Cyber Security and Privacy

By Prof. Saji K Mathew | IIT Madras

Learners enrolled: 36574 | Exam registration: 13317

ABOUT THE COURSE:

This course introduces to management students the concepts, technologies, practices and challenges associated with cybersecurity as applied in organizations. Protection as well as disclosure of information pose unique challenges and also allude to economic and technological implications. Breach of information privacy has been reported as having serious consequences to all the stakeholders involved from the origin to end use of data. Furthermore, cyber security has often been analysed independent of information privacy, which thus lacks a wholesome picture of investments, benefits and stakeholder concerns. The course takes a broad view of cyber security along with information privacy by analysing relevant organizational, human, legal and policy issues.

Through this course, students will explore cyber security along with information privacy with a managerial focus. Students are expected to develop a wholesome understanding about cyber security and privacy risks to businesses covering governance, compliance and risk mitigation and closely study certain business domains.

COURSE LEARNING OBJECTIVES

To recognize cyber security from technological and administrative perspectives
To articulate cyber security governance, risks and compliance in the current business environment
To apply cybersecurity and information privacy in organizational context for risk assessment
To develop cyber security and information privacy policy in selected business domains

PREREQUISITES : A core course on Management Information Systems desirable (not mandatory)

INDUSTRY SUPPORT : IT services industry, AI/Block chain start ups, Industry 4.0, autonomous vehicles industry

Summary

Course Status :	Ongoing
Course Type :	Elective
Duration :	12 weeks
Category :	Computer Science and Engineering
Credit Points :	3
Level :	Postgraduate
Start Date :	22 Jul 2024
End Date :	11 Oct 2024
Enrollment Ends :	05 Aug 2024
Exam Registration Ends :	16 Aug 2024
Exam Date :	03 Nov 2024 IST

Note: This exam date is subject to change based on seat availability. You can check final exam date on your hall ticket.

Page Visits

Course layout

Week 1:

Introduction - Introduction to cyber security, Confidentiality, integrity, and availability.

R1. From information security to cyber security. Computers and Security, 2013, accessible at:

https://www.sciencedirect.com/science/article/pii/S0167404813000801

Week 2:

Foundations - Fundamental concepts, CIA, CIA triangle, data breach at target.

R2. Chapter 1- Text

R3. Why you should care about the Target data breach? Business Horizons, 2016, accessible at:

https://www.sciencedirect.com/science/article/abs/pii/S0007681316000033

Week 3:

Security management, Governance, risk, and compliance (GRC)- GRC framework, security standards.

R4. Text-Chapter 4 - Planning for security, pp. 171- 176

Week 4:

Contingency planning - Incidence response, Disaster Recovery, BCP.

R5. Text-Chapter 4 - Planning for security, pp. 214-251

Week 5:

Cyber security policy - ESSP, ISSP, SYSSP.

R6. Text-Chapter 4- Information security policy, pp. 177-213.

R7. Internet insecurity: The end of cyber security. HBR, 2018, accessible at: https://hbr.org/2018/05/internet-insecurity

Week 6:

Risk Management - Cyber Risk Identification, Assessment, and Control.

R8. Text-Chapter 5- Risk management: Identifying and assessing risk.

R9. Case Study- Protecting the Cheddar: The end of cyber security. HBR, 2018, accessible at: https://hbr.org/2018/05/case-study-protecting-the-cheddar

Week 7:

Cyber security: Industry perspective - Defense Technologies, Attack, Exploits

R10. Text-Chapter 6-7- Security technology

Week 8:

Cyber security technologies - Access control, Encryption, Standards.

R11. Text-Chapter 8- Cryptography

R12. Active defense and hacking back: A primer- The end of cyber security. HBR, 2018, accessible at: https://hbr.org/2018/05/active-defense-and-hacking-back-a-primer?ab=seriesnav-bigidea

Week 9:

Foundations of privacy - Information privacy, Measurement, Theories.

R13. Privacy, Stanford Encyclopedia of Philosophy, 2013, accessible at: https://plato.stanford.edu/entries/privacy/

R14. We Googled you. HBR Online, 2007, accessible at: https://hbr.org/2007/06/we-googled-you-2

Week 10:

Privacy regulation - Privacy, Anonymity, Regulation, Data Breach.

R15. Text-Chapter 3- Law and ethics

R16. UNCTAD. Data Protection and Privacy Legislation Worldwide, accessible at: https://unctad.org/page/data-protection-and-privacy-legislation-worldwide

Week 11:

Privacy regulation in Europe, Privacy: The Indian Way - Data Protection, GDPR, DPDP, Aadhar.

