This NSA granted curriculum development project focuses on two security areas: Enterprise Risk and Mobile Security.
Motivation and Background
With the rapidly increasing role of technology in society and the increasing cybersecurity threat, industry and government have a great need to scale cybersecurity leadership and governance. In turn, there is a great need for educators to scale cybersecurity leadership and governance education and training.
Design
The courses are multidisciplinary, covering leadership and management, technical and engineering and policy.
Course I: Enterprise Risk Management and Cybersecurity Governance
The course provides an introduction and overview of the changing nature of cybersecurity risk management and cybersecurity governance.
Main Topics
- Technology Innovation, Adoption and the Changing Nature of Cybersecurity Risk
- Enterprise Risk Management, Cybersecurity Governance and Cybersecurity Strategy
- Legal and Compliance Landscape
- Roles of Boards and CISOs
- Benchmarking, Information Asset Classification and Developing a Consensus of Cybersecurity Risks
- Developing a Cybersecurity Strategy and Risk Mitigation Program
- Enterprise Risk and Cybersecurity Frameworks
- Role and Considerations for Cybersecurity Insurance
Learning Outcomes
- Describe the cybersecurity risks resulting from new and rapidly developing technologies such as IoT, Cloud and mobile and analyze and describe the changing nature of the cybersecurity threat
- Explain the complementary roles of enterprise risk management, cybersecurity governance and cybersecurity strategy
- Discuss the evolving role of Boards and executive committees in enterprise risk management and cybersecurity and the evolving role of the CISO
- Analyze cybersecurity governance in recent major cybersecurity compromises such as OPM
- Apply cybersecurity lifecycle and the elements of identify, protect, detect, respond and recover
- Outline the process and considerations for developing a cybersecurity strategy and risk mitigation program including benchmarking and information asset classification
Course II: Mobile Cybersecurity Management
This course provides an introduction and overview of the rapidly changing enterprise mobility environment, associated cybersecurity risks and approaches for developing a mobile cybersecurity strategy.
Main Topics
- Mobility and Organization Strategy
- The Changing Landscape of Mobile Technologies -from Smart Phones and Tablets to IoT
- Mobile Policies and BYOD
- Leadership and Governance for Mobile Security
- Rapidly Evolving Mobile Device Management Technologies
- Mobile Life Cycle Management
- Cybersecurity Risk Framework and Mobile
Learning Outcomes
- Understand the evolving nature and capability of mobile technologies
- Understand mobile security risk including endpoint, network and process/policy
- Evaluate mobile cybersecurity policy and BYOD alternatives in light of organization’s cyber strategy
- Understand and evaluate new mobile device management technologies
- Understand and apply the mobile device life cycle to mobile strategy
- Outline the process and considerations and apply to developing a mobile cybersecurity strategy
Contacts
Dr. J.P. Auffret
jauffret@gmu.edu
703-993-5641