100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
Cybersecurity Risk Management - Summary - 2019:2020 $5.93   Add to cart
Quickly navigate to
Preview
  2.  
  3. Tilburg University (UVT)
  4.  
  5. Cybersecurity risk management (320123M6)

Summary

Cybersecurity Risk Management - Summary - 2019:2020
 250 views  12 purchases
  • Course
  • Cybersecurity risk management (320123M6)
  • Institution
  • Tilburg University (UVT)

A summary for the course 'Cybersecurity Risk Management'

Preview 3 out of 28  pages

Document information

  • October 24, 2019
  • 28
  • 2019/2020
  • Summary

Subjects

  • cybersecurity
  • risk management

Written for

  • Tilburg University (UVT)
  • Master Information Management
  • Cybersecurity risk management (320123M6)
All documents for this subject (1)

Seller

avatar-seller
Rini222

Content preview

Cybersecurity Risk Management

Learning goals:

1. Describe frameworks for ​cybersecurity​ and ​resilience ​(ISO 27001/2, PAS555),
2. Distinguish various types of security risks (​confidentiality​, ​integrity,​ ​availability​)
3. Analyze a system and perform a systematic ​risk assessment​ (​likelihood​ and ​impact​)
4. Explain common ​security measures​, including ​cryptography​, to address the risks
5. Discuss ethical and legal aspects, including ​privacy a​ nd ​data protection​ (GDPR)
6. Appreciate multi-disciplinary nature of cybersecurity risks and their impact on
society.

,Part 1 Cybersecurity and Resilience

1. Describe frameworks for ​cybersecurity​ and ​resilience
2. Distinguish various types of security risks (​confidentiality, integrity, availability​)




A Framework:

Policy Specify objectives (Impact assessment, CIA, security levels)

Mechanism Implement security measures (physical, technical, encryption, organizational,
security architecture)

Incentives Motives for people (social engineering, fraud triangle, business model, risk
appetite, proportionality)

Assurance Confidence that measures are meeting objectives (regulatory supervision,
audit, monitoring, forensics, learning)



1.1 Cybersecurity and Information security

Information security is the preservation of ​confidentiality, integrity​, and ​availability of
information (ISO 27000). Information can come in any form, be it electronic or material, or
even as knowledge of personnel.

Confidentiality​: Preserving authorized restrictions on information access and
disclosure, including means for protecting personal privacy and proprietary
information.

Integrity:​ Guarding against improper information modification or destruction, and
includes ensuring information non-repudiation and authenticity.

Availability​: Ensuring timely and reliable access to and use of information.

Auditability​: ensuring that evidence of all crucial transactions is stored reliably for
auditing purposes

Cybersecurity​ is the complex domain of interdependent physical and information security.




1

, Information Security vs. Cybersecurity
Cybersecurity only concerns protection from threats that use a cyberspace [narrower], and
moreover, does not only cover information assets, but also physical assets, infrastructure, or
social effects on society [wider].

Information security focuses on individual organizations; external risks are internalized.
Cybersecurity looks at risks in the network as a whole.

Traditionally, information security focuses mostly on prevention, whereas ​cybersecurity
focuses on ​resilience​.


Refsdal et al
• Cybersecurity is the protection of cyber systems against cyber threats.

• A cyber threat​ ​is a threat that exploits a cyberspace.

• A cyberspace is a collection of interconnected computerized networks,
including services, computer systems, embedded processors, and controllers,
as well as information in storage or transit.

• A cyber system​ ​is a system that makes use of a cyberspace.

• A cyber-physical system is a cyber system that controls and responds to
physical entities through actuators and sensors.




A ​cyber-physical system (CPS) is a mechanism that is controlled or monitored by
computer-based algorithms, tightly integrated with the Internet and its users. Many of these
examples involve Internet of Things (RFID technology) as sensors and actuators.

Examples: smart grid, autonomous vehicles, medical monitoring, public transport, process
control, robotics.




2

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Rini222. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $5.93. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

67474 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$5.93  12x  sold
  • (0)
  Add to cart