Security Engineering

Dr. rer. nat. Wolfgang Böhmer
Research Scientist / Lecturer
Security Engineering Group
Computer Science Department
Technische Universität Darmstadt

CASED building, Mornewegstrasse 30, D-64293 Darmstadt, 4th floor, room 4.3.31

 

Phone: +49-6151-16-70859
Fax: +49-6151-16-72051

Email: wboehmer(-at-)cdc.informatik.tu-darmstadt.de

 

---

 

My research interest focus on both IT security and information security. Besides, the concept of IT security is extended into the concept of information security which encompasses substantially more aspects than those of IT security. An other questions is, how to evaluate effectiveness and economic efficiency of an information security management systems (ISMS) according to ISO 27001:2005, (BCMS) according to BS 25999-2:2007 or an ITSMS according to ISO 20000 (ITIL). Another main focus is the area of business and risk modeling for both state risks and behavior risks. Furthermore the driving question is, how do we could model critical bussines processes with the theory of control systems in conjunction with an ISMS.  It seems to me that the Process Algebra (PA) and modal logic with the micro common representation language mCRL2, developed by the TU-Eindhoven, is a good approach.

Beside my activities as a more externally scientific colleague and teaching representative of the chair, I operate also as an accredited auditor (licence: BSI-GSL-0058-2003 and BSI-IGL-0012-2006) of the Federal Office for security in the information technology (BSI) in Bonn (Germany) and as a qualified Lead auditor (Certificate No. 24192-74805) of the British Standard Institute (BSI) in UK for the ISO 27001:2005. 

 

---

 

Program Committee member of:

ARES 2009 - Fukuoka, Japan, International Conference on Availability, Reliability and Security

SECUWARE 2009, Athens/Glyfada, Greece, The Third International Conference on Emerging Security Information, Systems and Technologies, 

SECUWARE 2010, Venice/Mestre, Italy, The Fourth International Conference on Emerging Security Information, Systems and Technologies,

MKWI 2010, Göttingen, MultiKonferenz für Wirtschaftsinformatik

ISSE/SICHERHEIT 2010, Berlin, SICHERHEIT – Schutz und Zuverlässigkeit

SECUWARE 2011, French Riviera,
Nice/Saint Laurent du Var, France, The Fifth International Conference on Emerging Security Information, Systems and Technologies

perspeGKtive 2011, Darmstadt,  Innovative und sichere Informationstechnologie für das Gesundheitswesen von morgen

Computation Tools 2011,

MKWI 2012, Braunschweig, MultiKonferenz für Wirtschaftsinformatik

Program member and Chairs

Program member and general chair of the annual CAST Workshop "Enterprise security" (since 2005)

Session chair SECUWARE 2009 (Athen/Greece),

TSP 2010 (Bradford/UK),

SECUWARE 2010 (Venice/Italy)

Member of the Jury GI "Promotionspreis IT-Sicherheit" 2010

Member of organizations

Member of Gesellschaft für Informatik (GI), Fachgruppe Informationssicherheit (SecMgmt),

Member of ISACA

Member of (ISC)2

Member of RMA e.V.

Member of IFIP, WG11.1

Member of CAST e.V.

Member of ISO/IEC JTC 1/SC27 - IT Security Techniques (Chapter Germany).

 

---

 

• Lecture 20.088.1 (2SWS) IT-Sicherheitsmanagement Systeme
  

Winter term 2009/10:

• Lecture 20.088.1 (2SWS) IT-Sicherheitsmanagement Systeme
  

Summer term 2009:

• Lecture 20.881. (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2008/09:

• Lecture 20.088.1 (2SWS) IT-Sicherheitsmanagement Systeme
  

Summer term 2008:

• Lecture 20.088.1 (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2007/08:

• Lecture 20.088.1 (2SWS) IT-Sicherheitsmanagement Systeme

Summer term 2007:

• Lecture 20.284.1 (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2006/07:

• Lecture 20.209.1 (2SWS) IT-Sicherheitsmanagement Systeme

Summer term 2006:

• Lecture 20.284.1 (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2005/06:

• Lecture 20.209.1 (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2005/06:

• Lecture 20.209.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Summer term 2005:

• Lecture 20.284.1 (2SWS) IT-Sicherheitsmanagement Systeme

Winter term 2004/05:

• Lecture 20.183.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Summer term 2004:

• Lecture 20.183.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Winter term 2003/04:

• Lecture 20.205.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Summer term 2003:

• Lecture 20.183.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Winter term 2002/03:

• Lecture 20.205.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

Summer term 2002:

• Lecture 20.183.1 (2SWS) Virtual Private Networks, Drahtgebunden und drahtlos

 

