Kies de Nederlandse taal
Course module: 201500041
Cybersecurity Management
Course info
Course module201500041
Credits (ECTS)5
Course typeCourse
Language of instructionEnglish
Contact M. Elhajj
Examiner M. Elhajj
Lecturer M. Elhajj
Contactperson for the course M. Elhajj
Academic year2022
Starting block
RemarksCS and BIT (4TU Cybersecurity, with tele-lectures to TU Delft)
Application procedureYou apply via OSIRIS Student
Registration using OSIRISYes
This is a 4TU course
  1. To understand and explain the complexities of information security in a mature organization;
  2. To have knowledge of the common models and standards for managing information security and to be able to apply this to real-world organizations;
  3. To be familiar with the state of the practice and the state of the art in information security and be able to assess the position of an organization in this field;
  4. To be familiar with the leading standards in this area, their shortcomings and practical implementation guidelines, and to be able to apply this on a given organization
  5. To be able to map risk appetite to control objectives, control and guidance documentation, and  to assess the compliance against control objectives using expert assessment and internal audit;
  6. To understand the common risks and controls in information security;
  7. To be able to do basic security assessments
GOVERNANCE AND RISK MANAGEMENT -Managing and governing information risks. Risk management methodologies in the industry. Overview of the leading control frameworks. Compliance against security risks and reporting. Common pitfalls in implementation and research challenges.
IDENTITY AND ACCESS MANAGEMENT -Managing electronic identities in B2B and B2C and their importance to organizational security. Cross use of EI between government agencies and the financial sector. Potential business growth areas.
ASSESSMENT OF INDUSTRIAL CONTROL SYSTEMS -Introduction to ICS and trends and common security threats. Differences between managing the security of ICS and IT systems. Common challenges in ICS security and how organizations approach them. Live demonstration of an ICS attack.
PHYSICAL SECURITY AND SECURITY AWARENESS-The link between physical, digital and social security. Physical security controls. Social engineering. Methodologies for enhancing security awareness. Penetration testing. Research challenges and potential business growth areas. Short exercise.

SECURITY MONITORING –Development and deployment of monitoring capabilities. Live demo (or visit of operational) security operations center (SOC).
MANAGED SECURITY SERVICES -Outsourcing and managing services involving operational security such as SIEM, Log Management, Layer 7 protection and SOC deployment. Design, implementation and maintenance of security solutions. Live demo.

INCIDENT AND THREAT MANAGEMENT –Identification of potential threats and events of interest. Triage of threats and analysis of incidents. Response and escalation procedures and processes. Few cases from the industry and a live exercise jointly with the crisis management lecture.
CRISIS MANAGEMENT AND BUSINESS CONTINUITY-Developing agile response capabilities. Crisis management governance. Decision making, escalation and notification processes. Few cases from the industry. Live exercise.

Participating studies
BIT and RI (4TU Cybersecurity, with tele-lectures to TU Delft)
Assumed previous knowledge
Knowledge of basic security concepts and security controls. Solid knowledge of information technology and its role in the organization.

Knowledge of security frameworks and risk assessment methodologies.
Participating study
Master Computer Science
Required materials
Course material
Electronic reader (Available on Canvas)
Recommended materials
Course material
White papers
Instructional modes
Presence dutyYes

Presence dutyYes

Project supervised
Presence dutyYes


Exam, Assignments

Kies de Nederlandse taal