Cyber Security & Risk Management (Foundational)

Course Overview

This course is industry-focused and career-oriented. It is intended to prepare the students for a cyber security and risk management profession and career. Cyber security and risk management professionals are much sought after since the skills required are interdisciplinary combining business, technology, and risk management skills.

The course will be delivered in two levels- Foundation Level  & Advanced.

• Foundation course (28 hours) covers the broad spectrum of cyber security. It introduces the student to cyber security and risk management concepts and professional practice.
• Advanced Level course  (32  hours)  will provide hands-on practice, with lab exercises, assignments, and project work. Students will have access to MIIM’s cyber security lab hosted in the AWS cloud. The Labs will supplement the lectures to provide a unique learning experience.

These courses will lay the foundation for the students to earn professional certification CISSP later as the professional certification requires five years of professional practice and experience.  The course will also help the students to jump-start their career in cyber security.

Foundation Course

The following topics will be covered in the lectures and will include case studies:

Course Overview – Cyber Security Overview -Cyber security and risk management concepts – (1 hour)

RISK and RISK MANAGEMENT

Technology and business risks (2 hours)
Threats and Threat Modeling including Cloud and Mobile Computing and Threats to critical infrastructures  (1 hour)
Risk management and risk assessments – qualitative and quantitative assessments – the FAIR model & Risk Lens  (4 hours)

CONTROLS – PREVENTIVE, DETECTIVE 
Information security standards ISO 2700x (1 hour)
control frameworks NIST SP 800-53A, NIST CSF  (2 hours)
Communication and network security (2 hours)
Operating systems system security  (2 hours)
database security including Cloud security (2 hours)
Web application vulnerabilities & OWASP  (2 hours)

INCIDENT RESPONSE AND MANAGEMENT
Cyber security incident management (2 hours)
Business continuity and disaster recovery (2 hours)

REGULATORY COMPLIANCE
Infosec regulations and compliance:  GDPR, SOX, HIPAA, GLBA,  IT Act 2000, (India), Privacy Regulations  (2 hours)

INFOSEC CAREER AND REQUIRED SKILLS
Information Security & Information Systems professional certifications CISSP, CISA, CISM, CRISC, CSX and cyber security /risk management career (1 hour)
Required Skills and Competencies: Technical, Business, and Soft skills (Written and Verbal Communication and Behavioral Skills, Analytical Skills and Critical Thinking, Learning on the fly.  (2 hours)

Advanced Level:

Lab exercises

Ethical Hacking,  Firewalls, IDS/IPS, Operating System scans, Network penetration testing, application vulnerability scans,  secure coding  Lab Exercises

Assignments and project work   (illustrative, not exhaustive)

1. Analysis of a cyber security incident
2. Underground hacker economy
3. Online financial frauds
4. Social media traps
5. End-User Security
6. Risk and Threat Analysis for an application or device

Intended students/participants

Students of MBA (Systems), MCA, B.Tech, M.Tech