MCSM Cyber Security Management
Master of Science (M.Sc.)

Aim of the studies

The aim of the Master's degree programme in Cyber Security Management is to enable graduates to

• Plan and apply technical cyber defence and digital forensics to protect IT systems,
• manage projects for the implementation of information security management systems (ISMS),
• introduce management applications into existing system landscapes in accordance with relevant quality and security features, manage and audit them,
• define performance requirements for external service providers for a Security Operation Centre and manage and monitor them,
• assess ICT crime in terms of evidence and fraud.
• use the knowledge gained from digital forensics to design customised early warning systems and protective methods,
• plan and take responsibility for the integration of new solution concepts into the existing IT architecture while ensuring a secure infrastructure for the institution's system landscape,
• evaluate audit processes and audit programmes with regard to opportunities and challenges and take the lead in carrying them out,
• use project management and leadership methods to successfully plan and manage security-related and cross-divisional projects and lead cross-organisational teams.
  

With the knowledge they have gained, graduates of the Master's degree programme in Cyber Security Management are important employees for companies in the management and implementation of procedural and organisational information security, in IT operations and in information technology.

Graduates deal with the design, development, selection and utilisation of IT security architectures, IT security procedures and technologies in companies and in administration. The studies enable graduates to take on managerial tasks in a company at the interface between the specialist department and IT security in a qualified and competent manner.

Content and structure of the studies

The following qualification focuses are set within the framework of 4 specialisation semesters, which are determined on the basis of several qualification areas and distributed across individual modules that reflect the individual learning objectives and thus form the content per qualification objective.

Q1 Digital Forensics & Technical Cyber Defence

• Various aspects from the areas of network forensics, mobile phone forensics, electronic forensics and compliance topics
• Special features and challenges in forensic analysis
• Methods for digital forensics with threat defence plans
• Concepts and action measures as well as recognising attack vectors and measures to combat them in the long term
• Cyber attacks and the different methods
• Planning of cyber incident & response processes
• Analysing log data from the network area and deriving suitable measures
• Resilience, cloud and container security architectures as well as security features for tokens and certificates, open source intelligence.

Q2 Cyber Security Management

• Vulnerability of IT systems
• Preventive and detective use of IS
• Introduction to management systems according to relevant quality and security features (QA + IT security) using the PDCA cycle and CIP
• Auditing of SIEM management systems
• Concepts of the second and third line of defence
• Security processes and projects that lead to a long-term increase in the resilience of IT systems
• Processes for implementing information security management systems and frameworks in accordance with ISO/IEC 27001, IT Security Act, COBIT, NIST, ITIL
• Management of external service providers (especially security operation centres).

Q3 Aspects of cybercrime

• ICT crime: understanding evidence and fraud
• Early warning concepts and detective methods in digital forensics.

Q4 Security of the system architecture

• Examination of the ability to integrate new solution concepts into the existing architecture and verification of security-relevant features
• Infrastructure of system landscapes (clients, Windows/Linux servers, network, firewalls, storage, etc.), (embedded systems).
  

Q5 Soft Skills

• Preparation of and for (internal and external) audits
• Control, implementation and monitoring of audit processes and audit programmes
• Efficiently organising personnel recruitment, development, motivation and management processes
• Project management methods: Prince 2, Scrum, Six Sigma etc.
• Methods for planning, implementing and managing safety-specific projects
• Project assignments and presentation of results: internal research projects and external, application-orientated projects from industry.

In the fourth semester, the master's thesis is completed and documented in written form. The degree is rounded off with an oral examination in which the master's thesis is presented and defended.

Here you will find a graphic overview of your course of study and the programme content(see illustration WiSe & illustration SoSe).

Occupational fields and future prospects

The Cyber Security Management (M.Sc.) degree programme is just right for today's security-ambitious and creative young minds who are looking for an innovative and future-oriented degree with a high practical component in order to effectively and efficiently shape the technical world of tomorrow with its digitalised and automated basic elements and to secure it in an economically and ecologically sustainable way.
As a graduate of the degree programme, you will be professionally and methodologically qualified to meet the current and future job profiles within information and communication technology and critical infrastructures, depending on your chosen specialisation and personal interests. Later on, you will be able to work in the following professional fields, for example:

Within a company

• Head of information security
• Head of data protection
• Head of IT security
• Cyber security expert in the area of network access control (network security)
• IT security expert in the area of identity access management
• As an internal lead auditor or auditor
  

Job profiles as an external employee / freelancer

• Network security specialist
• ISMS implementer according to ISO/IEC 27001 and IT-Grundschutz
• Auditor according to ISO/IEC 27001 / EnWG of the BNetzA and BSI
• Consultant with various specialisations.

As a graduate, you will also be highly sought after by federal authorities, such as the Federal Office for Information Security (BSI).

The study requirement for the Master's degree programme is a first professionally qualifying university degree in a relevant Bachelor's or Diplom degree programme at a German university or a degree from a foreign university that is at least equivalent to the aforementioned.

Study requirements

(1) The requirements for admission to the Master's degree programme are

1. proof of completion of a relevant Bachelor's or Diplom degree programme at a German university or a degree at a foreign university that is at least equivalent to the aforementioned,



Relevant degree programmes within the meaning of sentence 1 no. 1 are those that have at least

• 30 ECTS credits in the area of IT core competences (e.g. software development, computer networks, secure application systems, data management) and
• 30 ECTS credits in the field of security/business administration (e.g. organisation, public and private e-government, administrative and IT law, digital transformation)

must have. Practical phases and theses are not taken into account in the examination of relevance; the same applies to specialist languages and key qualifications (soft skills).

(2) Applicants who have not acquired their admission requirements at a German-speaking institution must have the German language skills required for the degree programme. The following certificates in particular are recognised as proof of sufficient language skills:

• TestDaF (Test of German as a Foreign Language), at least level 4 in all parts
• German language examination for university entrance (DSH-2)
• German Language Diploma, Level II (KMK)
• Goethe-Zertifikat C2: GDS (from 2012)
• Kleines Deutsches Sprachdiplom of the Goethe-Institut (until 2012)
• Zentrale Oberstufenprüfung of the Goethe-Institut (until 2012)

(3) Admission to studies is excluded if the applicant has definitively failed an examination required by the examination regulations in the same degree programme at a higher education institution within the scope of the Basic Law. Admission to the degree programme is also excluded if

1. the examination was finally failed at a higher education institution within the area of application of the Basic Law in a degree programme that has a significant content-related proximity to the degree programme regulated here, and

2. the examination in question is also mandatory under these examination regulations.