Master Class Cyber Security Management

Start date: 16 May 2024

• 16-17 May 2024
• 30-31 May 2024
• 20-21 June 2024

Thursdays: 14h00-22h00, incl. dinner
Fridays: 09h00-17h00 incl. lunch.

Module 1: Understanding the strategic context

This module discusses the broader organizational context of information security and provides a pragmatic approach to align the cyber security strategy to the organization’s strategic goals. Related governance, legal and compliancy aspects will be covered as well as the economics of information security.

• Information Security and Business & IT alignment, Critical Success Factors;
• Enterprise Risk Management – Risk Standards (ISO/ISF);
• Corporate Social Responsibility;
• Impact analysis;
• Economics of information security – The Security Balanced Scorecard.

Module 2: Translating the information security strategy into action

In this module participants will learn how to build and to execute a short, mid and long-term information security program. Participants will learn how to develop a professional information security management system for their organization. The curriculum includes identifying all the relevant information security risks, achieving management approval to launch the security initiative and monitoring the results through a project-based approach.

• How to determine your organization’s biggest threats and risk;
• How to develop and promote Cyber Security Awareness within your organization;
• Information Security Governance: organization, management, responsibilities, reporting;
• Program Development and Management;
• Incident Management and Response.

Module 3: Understanding and maintaining operational aspects of cyber security management

This module addresses all operational matters related to cyber security management, including questions such as how to keep cyber security on the executive agenda and how to measure, to control and to report information security within the predefined requirements and agreements. In addition, this module explores new security management challenges caused by new technological developments (e.g. automation, CI/CD, blockchain) and legal regulations (e.g. GDPR).

• Cyber security and Infrastructure;
• IT-security frameworks;
• NIST IT-security;
• Technical Risk Assessment;
• IT-continuity management;
• Disaster recovery;
• How to organize yourself during a cyber security breach: Crisis Business Game.

After attending this program, participants have further developed their professional skills:

• Cyber Security Management: develop, implement and manage information security & risk management strategies and policies tailored to the specific needs of the organization;
• Cyber Security Architecture: develop information security and risk management processes, embedding them in related corporate processes and associated technology and behavior in order to guarantee good corporate governance;
• Cyber Security Awareness: raise organization-wide cyber security awareness in terms of information vulnerabilities and decide on information security measures and metrics;
• Cyber Security Coordination: facilitate constructive collaboration between business requirements and technical information security experts in order to harmonize policies, operational activities and IT security aspects;
• Cyber Security Leadership: create a risk-aware culture with associated ownership for business as well as IT. Develop, explain, and execute the necessary improvements on people behavior, process and technology and adjust those taking into account all legal, business, society and human related aspects.

Our experienced faculty will coach and assist you during this program. All of them have an academic career (master, PhD or DBA) and international experience in terms of career, research, project management, advisory boards and/or consulting. Many of them have published about their practice-based research, business cases and management experiences. Our faculty are experts in executive education, tailor-made programs and business consultancy.