Study Guide

Objective

The student will
• Understand the administrative and technical basics of information and cybersecurity
• Recognize the operational environment and threats, and be able to assess the impact of information and cybersecurity on organizational operations
• Understand the significance of a security culture for information and cybersecurity
• Be capable of planning, drafting, and implementing an information security policy for the organization
• Recognize the importance of information classification for safeguarding organizational information and be able to classify information and information systems
• Grasp the importance of competence and awareness in achieving information and cybersecurity
• Be able to assess the organization's level of cybersecurity competence (maturity) and plan and implement an organizational cybersecurity awareness program/training (awareness)
• Identify the importance of risk management in achieving information and cybersecurity
• Understand the significance of assessments and audits for continuous improvement

Content

• Operational environment and threats
• Impact and influence
• Competence and awareness
• Information security culture
• Information security policy, guidelines, models, frameworks
• Information classification
• Risk management and controls
• Auditing

SUMMARY
Upon completing the course, the student will possess a comprehensive understanding of information and cybersecurity concepts, as well as practical skills to assess and enhance the level of information and cybersecurity competence within an organization. The student will be capable of contributing to the planning and implementation of effective administrative controls, trainings, and policies related to information and cybersecurity. They will have the capability to assess the security situation and plan development measures.

Evaluation scale

H-5