R17. GDPR: General Data Protection Directive (https://gdpr-info.eu)

R18. Privacy and security of Aadhaar: A Computer Science perspective, IIT Delhi, accessible at: https://www.jstor.org/stable/pdf/26697657.pdf

R19. The digital personal data protection bill, 2023

https://www.meity.gov.in/writereaddata/files/Digital%20Personal%20Data%20Protection%20Protection%202023.pdf

Week 12:

Information privacy: Economics and strategy, Economic value of privacy, privacy valuation, WTA and WTC, Business strategy and privacy, espionage, Privacy vs safety. R20. The dark side of customer analytics. HBR Case, 2007, accessible at: https://www.pomsmeetings.org/ConfPapers/052/052-0002.pdf

R21. Apple privacy vs safety issues: https://hbswk.hbs.edu/item/cold-call-apples-dilemma-balancing-privacy-and-safety-responsibilities

Books and references

Text Book:
Michael E. Whitman, Herbert J. Mattord, (2018). Principles of Information Security, 6th edition, Cenage Learning, N. Delhi.

References

Darktrace, “Technology” https://www.darktrace.com/en/technology/#machine-learning, accessed November 2018.

Van Kessel, P. Is cyber security about more than protection? EY Global Information Security Survey 2018-2019.

Johnston, A.C. and Warkentin, M. Fear appeals and information security behaviors: An empirical study. MIS Quarterly, 2010.

Arce I. et al. Avoiding the top 10 software security design flaws. IEEE Computer Society Center for Secure Design (CSD), 2014.

Smith, H. J., Dinev, T., & Xu, H. Information privacy research: an interdisciplinary review. MIS Quarterly, 2011.

Subramanian R. Security, privacy and politics in India: a historical review. Journal of Information Systems Security (JISSec), 2010.

Acquisti, A., John, L. K., & Loewenstein, G. What is privacy worth? The Journal of Legal Studies, 2013

Xu H., Luo X.R., Carroll J.M., Rosson M.B. The personalization privacy paradox: An exploratory study of decision making process for location-aware marketing. Decision Support Systems, 2011.

Videos

Andy Bochman, how to reframe your cybersecurity strategy

https://hbr.org/webinar/2018/04/how-to-reframe-your-cybersecurity-strategy.html

Christof Paar, Introduction to Cryptography

https://www.youtube.com/watch?v=2aHkqB2-46k

Cybersecurity Strategy for the C-Suite

https://hbr.org/webinar/2017/07/cybersecurity-strategy-for-the-c-suite

How to Build Your Cybersecurity Defense

https://hbr.org/webinar/2017/08/how-to-build-your-cybersecurity-defense

The Secret is “There are No Secrets”

https://digital.hbs.edu/cybersecurity/hbs-future-assembly-flash-talk-james-mickens-no-secrets/

Instructor bio

Prof. Saji K Mathew

IIT Madras

Prof.Saji K Mathew is currently a Professor at the Department of Management Studies, Indian Institute of Technology Madras, India. As a Fulbright Scholar, he did his post-doctoral research on offshore IT outsourcing at the Goizueta Business School of Emory University, Atlanta (USA). His current research focuses on behavioral cyber security, information privacy, misinformation and digital nudging. He has published research in leading IS journals while also making editorial contributions to some of them. He is a founding member of the Association for Information Systems India Chapter (INAIS) and presently serves as its Vice President.

Course certificate

The course is free to enroll and learn from. But if you want a certificate, you have to register and write the proctored exam conducted by us in person at any of the designated exam centres.
The exam is optional for a fee of Rs 1000/- (Rupees one thousand only).
Date and Time of Exams: 03 November 2024 Morning session 9am to 12 noon; Afternoon Session 2pm to 5pm.
Registration url: Announcements will be made when the registration form is open for registrations.
The online registration form has to be filled and the certification exam fee needs to be paid. More details will be made available when the exam registration form is published. If there are any changes, it will be mentioned then.
Please check the form for more details on the cities where the exams will be held, the conditions you agree to when you fill the form etc.

CRITERIA TO GET A CERTIFICATE

Average assignment score = 25% of average of best 8 assignments out of the total 12 assignments given in the course.
Exam score = 75% of the proctored certification exam score out of 100

Final score = Average assignment score + Exam score

YOU WILL BE ELIGIBLE FOR A CERTIFICATE ONLY IF AVERAGE ASSIGNMENT SCORE >=10/25 AND EXAM SCORE >= 30/75. If one of the 2 criteria is not met, you will not get the certificate even if the Final score >= 40/100.

Certificate will have your name, photograph and the score in the final exam with the breakup.It will have the logos of NPTEL and IIT Madras .It will be e-verifiable at nptel.ac.in/noc.

Only the e-certificate will be made available. Hard copies will not be dispatched.

Once again, thanks for your interest in our online courses and certification. Happy learning.

- NPTEL team

SWAYAM Helpline / Support