FOKUS Akademie - Kurs Security Tester 
metamorworks stock

Risk Management and Security Testing

Basics of Security Testing

The Challenge

Achieving trustworthy security in complex, networked IT systems is anything but easy. Where perfect security cannot be achieved, careful systematic risk management should be the basis for all security-related measures. In the practice of IT systems, however, this is often not the case. This seminar aims to raise awareness of the urgency of risk management.

The Solution

The course shows how safety testing in particular can be optimised by integrating it into a consistent risk management. It imparts the necessary methodology and the associated knowledge to carry out risk-based safety testing independently.

The training is a module of the seminar series: Basics of Security Testing.

Your Advantages at a Glance 

After the seminar you will be able to

  • Implement systematic risk management
  • Derive and prioritise safety test cases from risk models
  • Evaluate results of safety tests with regard to the risk picture

This seminar offers you

  • Theoretical foundations
  • Learning by means of practical examples

 

Content

  • ISO 31000 Risk Management
  • Risk Based Security Testing
  • Test Based Risk Assessment


Learning objectives

After the course, participants will be able to implement risk management and carry out optimised security tests based on the following risk models. 

  • Risk management in the overall context of the organisation

  • Risk identification
  • Risk analysis
  • Risk evaluation
  • Risk treatment
  • Risk-based safety testing
  • Test-based risk analysis and risk evaluation


Target group

Developers, system administrators, test developers


Requirements

Basics of software development

Course data

Specialists and user training

Level: Basic

Termin: In-house seminar (by arrangement)

Duration: 1 day (6 hours)

Venue: Online or in person (Fraunhofer FOKUS, Kaiserin Augusta Alle 31, 10589 Berlin or other locations)

Number of participants: 5-12

Language: German or English (English teaching material)

Speakers: Dr. Jürgen Großmann, Dr. Johannes Viehmann 

Dr Jürgen Großmann is the team leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in quality assurance, risk analysis and IT security testing in the field of critical, networked software systems in the automotive industry and the financial sector.

Dr Johannes Viehmann is a senior researcher and project leader of the Critical Systems Engineering group in the SQC business unit of the Fraunhofer Institute FOKUS. He is an expert in safety-critical, highly interconnected systems, trust-creating concepts and risk management.

Risk Management and Security Testing

Request further information

Privacy enhancement

Privacy enhancement for events related to our privacy policy

As part of the registration for “Quality Engineering for Quantum Computing – Basics” we provide the following compulsory information:

  • Title,
  • Last name, first name,
  • Email address,

Additionally you can provide us following optional information:

  • Degree,
  • Firm,
  • Position.

We collect the required data in order to identify you as participant of the event, to check the provided information for plausibility, to reserve a place for the participant in the event and to establish a contract with you. We also want to supply the participant with information during and after the event, offer the participant an optimal participation and allow us to plan and execute a smooth running event.

We need the payment data to collect the participation fees.

Collecting the voluntary information allows us to plan and conduct the event according to the interests of the participants in an age-appropriate fashion.

We process the data based on your enquiry and for the declared purposes as prescribed by Article 6 para. 1, page 1, lit. b GDPR to perform the contractual obligations toward the participants and meet the conditions precedent to entering into the contract.

We will store the personal data collected in context with the event until the end of the regular limitation period of three (3) years following the end of the year of the event. We will then delete the data unless we are obligated by law to store the data for a longer period according to compulsory safekeeping and documentation obligations pursuant to Article 6 para. 1, page 1 lit. c GDPR and in particular according to § 147 AO [General German Fiscal Code]) or unless you have agreed to a longer data storage according to Article 6 para. 1, page 1 lit. a GDPR. In case of longer data storage, we shall process the data solely to the extent mandated by law or according to your permission. As for all else, the further processing of the data shall be barred.

In the context with project registrations via Internet form, we work with our service provider Mailingwork GmbH, Birkenweg 7, 09569 Oederan, Deutschland (“Mailingwork”). The purpose of this collaboration is the professional management of online registrations to our projects. In the process, our service provider Mailingwork GmbH stores the provided data in Germany.

We entered into an order processing contract with Mailingwork GmbH. The purpose of the cooperation is the provision of project registration services. In this contract, Mailingwork GmbH agrees to process the data on our behalf in compliance with the General Data Protection Regulation (GDPR) and guarantees to comply with the rights of the affected persons. The general data protection regulations for the websites of the Mailingwork GmbH are available at: https://mailingwork.de/datenschutz/.