Governance and Management of Cyber Security

Cyber security management principles. Information security and cyber security risk management, incident management. Software security architecture and secure software development. Most used techniques and frameworks, their implementation.

Moodle: https://moodle.taltech.ee/course/view.php?id=30021

NB! This course will take place in autumn semester 2025/2026 which starts on 1st of September and ends on 25th of January (you can find that information under Start date section). TalTech's timetables for Autumn semester 2025 will be published at the end of June via tunniplaan.taltech.ee. Switch the page to English and use "Search" and "Open detailed search" to find your course. NB! Some courses are taught by several lecturers during the same semester. Make sure that the course name and lecturer/teacher infromation of your course match with the information given in the Course Catalogue.

Learning outcomes:

• cybersecurity governance: student has knowledge to develop enterprise cybersecurity program;
• cybersecurity risk analysis: student performs enterprise cyber security risk analysis;
• cybersecurity incident management: student has knowledge to develop enterprise cybersecurity incident management policy;
• business continuity: student has knowledge to develop enterprise business continuity management plan;
• cybersecurity strategy: student has knowledge to develop enterprise cyber security strategy.

Final assessment can consist of one test/assignment or several smaller assignments completed during the whole course. After declaring a course the student can re-sit the exam/assessment once. Assessment can be graded or non-graded. For specific information about the assessment process please get in touch with the contact person of this course. For specific information about grade transfer please contact your home university

Basic knowledge of IT and cyber security is recommended but not mandatory.

• - ISO/IEC 27000:2014, Information technology - Security techniques -Information security management systems _ Overview and vocabulary;
• - ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems _ Requirements;
• - ISO/IEC 27002:2013, Information technology - Security techniques - Code of practice for information security management;
• - Dan Shoemaker, Cybersecurity: The Essential Body Of Knowledge, ISBN-13: 978-1435481695;
• - Michael E. Whitman, Principles of Incident Response and Disaster Recovery, ISBN-13: 978-1111138059;
• - Michael E. Whitman, Management of Information Security, ISBN-13: 978-1435488847;
• - Krag Brotby, Information Security Governance: A Practical Development and Implementation Approach, ISBN-13: 978-0470131183.

lectures, practices