Admission requirements
We expect (but not demand) that the students have prior knowledge about basics of ICT security and IT systems. To support students without this background, additional readings will be provided.
Description
If you ask the modern CIO what keeps him awake at night, You expect that next to profit and innovation, ICT security will invariably be in his top-3 of worries.
This course is NOT a technical course (of all 6 course blocks, only one block is “technical”).
It aims at providing the student in a future role of CIO or ICT consultant with enough knowledge to:
Understand the full scope of ICT security;
Find links to, and explanation of associated existing ICT security guidelines and frameworks;
Set up a proper, comprehensive security function within a company (what, why, who);
Know how attacks can occur, and how to prevent (pro-active) and manage (re-active) them;
How to deal with the “human factor” within ICT security.
In order to do so, this course will be conducted by several lecturers, all of which have extensive hands-on knowledge AND experience in dealing with the set-up of ICT security, and the handling of incidents.
The course is intended to be highly interactive.
Course objectives
At the end of the course, students are able to:
perform an attack analysis, which consists of a root-cause analysis and a mapping to the MITRE ATT&CK Enterprise Framework;
assess and establish the attacker’s profile, based on a given (realistic) case;
perform an impact analysis of a concrete incident, separated in long and short term impact, and accounting for all types of losses, including monetary, reputational, etc.;
develop a short and long term security strategy to overcome a given incident and prevent future occurrences, based on concrete countermeasures’ proposal, formulated in a SMART way;
perform a cost-benefit analysis of proposed countermeasures, in the context of a security strategy;
design and perform a presentation on a relevant Cyber Security topic.
Timetable
In MyTimetable, you can find all course and programme schedules, allowing you to create your personal timetable. Activities for which you have enrolled via MyStudyMap will automatically appear in your timetable.
Additionally, you can easily link MyTimetable to a calendar app on your phone, and schedule changes will be automatically updated in your calendar. You can also choose to receive email notifications about schedule changes. You can enable notifications in Settings after logging in.
Questions? Watch the video, read the instructions, or contact the ISSC helpdesk.
Note: Joint Degree students from Leiden/Delft need to combine information from both the Leiden and Delft MyTimetables to see a complete schedule. This video explains how to do it.
Mode of instruction
Presentations by hands-on ICT security specialists;
Presentations by lecturers specialized in the latest cyber security topics;
Discussions with these expert lecturers.
“Learn from each other”: mini-lectures from student to student on assigned security-related subjects.
This is very much a “listen to, learn from and discuss with the experts” kind of course; not so much a “study the books” one.
So skipping lectures is NOT recommended, as catching up through reading will be largely impossible.
Course load
6 lecture blocks (12 hours) including:
1 general overview block;
1 technical block (e.g., on encryption and network security);
3 blocks by experts on, e.g., attack methods, associated defenses, security organization and management, data protection, risk management;
1 block with “learn from each other” 10-minute student-to-student presentations on assigned ICT security subjects.
The invited lecture topics will be confirmed right before the course starts.
Individual and group work (72 hours) on assignments.
Assessment method
There is no exam. The final grade consists of the following components:
Presence/participation: 20%
“Learn from each other” student-to-student presentations: 30%.
Written assignment (paper): 50%. In this assignment, an actual successful attack on a company needs to be analyzed, with the student taking on the role of a security consultant that advises the attacked company.
The minimum final grade to pass the course is 5.5.
The final report is re-takeable, but it is graded with a 20% penalty. A report that is delivered beyond the deadline, is considered a re-take.
The presentations are not re-takeable.
The teacher will inform the students how the inspection of and follow-up discussion of the exams will take place.
Reading list
Will be provided throughout the course on Brighspace.
Registration
As a student, you are responsible for enrolling on time through MyStudyMap.
In this short video, you can see step-by-step how to enrol for courses in MyStudyMap.
Extensive information about the operation of MyStudyMap can be found here.
There are two enrolment periods per year:
Enrolment for the fall opens in July
Enrolment for the spring opens in December
See this page for more information about deadlines and enrolling for courses and exams.
Note:
It is mandatory to enrol for all activities of a course that you are going to follow.
Your enrolment is only complete when you submit your course planning in the ‘Ready for enrolment’ tab by clicking ‘Send’.
Not being enrolled for an exam/resit means that you are not allowed to participate in the exam/resit.
Contact
Programme Co-ordinator: ms. Esme Caubo
Remarks
There is only limited capacity for external students. Please contact the programme Co-ordinator
Software
Starting from the 2024/2025 academic year, the Faculty of Science will use the software distribution platform Academic Software. Through this platform, you can access the software needed for specific courses in your studies. For some software, your laptop must meet certain system requirements, which will be specified with the software. It is important to install the software before the start of the course. More information about the laptop requirements can be found on the student website.