On the basis of
Basics in awareness and risk management
Expected learning outcomes
The student is expected to have insight into:
- Corporate organizations and policies, and how the security is embedded into organization, processes and corporate documentation framework.
- Practical awareness and the ability to plan a corporate awareness campaign.
- Security culture and its meaning for corporations.
- Security planning in an unfriendly environment.
- Security strategy, security innovation process and its implementation.
- an understanding and exercising of presentations in front of management: The student nows, how to argue for and who to sell security.
- The candidate will have a sound knowledge of corporate organizations and policies, and how the security is embedded into organization, processes and corporate documentation framework.
- The candidate possesses thorough knowledge of practical awareness and the ability to plan a corporate awareness campaign
- The candidate knows about security culture and means to measure and change the culture.
- The candidate will have a sound knowledge of security strategy, security innovation process and its implementation.
- He will be able to plan the set of required security documentations and to implement enterprise specific security organization and security policies
- The student will be enabled to describe a target security culture and to make an implementation plan for a turn around.
- The candidate is capable to plan a corporate awareness campaign.
- The candidate is capable to distinguish between responsibility and delegation. The student will be enabled to provide security in an unfriendly environment with budget constraints and “lack of enthusiasm” for security.
- The candidate is capable to present successfully in front of management: The student knows, how to argue for security and who to sell security.
The course will provide the student with the foundation required for implementing security and awareness systems in corporations and for research in this field.
Part I Introduction :
- Social networks and the power to the people
- The roles of corporate positions: Everyone makes a difference
Part II Organisational issues
- Incidents and crises: There’s no such thing as an isolated incident
- Whom you can trust: Applied trust and identity in organizational management
- Managing organization, culture and politics
Part III Changing the organization
- Designing effective awareness programs
- Transforming organization, attitudes and behavior
- Gaining executive board and business buy-in
Teaching Methods (additional text)
Termpaper with presentation at the end of the term, Readings and homework, Textbook, Powerpoint, Video-examples, Business and scientific papers, Computer Based Training, Repetition forms
The course will be made accessible for both campus and remote students. Every student is free to choose the pedagogic arrangement form that is best fitted for her/his own requirement. The lectures in the course will be given on campus and are open for both categories of students. All the lectures will also be available on Internet through GUC’s learning management system (ClassFronter).
Form(s) of Assessment
Oral exam, individually
Form(s) of Assessment (additional text)
25 minutes oral examination
Alphabetical Scale, A(best) – F (fail)
Evaluated by the lecturer. An external examiner will be used every 4th year. Next time in the school-year 2013/2014.
25 minutes oral
http://www.amazon.co.uk/Managing-Human-Factor-Information-Security/dp/0470721995 by David Lacy
Additional Material will be provided on Fronter
Who should attend?
Anybody who recognizes that information security is a people and cultural issue beside fundamental technology and procedural issue. This course will provide information for better performing as an information security officer, not depending whether you enter as a newcomer the security office or you have many years of experience.
More than 15 years of experience in consulting high level security officer and of designing and teaching courses for this community will enrich the discussions. True stories and mini cases will make the lectures vivid.
About the lecturer:
Bernhard M. Haemmerli (master and PhD form ETH Zurich) was elected as a full professor in 1992 at the university of applied sciences in Lucerne. He built up computer science at this university; arranged an executive mater degreed in information security, CCNA, CCNP certification courses as well as the Master of Advanced Studies in IT- Network Management. He is offering consulting services www.acris.ch (website in English available) for governments, industries and service companies in the topics information security, critical information infrastructure protection and related topics. He has run many conferences on these topics, is engaged in the information security society Switzerland, lately as president and vice president. With Google you will find more background information.