien.ac.atMap main campus Favoriten (Google Maps)Office hours during the semester:by appointment Anrede Frau Herr Vorname *Nachname *E-Mail address *Nachricht *AbsendenIhre E-Mail wurde versendetDuration of course4 SemestersOrganisational formpart-time120ECTSLanguage of instruction German25Study placesFinal degreeMaster of Science in Engineering (MSc)Application period for academic year 2022/2314th October 2021 to 30th June 20222tuition fee / semester:€ 363,361+ ÖH premium + contribution2 1 Tuition fees for students from third countries € 727,- per semester 2 for additional study expenses (currently up to € 83,- depending on degree program and year) What you can offer Data protection and system security are your top priority. You have the ability to identify potentially weak points in systems and networks. This motivates you to find suitable measures to prevent manipulation and to block unauthorized access. New technologies arouse your interest - yet always with guaranteed security standards in mind. Your are familiar with encryption methods and you would like, in your Master's degree program, to delve deeper into cryptography as a field for research and application. What we offer you IT security is a highly agile field. Attacks on servers and networks are getting increasingly sophisticated. Our state-of-the-art network laboratory where you may refine your strategies for preventing unauthorized access and develop measures and scenarios for protection is at your disposal. You will have the opportunity of participating in research and development (R&D) projects, engaging in active exchange between science and practice at the university. The degree program also includes an own "IT security competence team", working in close cooperation with companies. The research focuses on the transmission of data, safe from manipulation or eavesdropping. What makes this degree program special The number of mobile end devices will continue to increase and thereby also the demands made on data security for these tiny devices with their weak computing power. Sensor nodes which, albeit very versatile, are also small and have limited computing capacity and very little storage space are another example. Contrasting with these, we have the Cloud with its seemingly infinite computing and storage resources. The IT Security Master's degree program addresses both these developments in its research program.The course experts implement, evaluate and compare a diversity of cryptographic algorithms in the affiliated Competence Center for IT Security.The goal is to establish easily realizable secure data encryption options in practice. Findings are directly incorporated into the degree program to assuring you, the Master's student, of a decisive advantage of knowledge. The specialist know-how of our lecturers is also in high demand internationally. Experts of the IT Security Competence Center are often asked to participate as speakers at international conferences on data security and data protection. Papers published by the IT experts often receive awards such as the FH Best Paper Award, repeatedly awarded to FH Campus Wien. What you will learn in the degree program The Master's degree program will impart to you the know-how enabling you to make overall system security assessments. To achieve this goal, you will combine your technical knowledge of information technology, data systems and communication networks with the focus on IT security. You will also acquire skills in personal development and business administration.You have in-depth knowledge on the levels of software, networks, systems and security. The technical focus is on secure software design, cryptography, data protection, IT architecture and secure network engineering.You will expand your social and management skills in terms of communication style, leadership and management know-how. Knowledge of business administration and the legal framework of data security will round out your education. Curriculum 1. Semesters LectureSWSECTSInformation Management VOInformation Management VOLector: Univ.-Prof. (FH) Dr. Dr. Gerald Quirchmayr1SWS2ECTSLecture contentsThis course aims at giving an overview of the task and role of information management in the context of cyber security. Course participants shall become acquainted with the principles of information management and will get an overview of Management Information Systems (MIS), data sources and their use in the field of cyber security. Selected examples will be introduced to give an idea of how information management can be applied (SIEM - Security Information and Event Management, Situational Awareness, SOCs - Security Operations Centres).Assessment methodsThe exam will be conducted in the form of an “open book exam” at the end of the course. The knowledge acquired during the course needs to be applied to a specific case. Depending on the situation at the date of the exam, it will be held in the form of a presence or in the form of an online exam.Teaching methodsLectures and discussion of selected examples.12Secure Software Development Übung UESecure Software Development Übung UELector: Silvia Schmidt, BSc MSc2SWS3ECTSLecture contentsPractical application of the topics covered in the lecture by implementing a specific project. Code review of an unknown program.Assessment methodsGrading of the projects, presentation of the results.Teaching methodsProgramming exercisesLanguageGerman23Distributed Systems Dependability ILVDistributed Systems Dependability ILVLector: DI (FH) Peter Krebs2SWS4ECTSLecture contents* Dependability and Fault Tolerance * Distributed Agreement * Group Communication and Membership * Consistency and ReplicationAssessment methodsLecture: written exam, Distance Learning: Students' project in small groupsTeaching methodsLecture Practical work in small groupsLanguageGerman24Introduction to Cryptography VOIntroduction to Cryptography VOLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Prof. Dr. Peter Lory2SWS3ECTSLecture contentsIn this lecture basic principles of cryptography such as symmetric and asymmetric encryption as well as data security will be discussed. The main topics are for example the process of encryption and decryption of data, digital signatures, general cryptographic protocols and the practical field of operation of these mechanisms. Current approaches like elliptic curves are also dealt with. In addition to the related