CS8803 Enterprise Cybersecurity Management

Georgia Institute of Technology

Course Information

Course Delivery

In-person and OMS

Description

This course is intended for students with an interest in designing and leading cybersecurity organizations or operating in functions that need to work closely with security teams. Beginning with a focus on strategy and guiding principles, the course then moves into organizational structure and specific roles and duties required to address the cybersecurity needs of different organizations. Core concepts of risk management are introduced and used to frame modules on cyber risk management and oversight. Finally, cyber risk governance is studied with a focus on both internal oversight structures and Board-level interaction.

Prerequisites

none

Instructor and TA Information

Instructor Information

Name: Jerry Perullo

Office Location: TBD

Office Hours: TBD

Email: perulloz@ngatech.edu

Grading

Overview

Participation

Participation will include:

• Attendance
• Participation in surveys (answers will not be scored, but simple pass/fail participation will)
• Demonstrating engagement and interest when called on or asking questions in class

Grading Scale

Your final grade will be assigned as a letter grade according to the following scale:

A        90-100%

B        80-89%

C        70-79%

D        60-69%

F        0-59%

Pass/Fail

My information on pass/fail is limited to the public link below, so be sure you understand any implications. That said, from my point of view I approve you selecting pass/fail more and for a passing mark I'll require the equivalent grade of a 60/100 or better, which should be easy to accomplish. I'd thus recommend taking the exams and submitting the case studies, but you can calculate your grade and determine if omitting any case study or exam is mathematically inconsequential, in which case I would harbor absolutely zero resentment for you skipping it!

https://catalog.gatech.edu/policies/grading-gpa/pass-fail-system-rules/

Course Goals and Outcomes

Upon successful completion of this course, students will be able to:

1. Identify the key components of an enterprise Cybersecurity Strategy
2. Identify the 10 Threat Objectives and map recent cybersecurity events to the corresponding adversary objective
3. Propose an organizational model for an information security department
4. Identify the core components of risk triage and rating
5. Recognize the components of prevailing cybersecurity legislation and regulation
6. Identify key methodologies and outcomes for successful application security assessment and red team testing
7. Propose an internal governance structure for an enterprise security program
8. Identify the top goals and outcomes for Board-level cybersecurity oversight

Reading Material

Selected online readings

Exam Policy:

There will be three in-class exams, as indicated above. The final exam will be given at the scheduled time during exam week. Cell phones, laptops and other electronic items must be turned off and placed in a container such as a backpack or purse such that they are inaccessible to you during exams unless specified otherwise. Students registered with Disability Testing Services (DTS) may opt to take their exams at DTS rather than in the classroom, provided sufficient advance notice is given.

Office of Disability Statement:

Georgia Tech is committed to a climate of mutual respect and full participation. Our goal is to create learning environments that are usable, equitable, inclusive and welcoming. If there are aspects of this course that result in barriers to your learning or accurate assessment thereof, please notify me as soon as possible. Students with disabilities should contact the Office of Disability Services to discuss options for all relevant accommodations. ODS can be reached at 404 894 2563, dsinfo@gatech.edu, or disabilityservices.gatech.edu .

Academic Honor Code:

Students are expected to act according to the highest ethical standards. Academic misconduct is any act which does or could improperly distort student grades or other student academic records. Such acts include but are not limited to the following:

•  Unauthorized Access: Possessing, using, or exchanging improperly acquired written, verbal or digital information in the preparation of a problem set, laboratory report, essay, examination, or other academic assignment.
• Unauthorized Collaboration: Unauthorized interaction with another Student or Students in the fulfillment of academic requirements.
• Plagiarism: Submission of material that is wholly or substantially identical to that created or published by another person or persons, without adequate credit notations indicating the authorship.
• False Claims of Performance: False claims for work that has been submitted by a Student.
• Deliberate Falsification: Deliberate falsification of a written or verbal statement of fact to a Faculty member and/or Institute Official, so as to obtain unearned academic credit.
• Forgery: Forgery, alteration, or misuse of any Institute document relating to the academic status of the Student.
•  Distortion: Any act that distorts or could distort grades or other academic records.

Institute Absence Policy:

All students are expected to attend class and final examinations. Although it is recognized that occasionally it may be necessary for students to be absent from scheduled classes or laboratories for personal reasons, students are responsible for all material covered in their absences, and they are responsible for the academic consequences of their absences. Students should discuss planned absences with me as soon as possible after the beginning of an academic term. When prior notice of absence is given, or in cases of sickness-related absence, late work will be accepted for full credit if submitted within a reasonable time frame.

Communications:

Verbal notices may be given in class. It is your responsibility to obtain this information in class. If you are not present, you must get this information from other students. Notices and other communications may also be delivered via email or Canvas; read your email and check Canvas regularly.

Topical Outline