Hogeschool West-Vlaanderen
Howest Brugge
Rijselstraat 5 - 8200 Brugge
Tel: 050 38 12 77 - Fax : 050 38 11 71
studentadmin@howest.be - website: www.howest.be
Security Management, Threat and Risk Assesment13514/1553/2223/1/95
Study guide

Security Management, Threat and Risk Assesment

13514/1553/2223/1/95
Academic year 2022-23
Is found in:
  • Bachelor of Applied Computer Science, programme stage 5
This is a single course unit.
Study load: 3 credits
Total study time: 75,00 hours
Re-sit exam: is possible.
It is not possible to enrol in this course unit under
  • exam contract (to obtain a credit).
  • exam contract (to obtain a degree).
Co-ordinator: Galle Johan
Language course: No
Languages: English

Prerequisites

having finished at least 30 ects credits in programme part (year) 1 AND having finished at least 30 ects credits in programme part (year) 2 AND having finished at least 30 ects credits in programme part (year) 3 AND being enrolled for at least 30 ects credits in programme part (year) 4.

Goals

Knowledge/Insight
The student classifies different pre-processing methods and their applications
The student describes the origin or intent of best practices, templates & frameworks

Apply
The student evaluates the proposes information security measures of an IT system or solution

Integrate (simple)
The student chooses the appropriate storage format and technology for storing data
The student systematically uses the correct methods, technology & tools according to best practices, within the given company context
The student evaluates the consequences of deontological choices made during design and implementation of an IT solution in its impact with the solution, end user, customer, company and society

Content

Requirements and risk management

System model
Security objectives
Risk assessment

Threats: attacker model

Attack patterns: CAPEC, MAEC, ...
Threat modeling: STRIDE-LM, LINDDUN, DREAD, ...
Threat intelligence: Pyramid of pain, Lockheed Martin Kill chain, Diamond, ATT&CK (incl ICS), CAR, CAPEC, CWE, CVE, OWASP, ...

Mitigations: Defense model

Security controls
Security and data protection by design
Incident response

Compliance and governance

Frameworks: ISO 27K, COBIT, COBIT Risk, COBIT Information Security, NIST SP 800.53, NIST CSF, CMMI, CIS, PCI DSS, ...
Legal: GDPR, LED, NIS, EIDAS, E-privacy, EU cybersecurity act, PSD2, PNR, ...
Security organisation and conclusions

Case study

Threat identification (information security and data protection)
Threat risk assessment
Controls

Study materials

FilmMandatory
Lecturer's courseMandatory
TutorialsMandatory
Mandatory
  • Author: Microsoft
  • Publisher: Microsoft
  • Edition: Recentste versie

Learning outcomes

PBATI02: The professional bachelor ACS critically collects, interprets and converts process and data information, stores these and puts these at the disposal, so that they can be retrieved in a correct and efficient way.
CodeDescription
PBATI02The professional bachelor ACS critically collects, interprets and converts process and data information, stores these and puts these at the disposal, so that they can be retrieved in a correct and efficient way.
PBATI05: The professional bachelor ACS acts in a deontological and socially responsible way, in accordance with the company and organisation context, regulations, best practices and strategies in the national and international IT domain on the basis of his own views and knowledge.
CodeDescription
PBATI05The professional bachelor ACS acts in a deontological and socially responsible way, in accordance with the company and organisation context, regulations, best practices and strategies in the national and international IT domain on the basis of his own views and knowledge.
PBATI07: The professional bachelor ACS gives advice to the principal about IT solutions, products, services and technologies for several domains and/or branches.
CodeDescription
PBATI07The professional bachelor ACS gives advice to the principal about IT solutions, products, services and technologies for several domains and/or branches.
PBATI11: The professional bachelor ACS supports change processes in organisations on initial use of IT solutions.
CodeDescription
PBATI11The professional bachelor ACS supports change processes in organisations on initial use of IT solutions.

Evaluation

Evaluation(s) for first exam chance
MomentForm%Remark
exam period 1 (1st sem) (regular exam schedule)exam: written50,00
exam period 1 (outside exam schedule)assignment: written50,00
Evaluation(s) for re-sit exam
MomentForm%Remark
exam period 3 (august/september) (regular exam schedule)exam: written50,00
exam period 3 (outside exam schedule)assignment: written50,00