key management aspects like the comprehensive security infrastructure will be addressed. Tangible examples of use are shown for illustration and for getting familiar with the functionality.Assessment methodsFinal written examTeaching methodsPresentation with slides and video projector, additional explanations on the whiteboardLanguageGerman23Introduction to Cryptography Übung UEIntroduction to Cryptography Übung UELector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.1SWS2ECTSLecture contentsIn this lecture basic principles of cryptography such as symmetric and asymmetric encryption as well as data security will be discussed. The main topics are for example the process of encryption and decryption of data, digital signatures, general cryptographic protocols and the practical field of operation of these mechanisms. Current approaches like elliptic curves are also dealt with. In addition to the related key management aspects like the comprehensive security infrastructure will be addressed. Tangible examples of use are shown for illustration and for getting familiar with the functionality. In the tutorial the students have the possibility to practise the formerly presented approaches, getting more familiar with them. Approaches of possible cryptanalysis will also be discussed.Assessment methodscontinous examinationTeaching methodsPresentation, discussion and solving problemsLanguageGerman12Communicative and Social Competences ILVCommunicative and Social Competences ILVLector: Dipl.Ing. Franz Gober, MBA2SWS2ECTSLecture contentsBasic assumptions of comunication - main focus body language, presentation technics; social skills: ability of encountering, effective communication strategy, feedback, using feedback, impact of feedback. Rhetorical basics: Use of different discussion technics and questioning technics and feedback strategies, facilityting and inhibiting behaviour in communication. Conflict management, understanding conflicts, working on conflicts and methods.Selective perception and constructivism.Assessment methodsPhysical presence Active cooperation Seminar paper Review-JournalTeaching methodsIndividual work, work in smaller and larger groups, teacher-centred information phases, review-journalLanguageGerman22Cryptographic Methods in IT ILVCryptographic Methods in IT ILVLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThe course gives a broad view across the possibilites of cryptographic methods in a typical workday, especially those of a SysAdmin. For alll topics, the theoretic background is presented alongside the practical usage implications. The covered topics are: * Hard disk encryption * Passwords * SSH & Network tunneling * E-mail security * Public Key InfrastructureAssessment methodsExercices and a final examTeaching methodsTheoretical lectures and individual tasks for all subjectsLanguageGerman23Network Defense Technologies ILVNetwork Defense Technologies ILVLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Nenad Milanovic, MSc2SWS4ECTSLecture contents- Overview of Threats - Firewalls (stateless/stateful) - Intrusion Detection and Prevention - IPsec-based VPNs - Overview over SSL and TLS and other VPN-Technologien (L2TP, PPTP, MPLS) - Advanced Persistent Thretas - Expert TalksAssessment methodsWritten final ExamTeaching methodsLecture with slides, whiteboard and external expert speeches Lab ExercisesLanguageGerman24Secure Software Development VOSecure Software Development VOLector: DI Thomas Konrad, Silvia Schmidt, BSc MSc2SWS3ECTSLecture contents* Versioncontrol * Test Driven Development * Web Application Security * Security errors * Tool for software analysisAssessment methods* Final exam * Grading of the presentationsTeaching methods* Lessons * Presentations by student groups23Wireless Network Security ILVWireless Network Security ILVLector: Tobias Buchberger, BSc MSc, Ines Kramer, BSc MSc, DI (FH) Peter Krebs2SWS4ECTSLecture contents- Basics of wireless network communication - Security aspects of wireless networks - Concrete wireless technologies and their security mechanisms - WLAN (IEEE 802.11) - Bluetooth - IEEE 802.15.4/6LoWPAN/ZigBee - Near Field Communication - Cellular NetworksAssessment methodsWritten final examTeaching methodsLectureLanguageGerman24 2. Semesters LectureSWSECTSCryptographic Protocols ILVCryptographic Protocols ILVLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThis lecture gives an overview of many different cryptographic protocols, possible usage scenarios and their peculiarities. The students implement selected protocols from a given domain, compare them to each other and present the results. The main topics are - Public-Key Schemes - Key-Agreement/Key-Establishment - Challenge Response Schemes/Authentication - Signature SchemesAssessment methodsEvery presentation is a partial examination, there is no written final examTeaching methodsImplementations and presentations by the studentsLanguageGerman23Business and Ethics ILVBusiness and Ethics ILVLector: Mag. Georg Conrad-Billroth, MSc (CS)3SWS4ECTSLecture contentsBusiness and ethics consists of: Introduction and basic principles legal structure of companies and business organization The enterprise and its environment Ethics in business Human resources management Marketing & sales & ethics Procurement and logistics Production Accounting and financeAssessment methodscontinuous assessment, assessment of presentations and teamwork, final examTeaching methodsLecture with PowerPoint slides and exercises. The ppt slides and handouts will be providedLanguageGerman34Application Security ILVApplication Security ILVLector: Tobias Buchberger, BSc MSc, Silvia Schmidt, BSc MSc2SWS3ECTSLecture contentsThe course teaches security aspect with the runtime of applications as well as DevSecOps subjects: * Virtualisation * Container technologies * Security automation (Ansible) * Docker * CI/CD * OWASP SAMMAssessment methodsLab exercicesTeaching methodsexercises, presentationsLanguageGerman23Cyber-Security ILVCyber-Security ILVLector: Tobias Buchberger, BSc MSc, Ing. Reinhard Kugler, MSc, DI Mathias Tausig2SWS3ECTSLecture contentsIn this lectures, we shade light on the attacker's perspective on computer security. By learning how to attackers work and experience them first hand in our lab exercises, we create a deeper understanding of the methods and procedures of attackers. Thus, laying the foundation for better operational security and security