Skills Matrix and Action Plan
The Network and Information Security Management module gave an insight into the principles of information security management. The basic structure of networks and the Internet that exists today was analyzed and compared and discussed with other approaches such as the ISO/OSI 7-layer model. Concepts and methods were imparted whereby vulnerabilities and threats can be evaluated using models and tools such as the STRIDE model for classifying security risks and the DREAD tool for rating vulnerabilities. National and international standards with regard to security aspects and regulations when handling sensitive data were analyzed and the consequences of data breaches on private individuals and especially companies were discussed. Tools for ethical hacking were presented and their respective advantages and possible applications were examined. Evaluations of websites within the framework of practical applications and case studies on the standards and regulations mentioned such as the GDPR, DPA, PCI-DSS and ICO were made. In addition, an e-commerce website was examined for vulnerabilities as part of ethical hacking and recommendations for reducing threats were developed based on the results. The module thus highlighted the importance of security management in networks, as well as the online presence of companies, and illustrated which aspects of network security must be considered, how vulnerabilities can be examined and how solutions and recommendations can be professionally developed and presented. Thus, the professional work of a consultant for network and information security management was taught and trained, which is of essential importance for a cyber security specialist.