---

 

1. Boehmer, W.: Dynamic systems approach to analyzing event risks and behavioral risks with Game Theory, PASSAT 2011, The Third IEEE International Conference on Privacy, Security, Risk, and Trust, 09.10 - 11.10.2011, p. 1231 - 1238, IEEE Computer Society, MIT, Boston, USA. 
2. Boehmer, W.: Über die Anwendung von Sicherheitsmanagement Systemen, Policies und Spieltheorie zur Unternehmensabsicherung. Tagungsband, Lecture Notes in Informatics (LNI) 41. Jahrestagung der Gesellschaft für Informatik, 4.10 - 07.10. 2011, TU Berlin, Bonner Köllen Verlag (2011) ISBN 978-3-88579-286-4, Germany.
   
3. Boehmer, W., Brand, Ch., Groote, J.-F.: Analysing the dynamic behaviour of a Business Process and the related Business Continuity Process with mcrl2; invited article to the International Journal On Advances in Intelligent Systems 2011, volume 4, number 34: COMPUTATION TOOLS. (accepted for publication)
4. Boehmer, W.: Toward a target and coupling function of three different Information Security Management Systems, invited article from the journal: Concurrency and Computation: Practice and Experience, 2011, 00:1-7, John Wiley & Sons, Ltd. 
5. Boehmer, W.: Information Security Management Systems Cybernetics, invited book chapter in Strategic and Practical Approaches for Information Security Governance: Technologies and Applied Solutions. Manish Gupta, John Walp and Raj Sharman (ed) 2011.
   
6. Boehmer, W. and Brandt, Ch. and Groote, J.F.: Analysing the dynamic behaviour of a Business Process and the related Business Continuity Process with mcrl2; The First International Conference on Computational Logics, Algebras, Programming, Tools, and Benchmarking, COMPUTATION TOOLS 2010, November 21-26, 2010 - Lisbon, Portugal; IEEE Computer Society.
   