design practices. This lecture is part 1 of our two-semester lecture series at FH Campus Wien.Assessment methods5 practical challenges (of which you need to solve 3) and a written exam.Teaching methodsLectures with practical examples and demonstrations. Additionally, we offer an online platform, where students have to solve challenges. Those challenges range from attacking a Windows or Linux platform, performing a buffer overflow, and the analysis and manipulation of a mobile App.LanguageGerman-English23Security Lab LBSecurity Lab LBLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Nenad Milanovic, MSc4SWS10ECTSLecture contents- Practical application of IT-Security knowledge - Selected topics supplementing related courses - Protection of IT-Systems using Firewalls and Intrusion Prevention Systems - Design and Integration of a SIEM solutionAssessment methodsContinuous examination and documentationTeaching methods- Independent implementation of a project - Support is given at any time on request - Continuous progress reviewsLanguageGerman410Cloud Security and Identity Management ILVCloud Security and Identity Management ILVLector: Tobias Buchberger, BSc MSc, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.3SWS4ECTSLecture contentsPractical Project Cloud Paradigms (IAAS, PAAS, SAAS) Security in the Cloud (Searchable/Homomorphic Encryption) Basics of Identity Management Single-Sign-On Systems, Shibboleth, Kerberos OAuth, OpenID Connect, SAML; FIDO, U2FAssessment methodswritten examTeaching methodsLecture Distance Education Practical work in small groupsLanguageGerman34Applied Cryptography ILVApplied Cryptography ILVLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThis course covers the differences between the „textbook” and the “real-world” implementations of cryptographic algorithms. Symmetric techniques like DES and especially AES with its most important variations are dealt with in detail, as well as padding techniques and selected parts from the PKCS. These topics are supplemented with a basic introduction to the efficient implementation of long integer arithmetic.Assessment methodsWritten elaboration of selected lecture contents Presentation Written examinationTeaching methodsPresentation with slides and video projectorLanguageGerman23 3. Semesters LectureSWSECTSDigital Forensics VODigital Forensics VOLector: Dipl.-Ing. Dr. Martin Schmiedecker, Dip.-Inf. (FH) Karsten Theiner2SWS2ECTSLecture contents- Forensic Methods o File System Forensics o Network Forensics o Operating System Forensics o Examination of Application Data o Time Line Analysis o Keyword SearchAssessment methodswritten examTeaching methodsLessons are held, using at least some of following didactics: - Ex-cathedra teaching - Independent working in groups - Interactive Media Support - Computer room lessonsLanguageGerman-English22Mobile and Embedded Security VOMobile and Embedded Security VOLector: Tobias Buchberger, BSc MSc, FH-Prof. DI Gerhard Engelmann, Silvia Schmidt, BSc MSc, DI Mathias Tausig2SWS3ECTSLecture contentsASN.1 Smartcards Constrained Networking Mobile Authentication RIOT-OS Secure Firmware Update Internet-of-Things (IoT-Security) Overview Embedded CAssessment methodsIntermediate tests, distance/remote learning, final exam.Teaching methodsLectures and remote/distance learning English slidesLanguageEnglish23Mobile and Embedded Security Übung UEMobile and Embedded Security Übung UELector: Tobias Buchberger, BSc MSc, Silvia Schmidt, BSc MSc1SWS2ECTSLecture contentsThe exercises are teaching the useage of and development for smartcards. Students will need to complete the following exercices (alone and in groups): * Usage of PKCS#11 tokens in application software * Access to a smartcard using PC/SC and APDUs * Integrating a PKCS#11 token or a JavaCard into an authentication softwareAssessment methodsThe grade will be calculated based on the projectsTeaching methodsProgramming in groupsLanguageEnglish12Business Crime SEBusiness Crime SELector: Dipl.Ing. Franz Gober, MBA2SWS3ECTSLecture contents- values and needs especially in working environment - typologies of behaviour and inward urge - change management processes and impact - Reasons for conflicts, behaviour during conflicts, and escalation - behaviour pattern and situational behaviour in economic crime - forms of economic crime - examples of ecomonic crime and working it up - future trends and development in economic crimeAssessment methodsPhysical presence Active cooperation Seminar paper Review-JournalTeaching methodsPresentation Work on cases in small groups Subject specific discussions in the class Seminar paper Review-journalLanguageGerman23Academic Research and Writing SEAcademic Research and Writing SELector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsAn important part of a comprehensive academic education is to aquire the qualification to treat problem statements from a scientific point of view. Therefore, an introduction to scientific work, writing, and well established methodologies will be taught in this course.Assessment methodsThe evaluation is based on the submitted material (disposition, paper, reviews) as well as on the presentations.Teaching methodsDuring this course a scientific conference will be simulated. After a brief introduction to scientific writing, the attendees of this course shall treat a problem statement of a given field of research for which they shall prepare disposition that briefly describes the chosen topic. Based on it, a draft version of the scientific article will be written (draft paper). Afterwards, these draft versions of the papers will be critically reviewed by other colleagues (peer reviewing). Based on their reviews, a revised version of the scientific paper shall be created (camera-ready paper). At the end of this course, the scientific papers will be presented by the authors.LanguageGerman23Cyber-Crime Defense ILVCyber-Crime Defense ILVLector: Dr. Ulrich Bayer, Ing. Reinhard Kugler, MSc2SWS3ECTSLecture contentsAs a follow-up to Cyber Security, we deepen the understanding of the attacker's perspective. This semester focuses on attacks on IoT devices, exploitation with malware and memory corruption, as well as identity theft. By getting hands-on experience on the techniques and mindset needed to break security systems, the student gains insight useful for post-incident analysis of attacks as well as proactive analysis of attack vectors.Assessment methodsFive practical challenges (of which you need to solve at least three) and a written exam.Teaching methodsLectures with practical examples and demonstrations. Additionally, we offer an online platform, where students have to solve challenges. Those challenges range from reverse engineering of a firmware sample, an ELF virus or performing a memory corruption attack via Return Oriented Programming.LanguageGerman-English23Digital Forensics Übung UEDigital Forensics Übung UELector: Dipl.