Course Name |
Cyber Security in Business |
Course Code |
PD- IT – E1 |
Number of Contact Hours |
15 hours |
Credit Hours |
1 Credit Hour |
Duration and Frequency |
|
Mode of Delivery |
|
Category |
Professional Development – E – Information Technology in Business |
The world is run on computers. From small to large businesses, from the CEO down to level 1 support staff, everyone uses computers. This course is designed to give you a practical perspective on computer security. This course approaches computer security in a way that anyone can understand. Ever wonder how your bank website is secure when you connect to it? Do you ever wonder how other business owners secure their network? Do you ever wonder how large data breaches happen? This is practical computer security. It will help you answer the question – what should I focus on?
On completion of this course, participants are expected to be able to:
o Threats, vulnerabilities, and consequences
o Advanced persistent threats
o The state of security today
o The interrelated components of the computing environment
o Cybersecurity models
o Variations on a theme: computer security, information security, and information assurance
o Security governance
o Management models, roles, and functions
o Information security roles and positions
o Alternative enterprise structures and interfaces
o Strategy
o Strategic planning and security strategy
o The information security lifecycle
o Architecting the enterprise
o Levels of planning
o Planning misalignment
o The System Security Plan (SSP)
o Policy development and implementation
o Timeline of U.S. laws related to information security
o The Federal Information Security
o Management Act (FISMA)
o Security standards and controls
o Certification and accreditation (C&A)
o Principles of risk
o Types of risk
o Risk strategies
o The Risk Management Framework (RMF)
o The challenge of security metrics
o What makes a good metric
o Approaches to security metrics
o Metrics and FISMA
o Physical and environmental threats
o Physical and environmental controls
o Developing a contingency plan
o Understanding the different types of contingency plan
o Responding to events
o Human factors in security
o Developing and implementing a security training plan
o Cross-domain training (IT and other security domains)
o Key future uncertainties
o Possible future scenarios
o How to apply what you’ve learned
Course Textbook
Developing Cybersecurity Programs and Policies, 3rd Edition
Omar Santos
Feedback Given to Participants in Response to Assessed Work
Developmental Feedback Generated Through Teaching Activities
The course grade will be based on a final project presented by the participant and graded by the instructor. Participants much achieve a passing grade of 70% or more to be awarded a certificate of completion of the course.