7. Boehmer, W.: Analysis of Strongly and Weakly Coupled Management Systems in Information Security; Fourth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2010), July 18 - 25, 2010 - Venice/Mestre, Italy, IEEE Computer Society.
8. Boehmer, W.: Toward a target function of an Information Security Management System; The Third IEEE International Symposium on Trust, Security and Privacy for Emerging Applications (TSP-2010), Bradford, UK, 29 June-1 July, 2010, IEEE Computer Society
9. Boehmer, W.: Analyzing Human Behaviour using Case-Based Reasoning with the help of Forensic Questions; 24th. IEEE International Conference on Advanced Information Networking and Applications, (AINA 2010), Perth, Australia, 20- 23. April, 2010; IEEE Computer Society.
10. Böhmer, W.: Managementsysteme sind Balance-Systeme – Diskussion relevanter Kennzahlen eines ISMS gemäß ISO/IEC 27001:2005, Multikonferenz für Wirtschaftsinformatik (MKWI 2010), Göttingen 23. - 25.02.2010.
11. Boehmer, W.: Performance, survivability and cost aspects of Business Continuity Processes According to BS25999, International Journal On Advances in Security, issn 1942‐2636, vol. 2, no. 4, year 2009, http://www.iariajournals.org/security/.
12. Boehmer, W.: Anwendung der forensischen Fragestellung in der Compliance Analyse; Bank-Verlag Medien GmbH in Köln, Risk, Compliance & Audit (RCA), 5/2009. 
13. Boehmer, W. and Brandt, Ch. and Groote, J.F.: Evaluation of a Business Continuity Process using Process Algebra and Modal Logic; Computer Science Report CSR-09-12, Eindhoven University of Technology, 2009. (The report should appear automatically on http://w3.win.tue.nl/nl/onderzoek/onderzoek_informatica/ under computer science reports.)
14. Boehmer, W. and Brandt, Ch. and Groote, Jan Friso.: Evaluation of a Business Continuity Plan using Process Algebra and Modal Logic, 2009, proceedings IEEE Toronto International Conference – Science and Technology for Humanity (IEEE-TIC-STH), SIASP 2, pp. 147 -152, September 26-27, 2009, IEEE Computer Society.
15. Boehmer, W.: Überlebenswahrscheinlichkeit eines Unternehmens bei Anwendung eines BCMS gemäß BS 25999, Wie wahrscheinlich übersteht ein Unternehmen eine Katastrophe?; Bank-Verlag Medien GmbH in Köln; Risk, Compliance & Audit (RCA), 2/2009, Seite 23-30.
16. Boehmer, W.: Survivability and Business Continuity Management System According to BS 25999; Third International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2009), Athens/Glyfada, Greece, June 2009, IEEE Computer Society; "Best paper award".
17. Boehmer, W.: Cost-benefit trade-off analysis of an ISMS based on ISO 27001, ARES Conference, The International Dependability Conference, March, 16th - 19th 2009, Fukuoka Institute of Technology (FIT), Fukuoka, Japan, IEEE Computer Society.
18. Böhmer, W.: Risiko, Voodoo und das Gesetz der großen Zahlen, Security Corner in der Computer Zeitung, Konradin-Verlag, online-Ausgabe, KW42, 2008; www.computer-zeitung.de; erschienen am 13.10.2008.
19. Boehmer, W.: Appraisal of the effectiveness and efficiency of an Information Security Management System based on ISO 27001; The Second International Conference on Emerging Security Information, Systems and Technologies; (SECUWARE 2008), Cap Esterel, France;August 25-31, 2008, pp1-8, IEEE Computer Society.
20. Boehmer, W.: Compliance Profiling: Dem Täter auf der Spur; Security Corner in der Computer Zeitung, Konradin-Verlag, online-Ausgabe, KW14, 2008; www.computer-zeitung.de; erschienen am 14.03.2008.
21. Boehmer, W.: Wie sich die Wirksamkeit der Informationssicherheit messen lässt: Wege aus der Sackgasse des Return on Security Investment (ROSI); microsite.computer-zeitung.de/article.html &pid=ee54f3c7-0de1-40f5-bb23-2cfdf022aee5&page=1&pos=2&ms=/security-corner/index.html &tpid=ee54f3c7-0de1-40f5-bb23-2cfdf022aee5 Security Corner in der Computer Zeitung, Konradin-Verlag, online-Ausgabe, KW3, 2008; www.computer-zeitung.de; Erschienen 29.01.2008.
22. Brandt, Ch.; Boehmer,W.; Engel, T.; Roeltgen, C.: Diskussionsvorschlag einer Lösungsskizze zur Behandlung von operationellen IT-Sicherheitsrisiken nach Basel II auf Grundlage von Anforderungen der Credit Suisse; Multikonferenz für Wirtschaftsinformatik (MKWI 2008), München 2008, srvmatthes6.in.tum.de, Stand 03.01.2008.
23. Boehmer,W.: Bei Sicherheitsaudits drohen Fallstrike, Security Corner in der Computer Zeitung, Konradin-Verlag, online-Ausgabe, KW41, 2007; www.computer-zeitung.de; Erschienen 08.10.2007. microsite.computer-zeitung.de/article.html &page=3&ms=/security-corner/index.html&pos=18&tpid=ee54f3c7-0de1-40f5-bb23-2cfdf022aee5 &pid=ee54f3c7-0de1-40f5-bb23-2cfdf022aee5
24. Böhmer, W.: Informationssicherheitsmanagementsysteme im Kontext einer IT-Governance, in Rechts- und Haftungsrisiken im Unternehmensmanagement, Wiley-VCH Verlag München, (eds.) Romeike/Hirschmann , S.86-125, ISBN 3-86556-166-0, Juni 2006.
25. Boehmer, W. and Petzel, E.: Evaluation of the Quality of an Information Security Management System (ISMS), IPSI-2006 Marbella Conference, February 10-13, 2006. Book of Abstract, ISBN: 86-7466-117-3.
26. Böhmer, W.: VPN - Virtuelle private Netzwerke,  Kommunikationssicherheit in VPN- und IP-Netzen über GPRS und WLAN 2. überarbeitete und erweiterte Auflage, 2005, ISBN 3-446-22930-2.
27. BöHMER, W.: Informationssicherheitsmanagement und IT-Governance, RISKNEWS - Fachmagazin für Risikomanagement, Ausgabe 05/2005, Wiley-VCH Verlag, München.
28. Böhmer, W.: VPN - Virtuelle private Netzwerke,  Die reale Welt der virtuellen Netze, Carl-Hanser Verlag in München 1. Auflage, 2002, ISBN 3-446-21532-8.
29. Böhmer, W. und Knöpfle, K., AES und die Zukunft der Privatsphäre im Internet, Tagungsband 7. Deutscher IT-Sicherheitskongreß des BSI 2001, SecuMedia Verlag, Ingelheim, ISBN 3-922746-36-5.

 

Wolfgang Boehmer:
VPN: Virtual Private Networks
Kommunikationssicherheit in VPN- und IP-Netzen über GPRS und WLAN
2. überarbeitete und erweiterte Auflage,
Hanser Verlag München, Juni 2005
432 Seiten, Gebunden
ISBN 3-446-22930-2
39,90 EUR