This course continues surveying common technological and organizational measures for cybersecurity, with a focus on detection and organizational relationships. Topics include auditing and log records; monitoring and testing for threat detection; vulnerability scans; and the security of external services (e.g., cloud providers) and supply chains. We do not focus on how to technically implement these measures. Students assess organizational impacts and explore how best practices and standards can help manage such measures.
With successful completion of this course, students are able to: 1. Identify common technological and organizational measures for cybersecurity (focus: detection concepts and organizational relationships). 2. Explain and give examples of the roles of best practices and standards in the design and implementation of such security measures. 3. Explain the functional and organizational advantages and disadvantages of these measures, including impacts from their interaction. 4. Assess the limitations of these security measures in the contexts of organizational change and dynamic threats, flawed technology, and flawed organizational policies and practices. 5. Translate lessons learned from incidents into recommendations for cybersecurity planning and preparedness for better detection.