If you ask the modern CIO what keeps him awake at night, You expect that next to profit and innovation, ICT security will invariably be in his top-3 of worries.
This course is NOT a technical course (of all 6 course blocks, only one block is “technical”).
It aims at providing the student in a future role of CIO or ICT consultant with enough knowledge to:
Understand the full scope of ICT security;
Find links to, and explanation of associated existing ICT security guidelines and frameworks;
Set up a proper, comprehensive security function within a company (what, why, who);
Know how attacks can occur, and how to prevent (pro-active) and manage (re-active) them;
How to deal with the “human factor” within ICT security.
In order to do so, this course will be conducted by several lecturers, all of which have extensive hands-on knowledge AND experience in dealing with the set-up of ICT security, and the handling of incidents.
The course is intended to be highly interactive.
The aim of this course is:
To provide broad, managerial insight on how to set up and manage an ICT security function within a (large) company;
To provide enough knowledge to be a credible sparring partner for ICT security specialists;
To provide insight in “the human factor as the weakest link” within ICT security;
To learn from hands-on ICT security specialist how attacks take place, and how to defend against them – pro-actively but also re-actively.
The schedule can be found on the Leiden University student website
Detailed table of contents can be found in blackboard.
Mode of instruction
Presentations by hands-on, still operational ICT security specialists;
Presentations by lecturers specialized in the latest encryption technology;
Discussions with these expert lecturers.
“Learn from each other”: mini-lectures from student to student on assigned security-related subjects.
This is very much a “listen to, learn from and discuss with the experts” kind of course; not so much a “study the books” one.
So skipping lectures is NOT recommended, as catching up through reading will be largely impossible.
6 blocks of 2,5 hours:
1 general overview block;
1 encryption technologies block;
1 security-in-the-cloud block;
2 blocks by experts on attack methods, associated defenses, security organization and management;
1 block with “learn from each other” 10-minute student-to-student presentations on assigned ICT security subjects.
“Learn from each other” student-to-student presentations: 30%. These presentations will be co-judged by both the students themselves (50% weight) and the lecturer (50% weight).
Written assignment (paper): 50%. In this assignment, an actual successful attack on a company needs to be analyzed, with the student taking on the role of a security consultant that advises the attacked company.
The paper needs to cover:
= problem analyses: what happened, in detail;
= impact description: what havoc did it cause, both technical as well as financial, reputational;
= short-term measures: DRP-like: what to do immediately, short-term;
= long-term measures: BCP-like: what to improve on the long term, both technical as well as organizational/managerial;
= recap: management summary with recommendations.
The net text length (without cover- and indexpage) needs to be between 10 and 15 pages.
The paper will (also) be judged on its SMART characteristics:
= Specific: case-related, not too generic;
= Measurable: expected impact and/or costs of proposed measures;
= Attainable: realistic in terms of e.g. cost, expertise;
= Relevant: solving the actual problems encountered;
= Timely: timescales provided on all proposed measures.-
Will be provided throughout the course.
You have to sign up for classes and examinations (including resits) in uSis. Check this link for more information and activity codes.
There is only limited capacity for external students. Please contact the programme Co-ordinator
Programme Co-ordinator: ms. Esme Caubo
Also register for every course in Blackboard. Important information about the course is posted here.