-Ing. Dr. Martin Schmiedecker, Dip.-Inf. (FH) Karsten Theiner1SWS2ECTSLecture contentsPractical assignments in the scope of the lecture.Assessment methodsGraded point of the reportsTeaching methodsWritten reportsLanguageGerman-English12Interdisciplinary Project UEInterdisciplinary Project UELector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Julia Teissl, BSc MSc4SWS9ECTSLecture contentsSummary of the essential aspects of project- and process-management, as well as system safety, and their practical meaning in concrete examples. Clarification of the differences between safety and security, and of the interfaces between these two areas. Diskussion and reflection of the insights from practical application of the above concepts.Assessment methodsAssessment of the submitted implementation and the presentations.Teaching methodsImplementing and presenting a practical example in small groups.LanguageGerman49Security Management ILVSecurity Management ILVLector: Dipl-HTL-Ing. Andreas Schaupp, MSc, MSc, MAS2SWS3ECTSLecture contents- IT-Security Management and Risk Assessment - IT-Security Controls, Plans, and Procedures - Physical and Human Resources Security & Security Audit - Access Control Management - Overview of the ISO 27000-family, COBIT, ITIL and BSI GrundschutzAssessment methods1/3: Case study 1/3: Group assignment 1/3: Classroom QuizzesTeaching methodsLecture, case study, group assignmentLanguageEnglish23 4. Semesters LectureSWSECTSMaster Thesis MTMaster Thesis MTLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler0SWS20ECTSLecture contentsAutonomous authoring of a special, science-based theme under guidance by a supervisor, elaboration of the master's thesisAssessment methodsApprobation of the master's thesisTeaching methodsDiploma thesis: Autonomous scientific work under guidance by a supervisorLanguageGerman-English020Master Thesis Seminar SEMaster Thesis Seminar SELector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler2SWS2ECTSLecture contentsThe students present the current state of their Master's Thesis at regular intervals and discuss their work with the audience.Assessment methodsContinous examinationTeaching methodsPresentations by the studentsLanguageGerman-English22Privacy in Internet VOPrivacy in Internet VOLector: Dr. Sandford Bessler2SWS2ECTSLecture contentsThe lecture will give an overview on the technologies and the application areas of e-privacy protection: Definitions, Introduction, Legal aspects - GDPR, DPIA Technologies: - Identity management - Anonymous communication - Privacy policies - Database privacy Application areas: - Vehicular privacy, Location privacy - Search engine privacy, - Social network privacy, - Privacy and the Smart gridAssessment methodsHomework exercises and project work (40%) Final written exam (60% of the grade)Teaching methodsFrontal teaching using slide presentations and online sources. 2-3 home works to support learning Small group project work and presentation.LanguageEnglish22Human Perception and Behaviour VOHuman Perception and Behaviour VOLector: MMag. Dr. André Gazsó2SWS3ECTSLecture contentsThis course discusses the main principles of human perception especially regarding risk and safety relevant decisions and actions. The leading context is the societal attitude to risk and safety and the political conditions of safety governance.Assessment methodsTeaching methods.LanguageGerman-English23Legal Framework of Privacy Policies ILVLegal Framework of Privacy Policies ILVLector: DI Wolfgang Aigner, Mag.iur. Philip Raffling2SWS3ECTSLecture contentsGeneral orientation in law with a focus on data protection.Assessment methodsLanguageGerman23Number of teaching weeks18 per semesterTimes5.30 p.m.-7.00 p.m. and 7.15 p.m.-8.45 p.m. Career opportunities Graduates are active in both the core information technology and telecommunications industries as well as in sector spanning positions. Your task will be to design and implement comprehensive security solutions. You will specify, plan, integrate, test and operate voice and data networks, taking into account the necessary security standards. You will work in the following areas:Companies with their own IT infrastructureBanks and insurance companiesCompanies in electronic commerceAuthorities and public institutionsOnline service providersService providers (cable/radio network providers, telecom) Entertainment industry and media companies Software development companies and system integratorsSecurity servicesData centersConsulting firms Admission Admission requirements A Bachelor degree or diploma certificate from an institute of higher education with a total of 180 ECTS credits with at least 42 ECTS credits in the relevant subjects of information technology, software engineering and network engineering. In exceptional cases, the University Council will make a joint decision with the Program Director.Equivalent certification from abroad Equivalence is determined by international agreements, validation or in individual cases a decision by the head of the academic section.The admission requirements are satisfied with successful graduation from the Computer Science and Digital Communications, Information Technologies and Telecommunication (discontinued) and Applied Electronics Bachelor degree programs offered at FH Campus Wien.Regulation for the admission of third country citizens (PDF 233 KB)Information for applicants with non-Austrian (school) certificates (PDF 145 KB) Application To apply you will require the following documents:Birth certificateProof of citizenshipA Bachelor degree or diploma certificate/equivalent certification from abroad and CV in table form.Please note: It is not possible to save incomplete online applications. You must complete your application in one session. Your application will be valid as soon as you upload all of the required documents and certificates. In the event that some documents (e.g. references) are