Information Security Group

The research field of information security encompasses a wide range of topics dealing with the development and improvement of security measures to protect information from threats and attacks. Some of the key topics in information security research are:

  1. Cryptography: Cryptography is a fundamental concept in information security and includes technologies for encrypting data. Research is focused on developing new cryptographic algorithms and protocols that provide more effective and secure encryption technologies.
  2. Security Management: This topic relates to the development of methods and procedures for monitoring and managing security risks and threats. It also includes the development of standards and guidelines for information security management systems.
  3. Network security: Network security includes the study of security threats and risks in networks and the development of methods and technologies for securing networks and preventing attacks on networks.
  4. Data Security: This topic deals with securing data and developing technologies and procedures to prevent data leakage and unauthorized access to data.
  5. Identity and access management: Identity and access management encompasses technologies and processes for managing user identities and access rights. Research in this area deals with the development of technologies for authenticating users and managing access rights.
  6. Forensic Investigations: Forensic investigations relate to the investigation of security breaches and incidents and the development of methods to identify and track attackers.
  7. Mobile security: Mobile security includes securing mobile devices and applications, and developing technologies and procedures to prevent attacks on mobile devices.

An important and central element is the practical information security management system (ISMS) as a structured approach to the management of information security in an organization. It is a framework of processes, procedures, policies and technologies that help ensure and improve information security in an organization.

The goal is to enable a systematic and continuous approach to information security. It aims to ensure that information security in an organization is continuously monitored, evaluated and improved. An ISMS usually includes the following steps:

  1. Establishing information security policies and procedures
  2. Identification of threats and risks to information security
  3. Assessing the impact of security threats and risks on the organization
  4. Development of measures to reduce risk and maintain information security
  5. Implementation and execution of information security measures
  6. Monitoring and evaluating the effectiveness of information security measures
  7. Continuous improvement of information security measures

An ISMS can be based on international standards, such as ISO 27001 or BSI Grundschutz, to ensure that the organization has implemented information security best practices and has established an effective information security management system. An ISMS is an essential tool to ensure that information security in an organization is continuously improved and kept up to date.

Information security research as a whole is an important field as the increasing reliance on technology and the proliferation of cybercrime are forcing more and more companies and organizations to engage with the latest developments and technologies in information security.