Cyber Security managementLaajuus (4 cr)
Code: TT00CE07
Credits
4 op
Teaching language
- Finnish
- English
Responsible person
- Jarmo Nevala
Objective
The student understands the importance, principles and requirements of cyber security and information security management systems in organizations and society. The student knows the content, structure and scope of the ISO/IEC 27000 series of standards and its use in the planning, implementation and evaluation of cyber security management.
The student knows how to choose and implement information security management methods in different areas, such as information security policy, personnel security, physical security, communication security and procurement security. The student knows how to manage information security risks systematically and effectively in different phases, such as risk identification, assessment, processing and monitoring.
The student knows how to develop and use information security metrics and reporting in monitoring and improving information security management. The student knows the process and requirements of information security auditing and certification and know how to prepare for them appropriately.
EUR-ACE Knowledge and understanding
The student can explain the key concepts, principles and standards of cyber security and their importance for organizations and society.
EUR-ACE Engineering practice
The student knows how to plan, implement and maintain a cyber security management system in accordance with the ISO 27000 standard.
EUR-ACE Multidisciplinary competences
The student can assess the current state of an organization's cyber security and identify its strengths, weaknesses, opportunities and threats. The student knows how to solve problems and challenges related to cyber security creatively and innovatively using different methods and tools.
Content
In this course, you will learn the significance, principles, and requirements of cybersecurity and information security management systems in organizations and society. You will understand the content of the ISO/IEC 27000 series and how to apply it in the planning, implementation, and evaluation of cybersecurity management. You will learn to select and implement security management measures across various areas and manage security risks systematically and effectively. The course equips you with the skills to develop and use security metrics and reporting, and to prepare for security audits and certifications.
The course deals with the concepts, principles, standards, methods and tools of cyber security and their application to practical situations. The course particularly looks into the ISO 27000 standard, which is an international reference framework for information security management systems.
The ISO2700x family of standards and other related frameworks
Cyber security management system and requirements (management commitment, context definition, policy formulation, role and responsibilities definition, risk assessment and handling, goal setting, resource acquisition, operational planning and implementation, performance evaluation, continuous improvement)
Management of configurations, management of events, management of protected objects, management of threats and management of risks
Qualifications
Cyber Security
Assessment criteria, satisfactory (1)
Sufficient 1
The student is able to understand the significance and content of cyber security related to some service processes to some extent. The student is able to design some management processes for a data secure service in a group when instructed.
Satisfactory 2
The student is able to understand the main parts of the significance and content of cyber security in the context of some key service processes. The student is able to design some of the most essential cyber-secure service management processes in a group.
Assessment criteria, good (3)
Good 3
The student is able to understand the significance and content of cyber security in the most common service management context. The student is able to design in a group the management of a cyber secure service with its most essential parts including the most important processes.
Very good 4
The student is able to understand the significance and content of cyber security in the service management context. The student is able to design the management of a cyber secure service with all necessary parts. The student reflects on their learning.
Assessment criteria, excellent (5)
Excellent 5
The student is able to understand the significance and content of cyber security extensively in the context of service management. The student is able to design a concept for cyber secure service management considering all its essential parts with almost no guidance. The student reflects on their learning realistically.