not available at the time you apply, you may submit these later via e-mail, mail or in person by no later than the start of the admission process. Admission procedure The admission procedure assesses the professional suitability of the applicants for the Master's program. It consists of an oral interview. You will receive the date for the admission procedure from the secretary's office. The admission interview usually takes place online via ZOOM.GoalThe goal is to offer a study place to those persons who complete the admission procedure with the best results.CriteriaThe admission criteria are exclusively performance-based. You will receive points for the interview, after which the ranking of the candidates will be determined. Geographical assignments of the applicants have no influence on the admission. The admission requirements must be met. The entire process as well as the evaluations of the admission procedure are documented and archived in a comprehensible manner. Studying with disabilities If you have any questions regarding accessibility or if you have a specific need in the admission procedure due to an impairment, please contact Ursula Weilenmann for organizational reasons as early as possible at barrierefrei@fh-campuswien.ac.at.Since we try to take into account individual needs due to disabilities when conducting the written admission test, we ask you to indicate in your online application to Weilenmann in which form you require support.Your contact person in the department Gender & Diversity ManagementMag.a Ursula Weilenmannbarrierefrei@fh-campuswien.ac.athttp://www.fh-campuswien.ac.at/barrierefrei Getting Started Buddy network Experience shows that many questions arise during the application phase and the start of the degree program. We therefore propose that interested persons and applicants should network with higher semester students in the same degree program as yours. Personal and individual contact with your buddy should facilitate your entry into the degree program. To the Buddy network Contact > FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler Head of Degree Program IT-Security, Head of Competence Center for IT-Security T: +43 1 606 68 77-2461matthias.hudler@fh-campuswien.ac.at Secretary's office Gabriella Juhász Favoritenstraße 226, B.3.25 1100 Vienna T: +43 1 606 68 77-2460 F: +43 1 606 68 77-2469its@fh-campuswien.ac.atMap main campus Favoriten (Google Maps)Office hours during the semester:by appointment Teaching staff and research staff > Tobias Buchberger, BSc MSc Research Staff, Competence Center for IT-Security> FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn. Competence Center for IT-Security, Academic Staff> Ines Kramer, BSc MSc Research Staff, Competence Center for IT-Security> Silvia Schmidt, BSc MSc Competence Center for IT-Security, Academic Staff Cooperations and Campusnetzwerk In teaching and research we work closely with renowned companies from commerce and industry, universities and research institutions. These partnerships provide you with opportunities to find a job, write your thesis, or participate in current research and development activities - also in our competence center for IT security. You can find many of our cooperations in the campus network. It is always worth taking a look and you might find a new job or an interesting event with one of our cooperation partners. Welcome to our Campusnetzwerk Find suitable job offers, build valuable mentoring relationships and expand your professional network - become part of our community!Register now for free
1. Semesters LectureSWSECTSInformation Management VOInformation Management VOLector: Univ.-Prof. (FH) Dr. Dr. Gerald Quirchmayr1SWS2ECTSLecture contentsThis course aims at giving an overview of the task and role of information management in the context of cyber security. Course participants shall become acquainted with the principles of information management and will get an overview of Management Information Systems (MIS), data sources and their use in the field of cyber security. Selected examples will be introduced to give an idea of how information management can be applied (SIEM - Security Information and Event Management, Situational Awareness, SOCs - Security Operations Centres).Assessment methodsThe exam will be conducted in the form of an “open book exam” at the end of the course. The knowledge acquired during the course needs to be applied to a specific case. Depending on the situation at the date of the exam, it will be held in the form of a presence or in the form of an online exam.Teaching methodsLectures and discussion of selected examples.12Secure Software Development Übung UESecure Software Development Übung UELector: Silvia Schmidt, BSc MSc2SWS3ECTSLecture contentsPractical application of the topics covered in the lecture by implementing a specific project. Code review of an unknown program.Assessment methodsGrading of the projects, presentation of the results.Teaching methodsProgramming exercisesLanguageGerman23Distributed Systems Dependability ILVDistributed Systems Dependability ILVLector: DI (FH) Peter Krebs2SWS4ECTSLecture contents* Dependability and Fault Tolerance * Distributed Agreement * Group Communication and Membership * Consistency and ReplicationAssessment methodsLecture: written exam, Distance Learning: Students' project in small groupsTeaching methodsLecture Practical work in small groupsLanguageGerman24Introduction to Cryptography VOIntroduction to Cryptography VOLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Prof. Dr. Peter Lory2SWS3ECTSLecture contentsIn this lecture basic principles of cryptography such as symmetric and asymmetric encryption as well as data security will be discussed. The main topics are for example the process of encryption and decryption of data, digital signatures, general cryptographic protocols and the practical field of operation of these mechanisms. Current approaches like elliptic curves are also dealt with. In addition to the related key management aspects like the comprehensive security infrastructure will be addressed. Tangible examples of use are shown for illustration and for getting familiar with the functionality.Assessment methodsFinal written examTeaching methodsPresentation with slides and video projector, additional explanations on the whiteboardLanguageGerman23Introduction to Cryptography Übung UEIntroduction to Cryptography Übung