XBUS-600 Making the Business Case for Cybersecurity

Despite the growing threat of cyber attacks, many organizations lack a unified and consistent strategy to avoid, mitigate, and manage cyber risks. The first part of the course examines the business case for building a cybersecurity strategy, including the resources, obstacles, and stakeholders involved. The course also considers the differences in strategy between small, resource-challenged organizations and large, resource-rich organizations. The second part of the course provides students with an introduction to the field of cybersecurity. The primary focus will be on the fundamental definitions, principles, and concepts of cyber security, including the current state of the field nationally and globally; confidentiality, integrity & availability; threat, vulnerability & risk; risk reduction, transfer, avoidance, & acceptance; deterrent, preventative, corrective, & detective controls; security models; access control; authentication and authorization; non-repudiation; defense-in-depth; security by design; and separation of privilege & duties.

Course Objectives

Upon completion of this course, students will be able to:

• Build the business case for a cybersecurity strategy regardless of an organization’s size and resources
• Understand the key models and concepts of cybersecurity
• Approach cybersecurity issues systematically
• Articulate the tradeoffs inherent in many cybersecurity decisions
• Describe the role of the ISO