April 27, 2018

Cybersecurity on Enterprise Risk and Mobile Security

This NSA granted curriculum development project focuses on two security areas: Enterprise Risk and Mobile Security.

Motivation and Background
With the rapidly increasing role of technology in society and the  increasing cybersecurity threat,  industry and government have a great need to scale cybersecurity leadership and governance.  In turn, there is a great need for educators to scale cybersecurity leadership and governance education and training.

Design
The courses are multidisciplinary, covering leadership and management, technical and engineering and policy.

 

Course I: Enterprise Risk Management and Cybersecurity Governance

The course provides an introduction and overview of the changing nature of cybersecurity risk management and cybersecurity governance.

Main Topics

  • Technology Innovation, Adoption and the Changing Nature of Cybersecurity Risk
  • Enterprise Risk Management, Cybersecurity Governance and Cybersecurity Strategy
  • Legal and Compliance Landscape
  • Roles of Boards and CISOs
  • Benchmarking, Information Asset Classification and Developing a Consensus of Cybersecurity Risks
  • Developing a Cybersecurity Strategy and Risk Mitigation Program
  • Enterprise Risk and Cybersecurity Frameworks
  • Role and Considerations for Cybersecurity Insurance

Learning Outcomes

  • Describe the cybersecurity risks resulting from new and rapidly developing technologies such as IoT, Cloud and mobile and analyze and describe the changing nature of the cybersecurity threat
  • Explain the complementary roles of enterprise risk management, cybersecurity governance and cybersecurity strategy
  • Discuss the evolving role of Boards and executive committees in enterprise risk management and cybersecurity and the evolving role of the CISO
  • Analyze cybersecurity governance in recent major cybersecurity compromises such as OPM
  • Apply cybersecurity lifecycle and the elements of identify, protect, detect, respond and recover
  • Outline the process and considerations for developing a cybersecurity strategy and risk mitigation program including benchmarking and information asset classification

Course II: Mobile Cybersecurity Management

This course provides an introduction and overview of the rapidly changing enterprise mobility environment, associated cybersecurity risks and approaches for developing a mobile cybersecurity strategy.

Main Topics

  • Mobility and Organization Strategy
  • The Changing Landscape of Mobile Technologies -from Smart Phones and Tablets to IoT
  • Mobile Policies and BYOD
  • Leadership and Governance for Mobile Security
  • Rapidly Evolving Mobile Device Management Technologies
  • Mobile Life Cycle Management
  • Cybersecurity Risk Framework and Mobile

Learning Outcomes

  • Understand the evolving nature and capability of mobile technologies
  • Understand mobile security risk including endpoint, network and process/policy
  • Evaluate mobile cybersecurity policy and BYOD alternatives in light of organization’s cyber strategy
  • Understand and evaluate new mobile device management technologies
  • Understand and apply the mobile device life cycle to mobile strategy
  • Outline the process and considerations and apply to developing a mobile cybersecurity strategy

 

Contacts

Dr. J.P. Auffret

jauffret@gmu.edu

703-993-5641