UELector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.1SWS2ECTSLecture contentsIn this lecture basic principles of cryptography such as symmetric and asymmetric encryption as well as data security will be discussed. The main topics are for example the process of encryption and decryption of data, digital signatures, general cryptographic protocols and the practical field of operation of these mechanisms. Current approaches like elliptic curves are also dealt with. In addition to the related key management aspects like the comprehensive security infrastructure will be addressed. Tangible examples of use are shown for illustration and for getting familiar with the functionality. In the tutorial the students have the possibility to practise the formerly presented approaches, getting more familiar with them. Approaches of possible cryptanalysis will also be discussed.Assessment methodscontinous examinationTeaching methodsPresentation, discussion and solving problemsLanguageGerman12Communicative and Social Competences ILVCommunicative and Social Competences ILVLector: Dipl.Ing. Franz Gober, MBA2SWS2ECTSLecture contentsBasic assumptions of comunication - main focus body language, presentation technics; social skills: ability of encountering, effective communication strategy, feedback, using feedback, impact of feedback. Rhetorical basics: Use of different discussion technics and questioning technics and feedback strategies, facilityting and inhibiting behaviour in communication. Conflict management, understanding conflicts, working on conflicts and methods.Selective perception and constructivism.Assessment methodsPhysical presence Active cooperation Seminar paper Review-JournalTeaching methodsIndividual work, work in smaller and larger groups, teacher-centred information phases, review-journalLanguageGerman22Cryptographic Methods in IT ILVCryptographic Methods in IT ILVLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThe course gives a broad view across the possibilites of cryptographic methods in a typical workday, especially those of a SysAdmin. For alll topics, the theoretic background is presented alongside the practical usage implications. The covered topics are: * Hard disk encryption * Passwords * SSH & Network tunneling * E-mail security * Public Key InfrastructureAssessment methodsExercices and a final examTeaching methodsTheoretical lectures and individual tasks for all subjectsLanguageGerman23Network Defense Technologies ILVNetwork Defense Technologies ILVLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Nenad Milanovic, MSc2SWS4ECTSLecture contents- Overview of Threats - Firewalls (stateless/stateful) - Intrusion Detection and Prevention - IPsec-based VPNs - Overview over SSL and TLS and other VPN-Technologien (L2TP, PPTP, MPLS) - Advanced Persistent Thretas - Expert TalksAssessment methodsWritten final ExamTeaching methodsLecture with slides, whiteboard and external expert speeches Lab ExercisesLanguageGerman24Secure Software Development VOSecure Software Development VOLector: DI Thomas Konrad, Silvia Schmidt, BSc MSc2SWS3ECTSLecture contents* Versioncontrol * Test Driven Development * Web Application Security * Security errors * Tool for software analysisAssessment methods* Final exam * Grading of the presentationsTeaching methods* Lessons * Presentations by student groups23Wireless Network Security ILVWireless Network Security ILVLector: Tobias Buchberger, BSc MSc, Ines Kramer, BSc MSc, DI (FH) Peter Krebs2SWS4ECTSLecture contents- Basics of wireless network communication - Security aspects of wireless networks - Concrete wireless technologies and their security mechanisms - WLAN (IEEE 802.11) - Bluetooth - IEEE 802.15.4/6LoWPAN/ZigBee - Near Field Communication - Cellular NetworksAssessment methodsWritten final examTeaching methodsLectureLanguageGerman24
2. Semesters LectureSWSECTSCryptographic Protocols ILVCryptographic Protocols ILVLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThis lecture gives an overview of many different cryptographic protocols, possible usage scenarios and their peculiarities. The students implement selected protocols from a given domain, compare them to each other and present the results. The main topics are - Public-Key Schemes - Key-Agreement/Key-Establishment - Challenge Response Schemes/Authentication - Signature SchemesAssessment methodsEvery presentation is a partial examination, there is no written final examTeaching methodsImplementations and presentations by the studentsLanguageGerman23Business and Ethics ILVBusiness and Ethics ILVLector: Mag. Georg Conrad-Billroth, MSc (CS)3SWS4ECTSLecture contentsBusiness and ethics consists of: Introduction and basic principles legal structure of companies and business organization The enterprise and its environment Ethics in business Human resources management Marketing & sales & ethics Procurement and logistics Production Accounting and financeAssessment methodscontinuous assessment, assessment of presentations and teamwork, final examTeaching methodsLecture with PowerPoint slides and exercises. The ppt slides and handouts will be providedLanguageGerman34Application Security ILVApplication Security ILVLector: Tobias Buchberger, BSc MSc, Silvia Schmidt, BSc MSc2SWS3ECTSLecture contentsThe course teaches security aspect with the runtime of applications as well as DevSecOps subjects: * Virtualisation * Container technologies * Security automation (Ansible) * Docker * CI/CD * OWASP SAMMAssessment methodsLab exercicesTeaching methodsexercises, presentationsLanguageGerman23Cyber-Security ILVCyber-Security ILVLector: Tobias Buchberger, BSc MSc, Ing. Reinhard Kugler, MSc, DI Mathias Tausig2SWS3ECTSLecture contentsIn this lectures, we shade light on the attacker's perspective on computer security. By learning how to attackers work and experience them first hand in our lab exercises, we create a deeper understanding of the methods and procedures of attackers. Thus, laying the foundation for better operational security and security design practices. This lecture is part 1 of our two-semester lecture series at FH Campus Wien.Assessment methods5 practical challenges (of which you need to solve 3) and a written exam.Teaching methodsLectures with practical examples and demonstrations. Additionally, we offer an online platform, where students have to solve challenges. Those challenges range from attacking a Windows or Linux platform, performing a buffer