Course Objectives: |
This course is designed to teach students how to engage all functional levels within the enterprise to deliver information system security. To this end, the course addresses a range of topics, each of which is vital to securing the modern enterprise.
These topics include inter alia plans and policies, enterprise roles, security metrics, risk management, standards and regulations, physical security, and business continuity.
Each piece of the puzzle must be in place for the enterprise to achieve its security goals; adversaries will invariably find and exploit weak links.
|
Course Content: |
The Security Environment ,Principles of Cybersecurity,Cybersecurity Management Concepts, Cybersecurity Management Concepts, Enterprise Roles and Structures, Strategy and Strategic Planning, Security Plans and Policies, Security Standards and Controls, Risk Management, Security Metrics and Key Performance Indicators (KPIs), Security Education Awareness, Training, Physical Security and Environmental Events, Contingency Planning , Security Education, Training, and Awarenes, The future of cybersecurity
|
Week |
Subject |
Related Preparation |
1) |
The Security Environment
Threats, vulnerabilities, and consequences
Advanced persistent threats
The state of security today
Why security matters to TSE
|
|
2) |
"Principles of Cybersecurity
• Cybersecurity models (the CIA triad, the star model, the Parkerian hexad)
• Variations on a theme: computer security, information security, and information assurance "
|
|
3) |
"Cybersecurity Management Concepts:
Security governance
Management models, roles, and functions
|
|
4) |
" Enterprise Roles and Structures:
Information security roles and positions
Alternative enterprise structures and interfaces |
|
5) |
" Strategy and Strategic Planning: • Strategy
• Strategic planning and security strategy
• The information security lifecycle
• Architecting the enterprise " |
|
6) |
" Security Plans and Policies:
• Levels of planning
• Planning misalignment
• The System Security Plan (SSP)
• Policy development and implementation |
|
7) |
"Security Standards and Controls:
• Security standards and controls
• Certification and accreditation (C&A) |
|
8) |
" Risk Management :
• Principles of risk
• Types of risk
• Risk strategies
• The Risk Management Framework (RMF) |
|
9) |
" Security Metrics and Key Performance Indicators (KPIs) : • The challenge of security metrics
• What makes a good metric
• Approaches to security metrics
• Metrics and FISMA " |
|
10) |
" Security Education Awareness, Training: • Human factors in security
• Developing and implementing a security training plan
• Cross-domain training (IT and other security domains) |
|
11) |
" Physical Security and Environmental Events : • Physical and environmental threats
• Physical and environmental controls
|
|
12) |
" Contingency Planning Developing a contingency plan
• Understanding the different types of contingency plan
• Responding to events " |
|
13) |
"Security Education, Training, and Awarenes • Human factors in security
• Developing and implementing a security training plan
• Cross-domain training (IT and other security domains) |
|
14) |
"The future of cybersecurity • Key future uncertainties
• Possible future scenarios
• How to apply what you’ve learned |
|
|
Program Outcomes |
Level of Contribution |
1) |
Adequate knowledge in mathematics, science and computer engineering; the ability to use theoretical and practical knowledge in these areas in complex engineering problems.
|
|
2) |
Ability to identify, formulate, and solve complex engineering problems; ability to select and apply appropriate analysis and modeling methods for this purpose.
|
|
3) |
Ability to design a complex system, process, device or product to meet specific requirements under realistic constraints and conditions; ability to apply modern design methods for this purpose.
|
|
4) |
Ability to develop, select and use modern techniques and tools necessary for the analysis and solution of complex problems encountered in computer engineering applications; ability to use information technologies effectively.
|
4 |
5) |
Ability to design, conduct experiments, collect data, analyze and interpret results for the study of complex engineering problems or computer engineering research topics.
|
3 |
6) |
Ability to work effectively within and multi-disciplinary teams; individual study skills.
|
|
7) |
Ability to communicate effectively in verbal and written Turkish; knowledge of at least one foreign language; ability to write active reports and understand written reports, to prepare design and production reports, to make effective presentations, to give and receive clear and understandable instructions.
|
|
8) |
Awareness of the necessity of lifelong learning; ability to access information, to follow developments in science and technology and to renew continuously.
|
|
9) |
To act in accordance with ethical principles, professional and ethical responsibility; information on the standards used in engineering applications.
|
|
10) |
Information on business practices such as project management, risk management and change management; awareness of entrepreneurship and innovation; information about sustainable development.
|
|
11) |
Knowledge of the effects of engineering practices on health, environment and safety in the universal and social scale and the problems of the era reflected in engineering; awareness of the legal consequences of engineering solutions.
|
|