By the end of this course the students will be able:
- to understand the fundamental security goals of maintaining confidentiality, integrity and availability (CIA) of data.
- to learn and implement the techniques used for preserving the fundamental security goals.
- to learn and understand the techniques used for breaching the security measures taken by an enterprise.
- to evaluate risks (e.g. MITRE ATT&CK matrix) posed by security threats on a business.
- to apply security management models (NIST, ISO 27000 series, COBIT etc.) in order to develop a risk management plan.
- to understand the role of social engineering in making cyber attacks successful.
- to model and evaluate the impact of a security breach on an organisation and finally propose an optimal security strategy for a firm in order to increase resilience towards security threats.
- to evaluate if a security solution is efficient and sustainable in the context of small and medium enterprises.
Nearly all industry sectors in this era partially or fully depend on information technologies. This provides an opportunity for malicious actors to target enterprise information systems for their personal gains. Hence, organisations need to be proactive in defending themselves and professionals need to have a know-how of enterprise security fundamentals to reduce the success rate of attacks. This course targets future professionals who will be involved in developing and using enterprise information systems. The objective of the course is to provide the students with knowledge and ability to understand the fundamentals of digitally securing an organisation. The students will not only learn about the various attack strategies (such as denial of service and malware-based attacks) used by cyber-criminals but also defence strategies for protecting the digital assets of an organisation. Students will model and evaluate the impact of security breaches and to optimise security strategies of organisations to improve their resilience towards security threats. They will learn to consider human aspects of security while developing risk management plans. The students will gain both technical and practical knowledge about the field through given study material, journal/conference papers and interaction with professionals working in the area of security and privacy. With the help of a group project to be done with the help of a company, students will get an opportunity to learn about enterprise security in a professional environment.|
The course deals with the following topics: Introduction to fundamental security goals of confidentiality, integrity and availability, attack strategies such as denial of service attacks and remote access trojans, defense strategies and defense architecture such as encryption and firewalls, human aspects of security such as social engineering, developing a risk management plan, security management models, security metrics and measurement of potential economic damage due to cyber attacks, security decision making and incorporating security into enterprise architecture.
The students will have 4 x 45 mins contact hours with the teacher each week. A detailed schedule for the course will be provided to the students in the first week. The course consists of the following components:
- Guest Speakers
- Student project and presentations
- Written examination