Credits: 5EC
Prerequisites: None
Motivation: The challenge of selecting the optimal technical, organisational, legal, and other preventive and repressive measures to reduce cyber risks to acceptable levels can only be understood in the context of the application of Cyber Risk Management. Risk Management is about analysing the relationships between threats, incidents and risks (here in the complex world of cyberspace), based on which an adequate set of countermeasures can be designed.
Synopsis: Risk (= the potential lo loosing something of value) can manifest itself in cyberspace in all kinds of ways: values at stake are financial wealth, health, physical condition (of people, materials, goods, infrastruc-tures, etc.), well-being, reputation, privacy, trust, etc.
Based on a conceptualisation of cyberspace and its various sub-domains (discussed in the project week of year 1), we introduce risk assessment approaches, both of qualitative and quantitative manner, illustrated with case studies, a.o., related to a set of well-known real-world cyber security incidents. In addition, technical and non-technical cyber risk mitigation strategies are being introduced and discussed.
Aim: To obtain knowledge, understanding and skills with respect to
- Cyber risk assessment methods of (complex, multi-step) cyber incidents, possibly with cascading effects
- Preventive measures that help to prevent the occurrence of cyber incidents
- The fundamentals of repressive measures (detecting incidents in-time and reducing their impact)
- Balancing the various human values at stake, including the balance between privacy and security, primarily from a governmental (macro-level) perspective
Learning outcomes: The student will acquire:
- A sound understanding of the theoretical principles of cyber risk management
- An understanding of the weaknesses and strengths of current risk management standards
- Skills in applying state of the art cyber risk management methods
- Insights into the cause and effects of high profile incidents
- Ability to justify investments in cyber security
Lecturers: Prof. Dr. Pieter van Gelder (TUD)
Examination: There is a written exam at the end of the course.
Contents: Cyberspace and its various sub-domains and layers (recap); dependencies on IT and related risks; diginotar, Stuxnet, KPN-hack, and other big cyber incidents; bowtie model, vulnerabilities, barriers; cyber threats; fault and attack trees; APTs; cyber incidents; impact scenarios and cascading effects; cyber risks of all kinds expressed in the loss of various values; risk metrics; prioritization of risks; security-by-design principles; principles of technical preventative measures (IAA principles, mechanisms & tools; software quality; architectural decomposition; redundancy; firewalls, scanning tools; predictive analytics) and non-technical preventative measures (risk policies, organisation-wise, awareness training); fundamentals of technical repressive measures (monitoring & analytics, data & information sharing tools, IDS; SOCs) and non-technical repressive measures (disaster recovery and crisis management); cyber security as societal problem, nationally and internationally (institutional arrangements); cyber security standards (and their current shortcomings);
Core text: Various papers from the literature.