It security – risks and vulnerabilities in the organization – København

Covering all aspects of security is impossible. But are you aware of the exiting risks? Can you decide how to achieve the sufficient level of security? 

This course is designed to give you a broad introduction to the basics of the IT security

The company's vulnerabilities and risks The course will give you basic knowledge of IT security, common risks, standard cyber attacks and counter measures from both a technical and socio-technical perspective. 

You will learn how to reason about possible risks and vulnerable assets in your organization, leading to determining and prioritizing security requirements for protecting these assets. In particular, you will learn how to analyze vulnerabilities and get experience with methods and tools for security protection, such as implementing authentication and access control. You will also learn about measures commonly used to audit a system to determine that an attack has taken place, which is important for understanding the measures needed to take to mitigate the impact of the attack and protect against future attacks.

Finally, you will learn how to address the human factors in cybersecurity, as human behavior and cognitive biases are crucial to succeed with IT-security initiatives and policies. 

You will learn how to: 

• design security policies that can effectively be adhered to by the employees

• design user experience such that users can conform to security requirements, and

• understand the challenges developers face in implementing security measures in the software development lifecycle.

The course will give you a fundamental understanding of what IT security is, a vocabulary to talk about IT security, and the ability to play a active and proactive role in the organization regarding IT security.

The course is aimed at people, who wants a fundamental understanding of IT security and insights to the technical concepts, methods and techniques used to work with and understand security threats. The goal of the course is to enable making appropriate security-related decisions, teaching how to think clearly about security by focusing on basic principles. As a participant you will also gain a vocabulary to communicate about security and bridge the organizational, behavioral, and technical aspects of IT security.

After the course, you should be able to:

• Determine security requirements in your organization

• Identify, list, and explain standard cyberattacks

• Identify, list, and discuss major principles of IT security

• Identify, list, and explain common mechanisms for IT security (authentication, authorization, audit, isolation)

• Understand and discuss human factors challenges in IT security

The organization gain af advantage by having an employee with security knowledge who can communicate and understand the it-security principles and know what is crucial in the security field 

The course is a combination of presentation, exercises, and group work. In addition to the theoretical and academic presentations, the participants' own professional experiences and knowledge will be the base of discussions. 

During exercises you will have room for reflecting on your own context and translate theory and methods into practice. You will have time to work specifically with your own organization or project to get a deeper understanding of what IT security entails, who it involves, and what it requires to ensure IT security at the sufficient level.

Oksana Kulyk: 

Oksana is assistant professor at the IT University of Copenhagen (ITU) and a member of the Center for Information Security and Trust (CIST). She has previously worked as a post-doc in the Security, Usability and Society (SECUSO) research group at Karlsruhe Institute of Technology

Her research interests is focused on human factors in security and privacy, including privacy-related decision support for end users and risk communication, as well as issues of security and privacy in electronic voting. Until December 2020, she worked in the Danish Centre for Cybersecurity, investigating cybersecurity and privacy practices in Danish companies.