Cyber security management
- Class 30
- Practice 30
- Independent work 60
Course title
Cyber security management
Lecture type
Obligatory
Course code
22-02-522
Semester
3
ECTS
4
Lecturers and associates
Course overview
This module is designed to support students’ transition from practitioner to a managing role.
In this module students will learn how to manage processes related to Cyber Security components and rules by which a secure and reliable information system is designed, implemented, and maintained.
Students will learn about:
• Security and Risk Management
• Asset Security
• Security Architecture and Engineering
• Communication and Network Security
• Identity and Access Management (IAM)
• Security Assessment and Testing
• Security Operations
• Software Development Security
This module is based on the knowledge and understanding required for a managing role in Cyber Security.
Literature
Essential reading:
1. Chapple, M., Stewart, J.M. and Gibson, D., (2018). (ISC) 2 CISSP Certified Information Systems Security Professional Official Study Guide. New York: John Wiley and Sons.
Recommended reading:
1. Warsinske, J., Graff, M., Henry, K., Hoover, C., Malisow, B., Murphy, S., Oakes, C.P., Pajari, G., Parker, J.T., Seidl, D. and Vasquez, M., (2019). The Official (ISC) 2 Guide to the CISSP CBK Reference. New York: John Wiley and Sons.
Professional Master in Computer Engineering, sub-specialization in Software Engineering
Minimal learning outcomes
- Define and manage the concepts used in implementing and maintaining system security related to risk management
- Define and manage the concepts of information equipment and assets security
- Define and manage concepts related to security of architecture and software engineering
- Define operational processes related to system security.
- Define terms related to identity management and rights access
- Define security assessment and system testing
- Define terms related to communication and network security.
- Define secure software development processes.
Preferred learning outcomes
- Design a risk management process
- Design information security management with consideration on regulatory requirements, and standardization
- Design a secure information system using basic security model concepts and secure application design principles
- Define and manage delivery and protection systems, implement detective and preventative measures to prevent system compromise while exploiting it, manage system testing and recovery processes against unwanted errors
- Design authentication and authorization processes, right management
- Carry out system testing at the level of security controls and data processing, and design and validate assessment, testing and audit strategies
- Design communication and network security.
- Design SDLCs and interpret standards and guides for secure coding.