nl en

Cyber Risk Management


Admission requirements

Admission only after intake, see the website of the Cyber Security Academy


Getting an understanding of the complexity and multi-nature of cyberspace and cyber risks:

  • Cyber risk management concepts and definitions

  • Approaches for cyber risks assessment and their limitations

  • Models and metrics for cyber risk assessment and treatment

  • Motives and incentives underlying cyber attacks

  • Technical and non-technical means to execute cyber attacks

  • Cyber risk mitigation approaches

  • Vulnerabilities in the defense against cyber attacks

  • Risk analysis of (big) cyber incidents

  • Towards acceptable cyber risk levels

Course objectives

Participants have:

  • Basic understanding & knowledge on existing (safety- and security-related) risks and risks analysis approaches and their applicability (for analyzing cyber risks).

  • Understanding of cyber attacks (including technical aspects as well as motives and incentives) and effectiveness of cyber defense mechanisms and tools.

Participants are able to:

  • Understand cyber risk as a key concept to describe and establish a secure cyberspace.

  • Describe characteristic risk management processes and activities.

  • Identify, analyze and evaluate cyber risk factors and cyber risks in different situations and domains.

  • Select and describe appropriate risk mitigation approaches as treatment of assessed cyber risks.

  • Understand the complexity and multi-nature of cyber risk by the analysis of infamous cyber security incidents

  • Understand the various dilemmas and constraints underlying cyber security

  • Understand the limitations of cyber risk assessment and mitigation

  • Discuss tactic and strategic issues related to (technical and governance) cyber risk identification & quantification questions with relevant stakeholders


7 days from 9.30 until 17.00 in March, April and May 2019.

Mode of instruction

Lectures, seminars, exercises, class discussion
Lecturers: dr. Pieter Burghouwt (HHS), Prof.dr. Jan van den Berg, dr.Jan van der Lubbe (TUD), and others.

Course Load

5 EC

Assessment method

Assignments (60%), written exam (40%).

No compensation is possible for assignments of 30% or more. Only assessments with a weight under 30% are compensable. This means that one does not have to pass an assessment if it weighs less than 30% in order to pass the course, if the average of all assessments combined is at least a 5.5. In addition, assignments with less than 30% are not resitable, meaning that if one failed an assessment of less than 30%, one is not allowed to redo it.


Yes, for posting slides of lectures, relevant literature and assignments.

Reading list

Compulsory literature and literature for further consultation will be announced via Blackboard.


No registration is required for lectures and exams.


Dr. Pieter Burghouwt Drs. Mireille Snels, programme manager


For more information see website of the Cyber Security Academy.