With the development of information and communications networks and the advanced use of information and communications technology, represented by the Internet, threats to cybersecurity are becoming more serious. Cyber attacks continue to have a significant impact on society, and the damage to society caused by the leakage of personal information and the leakage of intellectual property by attacks is immense. Despite the importance of cybersecurity, there is still a significant shortage of human resources.
In response to these social demands, Tokyo Institute of Technology established the Cybersecurity Special Program in April 2016. This special training program on cybersecurity will provide students with practical knowledge on cybersecurity through collaboration with Rakuten, NTT, AIST, and the Cabinet Cybersecurity Center, as well as with knowledge on the theoretical background by utilizing the strengths of the theoretical field, which is characteristic of the information and communications field at Tokyo Tech. The curriculum is centered around six subjects: Cybersecurity Overview (1Q, 2-0-0), Cybersecurity Cryptography (3Q, 2-0-0), Cybersecurity Governance (3 Q, 1 -1 - 0), Cybersecurity Attack and Defense First (2Q, 1 -1 - 0), Cybersecurity Attack and Defense Second (3 Q, 1 -1 - 0), and Cybersecurity Attack and Defense Third (4 Q, 1 -1 - 0).
In this lecture, you will understand the basic framework of management measures related to information security and learn how to conduct corporate governance with security in mind.
By completing this lecture, the following are understood and the way of thinking is acquired.
1)You will understand the management framework for information security
2)You will be able to understand the specific security measures for corporate governance
3)You will be able to plan for information security
4)You will be able to make recommendations, support and report to management.
✔ Applicable | How instructors' work experience benefits the course |
---|---|
I will talk about more practical management based on my experience in information security management in the private sector and my experience as an inspector in a government agency. Let's think about what the CISO should be and what the staff supporting the CISO should do together. |
security, information security, cybersecurity, governance, incident response, risk control, IoT
✔ Specialist skills | ✔ Intercultural skills | ✔ Communication skills | ✔ Critical thinking skills | ✔ Practical and/or problem-solving skills |
✔ Acquire the broad knowledge and perspective required to manage information security related to organizational controls. |
Classes will be advanced through lectures and dialogues, related exercises.
Course schedule | Required learning | |
---|---|---|
Class 1 | Orientation, basic idea of information security management. | Understanding security management framework. |
Class 2 | Information security concerning government agencies. Cybersecurity and national security. | Understand Japan's cybersecurity strategy. Understand the relationship between cybersecurity and national security. |
Class 3 | Organization/structure/rules for information security management, employee management and education and training. Psychological factors in information security management. | Understand internal controls, organizational operations, legal rules and required skills. Understand psychological factors in information security management. |
Class 4 | Information security management of information assets · facilities and environments. | Understanding controls and guidelines. |
Class 5 | Network security management, information security systemization. | Understand the essentials of managing network security. Understand how to use support systems and tools. |
Class 6 | Risk assessment, information security audit. | Understanding risk control. |
Class 7 | Information security management of group companies and overseas bases. Information security management and personnel labor, information security and public relations. Understand organizational behavior, stakeholder, risk communication. | Understanding corporate governance. |
Class 8 | Overview of regulations on information security, various problems of industry type and business type. | Understand the regulations on business law, information security issues specific to industry type / business type. |
Class 9 | Information security of control system, information security of embedded systems. | Understanding IoT, Industrial equipment. |
Class 10 | Responding and managing information security incidents. | Understanding incident handling. |
Class 11 | Case Study. | Understand cyber security governance by taking examples of information leakage cases as an example. Understand what people and organizations were doing until the worst happens, why people and organizations misjudge. |
Class 12 | Formulation of an information security response plan and preparation of a request specification for outsourcing. | Understanding planning, procurement. |
Class 13 | Information security for educational and research institutions, information security as a career, and the qualities and abilities required of CISO. | Understand the expected roles and career development of researchers and engineers. Understand the qualifications and capabilities required for CISO. |
Class 14 | Completion presentation. | Students will be given a presentation to demonstrate their progress in this class. If there are many students in this class, it may be changed to a report. In either case, the criteria are shown as a rubric. |
In order to obtain a higher level of learning effect, it is recommended that the participants refer to the relevant parts of the handouts, reference books, etc., and prepare for and review the course content for approximately 100 minutes.
Textbooks will not be used in this course.
References will be announced in the classes.
The evaluation method is a simple multiple-choice quiz to check the level of understanding of the class. Next, evaluate the presentation or report to be delivered at the time of completion. Attendance and participation — positive, constructive, and listening — should also be considered. These factors are combined for a comprehensive evaluation.
There are no required knowledge, skills, or completed courses, but if you have knowledge of basic computer science concepts and networks, you will be able to understand the course content more smoothly.
keisuke[at]is.titech.ac.jp
Appointment by e-mail is required.