Executive Master In Cybersecurity Management

Information Security Leadership (the CISO Fundamentals)

March to April 2023

Security Controls: Governance, Risk, Compliance and Certification

May to June 2023

A review of enterprises landscape including business objectives and requirements collection for security controls. A thorough understanding of security controls in various domains and including new technologies. A detailed overview of various domains of controls including models for building those with adequate management components including the Control process, The organisation and responsibilities allocation, The information requirements, the policies and procedures, the ethics and behavioural models, the tools and technology. An overview of skills of competences requirements and models to evaluate and improve those. 

Readings include the Maturity components of COBIT, ISO 27002, the SFIA Skills model, the Detailed NIST cybersecurity controls. They also include CIS20 and OWASP models. 

Business Case implementation shall involve the development of a certification process in a specific sector of activity, including all steps that are required to build the capabilities within the organisation to reach a tangible result.

Security Architecture: Securing the Landscape

September to October 2023

The architectural landscape is demystified, and components are identified to ensure adequate protections. Various architectural models shall be acquired by participants. The creation and implementation of the Architecture function and the architecture frameworks and notation tools are to be acquired. A thorough understanding of security controls in various domains and including new technologies with examples for some of those.

Initial readings include the TOGAF, SABSA, and OSA frameworks. 

Business Cases include the analysis and the improvement of an existing complex architectural landscape with the aim at identifying models to improve its management practices, its coherence leading to tangible business benefits.

Security Operations: Continuity and Crisis Management

November to December 2023

Business operations and information availability and integrity require the involvement of the whole organisation. Activities leading to building an adequate continuity are essential for cybersecurity management. Incident support can lead to a full Crisis management. The organisational components for handling those should be at adequate maturity and preparation. 

Initial reading includes related ISO Standards and ENISA publications. 

Business cases include the implementation of incident and Crisis management capabilities including various components and communication needs.

Cybersecurity Battleground: Threats, Vulnerabilities and Technologies

January to February 2024

Cybersecurity management practices require the knowledge of own business, its functional and technical vulnerabilities and the threat landscape that needs to be addressed. The capabilities that require building cybersecurity capacity includes Identification, protection, Detection, Response and recovery techniques and processes. 

Initial reading includes various ENISA and NIST publications.

Business case includes the implementation of a cybersecurity operation in a given sector of activity while ensuring alignment with business considerations.

General Management: Digital and Cybersecurity Leadership

Spread over the year

The module is spread over the year and includes Four dates to be attended in virtual or in person. A case study shall be delivered before the end of September. 

General management practices are essential knowledge for leaders and managers. Various practices shall be addressed: principles of Strategy, of Finance, of marketing, and of Leadership. 

Initial reading includes various General Management practices and references. 

Business case shall address a combination of Management practices that are related to Cybersecurity management. Each participant may elect to focus one specific practice to foster their expertise.