Admission only after intake, see https://www.csacademy.nl/en/education/master-s-programmes/executive-master-s-programme-cyber-security
Cyber security issues are conceptualized as risk management problems, both in academia and in the public and private sector. By identifying which risks play a role in making cyberspace insecure, and assessing the likelihood and impact of these risks, we can gain a better understanding of the cybersecurity challenges we face, and we can improve our detection, prevention and mitigation techniques, or so the common reasoning goes. The risk management paradigm was first developed in the middle of the twentieth century in a field that has collectively come to be known as ‘Safety Science’. This engineering-driven field has contributed greatly to increasing the safety of e.g. industrial plants, airplanes, cars, hospitals, workplaces and so on and so forth. Risk management is the main approach to risk that was developed to bring this about.
Due to its success in making the world a safer place, risk management has gradually come to be a dominant lens in all areas of life where risks play a role. Its core tenets, of identifying and assessing risks using models and calculations with respect to the likelihood and impact of risks has, in fact, become the dominant way of thinking about risks in our modern world. As the collective perception suggests that we are currently living in a ‘risk society’, in which risks have become ubiquitous, this provides risk management with a truly vast reach indeed. Researchers far beyond the realm of Safety Science now use risk management to study risks. Governments have embraced risk management as a key asset to prioritize decision-making on public policy issues. And businesses use risk management as a core business strategy.
However, in recent years some scientists have started questioning whether risk management is in fact a suitable tool for any and all risks. Maybe some forms of risk, especially those that are generated intentionally by human beings (as is the case, e.g. in terrorism or criminal activities) cannot be ‘modelled’ adequately. Maybe for these types of risk, risk management is less suitable as an approach.
In the field of cybersecurity risk management still has an unchallenged status. However, in light of the fact that cybersecurity incidents are often instigated willfully by human beings (hackers, cybercriminals, state actors) it may seem wise to question this unchallenged status. Are cybersecurity risks similar to terrorist threats? And if this is the case, should we not study them using other risk approaches rather than risk management – or better yet: should we not complement our risk management approach in cybersecurity with risk approaches as these are commonly used in other scientific fields, most notably in the social sciences?
This course complements the second course of this Executive Master program, in which students have learnt about risk management approaches to cybersecurity, in two senses:
It helps students understand what the strengths and limitations of the risk management paradigm are, and when it is and is not a suitable approach for cybersecurity challenges;
It provides students with a broader understanding of ‘risk’, as conceived in the social sciences.
In order to help students find their footing with respect to a ‘social science approach to cybersecurity’ the course will start with a broad introduction into the social sciences, explaining the underlying worldviews and the topics these sciences focus on. Next, students will be guided through as critical appraisal of risk management as the dominant approach to risk in our modern times. In the second half of the course, a selection of guest lecturers will showcase their social science research in the field of cybersecurity, and the course lecturer will help students reflect on the conceptualizations of risk that are embedded in their work.
Basic understanding of the worldviews, lenses, and key areas of focus of the social sciences, with a special focus on sociology, public administration/governance and law;
Basic understanding of the ways in which these worldviews diverge from those in the natural sciences (with a focus on engineering), and the impact this has on the questions that are central to the social sciences and the methods and approaches used;
Advanced understanding of the strengths and weaknesses of risk management as a ‘one size fits all approach’ to any and all forms of risk;
Advanced understanding of the perceptions of, and theoretical/empirical approaches to risk in the social sciences, with a focus on sociology, public administration/governance, and law);
Advanced understanding of the relevance of various social sciences (with a focus on sociology, public administration/governance, and law) for cybersecurity;
Advanced understanding of the perceptions of, and theoretical/empirical approaches to understanding human behaviour in cyberspace, with a special focus on cybersecurity.
7 days from 9.30 until 17.00 in May and June 2019
Mode of instruction
Lectures, seminars, exercises, class discussion
prof.dr. Bibi van den Berg, a team of guest lecturers who will showcase their empirical/theoretical social science research on cybersecurity
Midterm exam (25%), final exam (75%).
Weighted average of Final Exam (75%) and Midterm exam (25%)
No compensation is possible for assignments of 30% or more. Only assessments with a weight under 30% are compensable. This means that one does not have to pass an assessment if it weighs less than 30% in order to pass the course, if the average of all assessments combined is at least a 5.5. In addition, assignments with less than 30% are not re-sitable, meaning that if one failed an assessment of less than 30%, one is not allowed to redo it.
Yes, for posting slides of lectures and relevant literature
Compulsory literature and literature for further consultation will be announced via Blackboard
No registration is required for lectures and exams.
Registration Studeren à la carte and Contractonderwijs