The main focus of this module is to set up the stage for the rest of the course presenting key concepts that will be extended in the following modules. It will present an introduction to security and security properties as well as details on privacy and privacy preserving mechanisms. It will introduce the concept of accountability in the context of a Continuous Appropriate Dynamic Accountability strategy. Finally it will address elements linked to Risk Management. The module is organized in 3 lessons tackling the above aspects in a theoretical way leaving to other modules the deep dive into the relevant technical aspects. It is expected that at the end of the module, learners will acquire (a) knowledge on cyber threats and vulnerabilities, (b) knowledge on confidentiality, integrity, and availability principles (c) knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data, (d) Skill in applying confidentiality, integrity, and availability principles, (e) Knowledge of risk/threat assessment, (f) Skill in performing impact/risk assessments.

The main focus of this module is to provide learners with an overview of offensive methods and techniques that are used to carry out security attacks targeting IT infrastructures and their services. The module is organized into 4 lessons tackling different aspects of cybersecurity offensive methods and techniques. The first lesson introduces attacker capabilities and attack stages, the second lesson discusses the current gaps and emerging security issues, the third lesson is dedicated to network attacks methods, while the fourth lesson will present novel technologies and the relative attack surface. It is expected that at the end of the module, learners will acquire (a) knowledge on cyber attack stages and attacker capabilities, (b) knowledge on emerging security issues, risks, and vulnerabilities, and (c) knowledge on computer networking concepts and protocols, and network security methodologies. This course will allow students to develop some basic but fundamental skills including including (i) skills to anticipate new security threats, (ii) skills to applying confidentiality, integrity, and availability principles, and (iii) skills to design countermeasures to identified security risks.

The main focus of this module is to provide learners with an overview and provide details regarding defensive methods and techniques that are used to prevent, detect and mitigate security attacks targeting IT infrastructures and their services. The module is organized into five lessons tackling different aspects of cybersecurity defensive methods and techniques. The first lesson introduces the principles of security-by-design, the second lesson discusses vulnerability assessment and prevention methods, the third lesson is dedicated to network protection methods, the fourth lesson relates to application/OS protection techniques, while the fifth lesson addresses more specifically data protection.It is expected that at the end of the module, learners will acquire (a) knowledge on information technology (IT) security principles and methods, (b) knowledge on cyber defense and vulnerability assessment methods and their capabilities, and (c) knowledge on cybersecurity and privacy principles related to data protection.

With this knowledge and course participation, several skills are developed, such as (i) skill in discerning the protection needs (i.e., security controls) of information systems and networks, (ii) skill in creating policies that reflect system security objectives, (iii) skill in designing countermeasures to identified security risks, and (iv) skill in evaluating the adequacy of security designs.

The main focus of this module is to provide students with an overview and present details regarding risk management from an economic perspective so that once the module finishes, the student can assess the possible risks and their economic impact on a company. The lesson starts by explaining the importance of looking into cybersecurity from an economic perspective, then discussing the costs to consider when planning for cybersecurity measures. Also, it introduces theoretical and practical models for cybersecurity investments and decision-making while applying them to a concrete case using a cybersecurity economic tool called SECAdvisor. It is expected that at the end of the module, students will acquire (a) knowledge of integrating the organization’s goals and objectives into the architecture, and (b) knowledge of risk/threat assessment. With this knowledge and course participation, several skills are developed, such as (i) skill in evaluating the adequacy of security designs, (ii) skill in conducting capabilities and requirements analysis, (iii) skill to use critical thinking to analyze organizational patterns and relationships, and (iv) skill to understand the operational, financial and policy-related parameters and the effective implementation of cybersecurity in practice.