overflow, and the analysis and manipulation of a mobile App.LanguageGerman-English23Security Lab LBSecurity Lab LBLector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Nenad Milanovic, MSc4SWS10ECTSLecture contents- Practical application of IT-Security knowledge - Selected topics supplementing related courses - Protection of IT-Systems using Firewalls and Intrusion Prevention Systems - Design and Integration of a SIEM solutionAssessment methodsContinuous examination and documentationTeaching methods- Independent implementation of a project - Support is given at any time on request - Continuous progress reviewsLanguageGerman410Cloud Security and Identity Management ILVCloud Security and Identity Management ILVLector: Tobias Buchberger, BSc MSc, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.3SWS4ECTSLecture contentsPractical Project Cloud Paradigms (IAAS, PAAS, SAAS) Security in the Cloud (Searchable/Homomorphic Encryption) Basics of Identity Management Single-Sign-On Systems, Shibboleth, Kerberos OAuth, OpenID Connect, SAML; FIDO, U2FAssessment methodswritten examTeaching methodsLecture Distance Education Practical work in small groupsLanguageGerman34Applied Cryptography ILVApplied Cryptography ILVLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler, FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsThis course covers the differences between the „textbook” and the “real-world” implementations of cryptographic algorithms. Symmetric techniques like DES and especially AES with its most important variations are dealt with in detail, as well as padding techniques and selected parts from the PKCS. These topics are supplemented with a basic introduction to the efficient implementation of long integer arithmetic.Assessment methodsWritten elaboration of selected lecture contents Presentation Written examinationTeaching methodsPresentation with slides and video projectorLanguageGerman23
3. Semesters LectureSWSECTSDigital Forensics VODigital Forensics VOLector: Dipl.-Ing. Dr. Martin Schmiedecker, Dip.-Inf. (FH) Karsten Theiner2SWS2ECTSLecture contents- Forensic Methods o File System Forensics o Network Forensics o Operating System Forensics o Examination of Application Data o Time Line Analysis o Keyword SearchAssessment methodswritten examTeaching methodsLessons are held, using at least some of following didactics: - Ex-cathedra teaching - Independent working in groups - Interactive Media Support - Computer room lessonsLanguageGerman-English22Mobile and Embedded Security VOMobile and Embedded Security VOLector: Tobias Buchberger, BSc MSc, FH-Prof. DI Gerhard Engelmann, Silvia Schmidt, BSc MSc, DI Mathias Tausig2SWS3ECTSLecture contentsASN.1 Smartcards Constrained Networking Mobile Authentication RIOT-OS Secure Firmware Update Internet-of-Things (IoT-Security) Overview Embedded CAssessment methodsIntermediate tests, distance/remote learning, final exam.Teaching methodsLectures and remote/distance learning English slidesLanguageEnglish23Mobile and Embedded Security Übung UEMobile and Embedded Security Übung UELector: Tobias Buchberger, BSc MSc, Silvia Schmidt, BSc MSc1SWS2ECTSLecture contentsThe exercises are teaching the useage of and development for smartcards. Students will need to complete the following exercices (alone and in groups): * Usage of PKCS#11 tokens in application software * Access to a smartcard using PC/SC and APDUs * Integrating a PKCS#11 token or a JavaCard into an authentication softwareAssessment methodsThe grade will be calculated based on the projectsTeaching methodsProgramming in groupsLanguageEnglish12Business Crime SEBusiness Crime SELector: Dipl.Ing. Franz Gober, MBA2SWS3ECTSLecture contents- values and needs especially in working environment - typologies of behaviour and inward urge - change management processes and impact - Reasons for conflicts, behaviour during conflicts, and escalation - behaviour pattern and situational behaviour in economic crime - forms of economic crime - examples of ecomonic crime and working it up - future trends and development in economic crimeAssessment methodsPhysical presence Active cooperation Seminar paper Review-JournalTeaching methodsPresentation Work on cases in small groups Subject specific discussions in the class Seminar paper Review-journalLanguageGerman23Academic Research and Writing SEAcademic Research and Writing SELector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn.2SWS3ECTSLecture contentsAn important part of a comprehensive academic education is to aquire the qualification to treat problem statements from a scientific point of view. Therefore, an introduction to scientific work, writing, and well established methodologies will be taught in this course.Assessment methodsThe evaluation is based on the submitted material (disposition, paper, reviews) as well as on the presentations.Teaching methodsDuring this course a scientific conference will be simulated. After a brief introduction to scientific writing, the attendees of this course shall treat a problem statement of a given field of research for which they shall prepare disposition that briefly describes the chosen topic. Based on it, a draft version of the scientific article will be written (draft paper). Afterwards, these draft versions of the papers will be critically reviewed by other colleagues (peer reviewing). Based on their reviews, a revised version of the scientific paper shall be created (camera-ready paper). At the end of this course, the scientific papers will be presented by the authors.LanguageGerman23Cyber-Crime Defense ILVCyber-Crime Defense ILVLector: Dr. Ulrich Bayer, Ing. Reinhard Kugler, MSc2SWS3ECTSLecture contentsAs a follow-up to Cyber Security, we deepen the understanding of the attacker's perspective. This semester focuses on attacks on IoT devices, exploitation with malware and memory corruption, as well as identity theft. By getting hands-on experience on the techniques and mindset needed to break security systems, the student gains insight useful for post-incident analysis of attacks as well as proactive analysis of attack vectors.Assessment methodsFive practical challenges (of which you need to solve at least three) and a written exam.Teaching methodsLectures with practical examples and demonstrations. Additionally, we offer an online platform, where students have to solve challenges. Those challenges range from reverse engineering of a firmware sample, an ELF virus or performing a memory corruption attack via Return Oriented Programming.LanguageGerman-English23Digital Forensics Übung UEDigital Forensics Übung UELector: Dipl.