CAS Cyber Risk Awareness

German Only!

Semester: Spring Semester 2026
Target Group: Security & Privacy Awareness Staff in Organizations
ECTS: 12

Organizations are increasingly threatened by cyber risks that can have serious economic and human consequences. Understanding the human factor is becoming increasingly important in protecting against cyber-attacks. A “wrong click” on a malicious email attachment can lead to business failure, loss of personal data and reputational damage. Raising the awareness of management, specialist departments (e.g. IT) and employees is therefore becoming an increasingly important complement to technical and organizational measures in practice and is explicitly expected (e.g. in audits, for cyber insurance).

The CAS Cyber Risk Awareness enables managers and external consultants to

• Sensitize management, specialist departments (e.g. IT) and employees to the issues of information security and data protection.
• Develop, implement and evaluate targeted measures to promote secure behavior.

The course uses established concepts from psychology (especially behavior change), communication and IT. These are complemented by practical know-how.

CAS Secure and Sovereign IT Infrastructures

German Only!

Semester: Autumn Semester 2026
Target Group: System Administrators, CISOs, DevOps, DevSecOps, Cloud Engineers, Technical Account Manager, etc.
ECTS: 12

IT security and sovereignty are becoming increasingly critical as cyberattacks grow ever more sophisticated. This raises key questions: How secure are my data in the cloud? What about hybrid or on-premise infrastructures? Who has access to my data? Is the environment truly maximally secure? How would a hacker attack? How can I detect an attack? How do I protect myself? How can I retrieve my data from the cloud?

We address these and similar questions in the CAS Secure and Sovereign IT Infrastructures. Beyond discussing security measures, we apply them hands-on in multiple test environments. Where feasible, we simulate relevant attacks upfront, gaining direct insight into hackers’ mindsets and tools.

CAS Cyber Security Management

German Only!

Semester: Fall Semester 2026 (August)
Target Group: CISOs, DevOps, DevSecOps, Systems Engineers, (Technical) Account Managers, anyone interested in cyber security management
ECTS: 12

This course focuses on teaching participants how to identify vulnerabilities in IT systems and applications and implement appropriate protective measures. The aim is to enable them to understand the legal implications and, where necessary, secure these contractually. In addition, they should be able to prepare the necessary mandatory reports in the appropriate form in the event of a critical incident.

After a brief introduction to the technical aspects of modern IT infrastructures and the resulting attack vectors, the legal framework will be explained in a practical manner. In the first step of developing a cybersecurity organization, current IT security management standards and frameworks are discussed and applied using examples. In the second part of the CAS, practical cybersecurity incidents are examined. These are viewed from several angles and are based on current topics. One example of a currently relevant topic is “ransomware.” The lecturers involved discuss the incidents from the perspective of the CISO, the legal advisor, and the responsible insurance company. Another key teaching unit covers the management of such incidents (crises) and the appropriate communication (internal, external) of the facts. Finally, it is necessary to develop an exemplary CISO organization, its roles and relationships, and the necessary key figures for assessing maturity.

Although technical aspects play an important role, the primary focus of the CAS Cyber Security Management is on the management requirements of a cyber security organization within a company.

CAS Secure Software Design & Development

German Only!

Semester: Spring Semester 2026 (February)
Target Audience: Software engineers with / and without leadership position
Lectures in German language
ECTS: 12

The CAS Secure Software Design & Development course is aimed at professionals with a background in software engineering who want to gain a comprehensive understanding of software security in order to acquire in-depth knowledge and practical skills in this area, manage software projects, develop software and/or share responsibility for architecture.

The course is designed to enable participants to develop functional and secure software even in the complex environment of modern software development environments. We begin the course in the traditional manner with topics such as the Secure Software Development Lifecycle (SSDLC), understanding common vulnerabilities and threat modelling. We then focus on static and dynamic security testing before bringing the topics together in a larger context in a final project. We will focus on backend security and apply appropriate authentication and authorisation models.

In the course, we use best practices from modern environments and develop REST backends with Java/Spring Boot, use automated deployment pipelines and federated authentication environments. For successful participation, software development knowledge in at least one object-oriented programming language is essential. A comprehensive self-study preparatory course is available for all non-Java developers.

CAS Applied Network and System Security

German Only!

Semester: Fall Semester 2026 (September)
Target Audience: System Administrators, SOC-Analysts, Security Engineers, IT-Architects
Lectures in German language
ECTS: 12

This CAS is aimed at IT professionals who are responsible for the secure operation, monitoring and recovery of IT infrastructures. The focus is on practical skills for securing systems, networks and data against current threats.

The course is divided into three modules (network, cryptography and response), each of which looks specifically at concepts, attacks and defence mechanisms. The network module examines attacks on the different layers (L2-L5) and highlights the limitations of logical separation (VLAN) or network access control and firewalls. A special feature of this lab is the high proportion of hands-on teaching in our fully equipped network laboratory, which allows us to realistically simulate attacks and countermeasures. The cryptography module introduces the basics of current cryptographic methods and demonstrates their application and pitfalls in securing individual network layers such as MAC-Sec, VPN or TLS. The final module deals with recovery strategies, particularly for single hosts or end-user devices, as is typically necessary after a ransomware incident. We look at (partially) automated recovery in the areas of firmware, operating system, configuration + software deployment and user data.