-Ing. Dr. Martin Schmiedecker, Dip.-Inf. (FH) Karsten Theiner1SWS2ECTSLecture contentsPractical assignments in the scope of the lecture.Assessment methodsGraded point of the reportsTeaching methodsWritten reportsLanguageGerman-English12Interdisciplinary Project UEInterdisciplinary Project UELector: FH-Prof. Dipl.-Ing. Manuel Koschuch, Bakk.techn., Julia Teissl, BSc MSc4SWS9ECTSLecture contentsSummary of the essential aspects of project- and process-management, as well as system safety, and their practical meaning in concrete examples. Clarification of the differences between safety and security, and of the interfaces between these two areas. Diskussion and reflection of the insights from practical application of the above concepts.Assessment methodsAssessment of the submitted implementation and the presentations.Teaching methodsImplementing and presenting a practical example in small groups.LanguageGerman49Security Management ILVSecurity Management ILVLector: Dipl-HTL-Ing. Andreas Schaupp, MSc, MSc, MAS2SWS3ECTSLecture contents- IT-Security Management and Risk Assessment - IT-Security Controls, Plans, and Procedures - Physical and Human Resources Security & Security Audit - Access Control Management - Overview of the ISO 27000-family, COBIT, ITIL and BSI GrundschutzAssessment methods1/3: Case study 1/3: Group assignment 1/3: Classroom QuizzesTeaching methodsLecture, case study, group assignmentLanguageEnglish23
4. Semesters LectureSWSECTSMaster Thesis MTMaster Thesis MTLector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler0SWS20ECTSLecture contentsAutonomous authoring of a special, science-based theme under guidance by a supervisor, elaboration of the master's thesisAssessment methodsApprobation of the master's thesisTeaching methodsDiploma thesis: Autonomous scientific work under guidance by a supervisorLanguageGerman-English020Master Thesis Seminar SEMaster Thesis Seminar SELector: FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler2SWS2ECTSLecture contentsThe students present the current state of their Master's Thesis at regular intervals and discuss their work with the audience.Assessment methodsContinous examinationTeaching methodsPresentations by the studentsLanguageGerman-English22Privacy in Internet VOPrivacy in Internet VOLector: Dr. Sandford Bessler2SWS2ECTSLecture contentsThe lecture will give an overview on the technologies and the application areas of e-privacy protection: Definitions, Introduction, Legal aspects - GDPR, DPIA Technologies: - Identity management - Anonymous communication - Privacy policies - Database privacy Application areas: - Vehicular privacy, Location privacy - Search engine privacy, - Social network privacy, - Privacy and the Smart gridAssessment methodsHomework exercises and project work (40%) Final written exam (60% of the grade)Teaching methodsFrontal teaching using slide presentations and online sources. 2-3 home works to support learning Small group project work and presentation.LanguageEnglish22Human Perception and Behaviour VOHuman Perception and Behaviour VOLector: MMag. Dr. André Gazsó2SWS3ECTSLecture contentsThis course discusses the main principles of human perception especially regarding risk and safety relevant decisions and actions. The leading context is the societal attitude to risk and safety and the political conditions of safety governance.Assessment methodsTeaching methods.LanguageGerman-English23Legal Framework of Privacy Policies ILVLegal Framework of Privacy Policies ILVLector: DI Wolfgang Aigner, Mag.iur. Philip Raffling2SWS3ECTSLecture contentsGeneral orientation in law with a focus on data protection.Assessment methodsLanguageGerman23
Admission requirements A Bachelor degree or diploma certificate from an institute of higher education with a total of 180 ECTS credits with at least 42 ECTS credits in the relevant subjects of information technology, software engineering and network engineering. In exceptional cases, the University Council will make a joint decision with the Program Director.Equivalent certification from abroad Equivalence is determined by international agreements, validation or in individual cases a decision by the head of the academic section.The admission requirements are satisfied with successful graduation from the Computer Science and Digital Communications, Information Technologies and Telecommunication (discontinued) and Applied Electronics Bachelor degree programs offered at FH Campus Wien.Regulation for the admission of third country citizens (PDF 233 KB)Information for applicants with non-Austrian (school) certificates (PDF 145 KB)
Application To apply you will require the following documents:Birth certificateProof of citizenshipA Bachelor degree or diploma certificate/equivalent certification from abroad and CV in table form.Please note: It is not possible to save incomplete online applications. You must complete your application in one session. Your application will be valid as soon as you upload all of the required documents and certificates. In the event that some documents (e.g. references) are not available at the time you apply, you may submit these later via e-mail, mail or in person by no later than the start of the admission process.
Admission procedure The admission procedure assesses the professional suitability of the applicants for the Master's program. It consists of an oral interview. You will receive the date for the admission procedure from the secretary's office. The admission interview usually takes place online via ZOOM.GoalThe goal is to offer a study place to those persons who complete the admission procedure with the best results.CriteriaThe admission criteria are exclusively performance-based. You will receive points for the interview, after which the ranking of the candidates will be determined. Geographical assignments of the applicants have no influence on the admission. The admission requirements must be met. The entire process as well as the evaluations of the admission procedure are documented and archived in a comprehensible manner.
> FH-Prof. Dipl.-Inform. Dipl.-Wirt.Inform. Matthias Peter Hudler Head of Degree Program IT-Security, Head of Competence Center for IT-Security T: +43 1 606 68 77-2461matthias.hudler@fh-campuswien.ac.at