Security Controls: Focus and Cohesion
This module will take participants through the process of analysing context, defining scope, modelling threats, defining security controls and requirements, considering the solution space for controls, including technologies and operating models, and then finally evaluating risk (Inherent vs. Residual) and anchoring in policy, providing assurance that the controls operate as intended, e.g., for the purpose of internal or external assurance obligations or certification. This part builds on concepts introduced in module 1 (Information Security Leadership).
Participants will gain a good understanding of security controls and their respective trade-offs from the angles of technology, people, and process. They will understand how kill-chain analysis in threat modelling helps bringing focus and cohesion and assists in building a business case. Finally, a layered approach at collection of assurance and reporting supports effective management of security controls.
Many concepts and approaches will be further elaborated in the next module (3, Security Architecture) through the lens of security by design.
Readings include introductions into various control frameworks such as COBIT, ISO 27002, NIST cybersecurity controls, CIS20 and OWASP models. Some literature on threat modelling will also be provided.
Case work will focus on the practical application of threat modelling techniques, control specification and governance definition and operation in an enterprise context focusing on a crown jewel.
Related Roles from the European Cybersecurity Framework
Topic Leader for Module 2
Wim Bartsoen
Chief Digital Security Officer at Securitas Group
Assistant Topic Leader for Module 2
Dominique Van Huffel
Director Digital Security at Securitas Intelligent Services
Site Content
PRESS RELEASE
Wim Bartsoen will be the Topic Leader in charge of “Security Controls” at the Executive Master in Cybersecurity Management.
Brussels, February 25, 2023. Professor Georges Ataya, academic Director, confirms the designation of Wim Bartsoen as the Topic Leader for “Security Controls”, a specific module delivered at the Executive Master in Cybersecurity management.
Wim is currently head of architecture and chief digital security officer at Securitas Group, an industry leader in safety and security services employing 350.000+ people in 50 countries worldwide with $13 Bn revenue (2022). Wim is also the chair of the monitoring and remote services work group at the European sector federation CoESS. With a career in information security of over 25 years with previous leadership roles at Andersen Consulting and BNP Paribas Fortis Wim is a recognized expert in his field and a regular public speaker at industry events.
The executive Master in Cybersecurity Management is part of the Digital Governance and Trust education series at the Brussels-based Business school. Running since 2001, this postgraduate education evolved to the needs of digital professionals. After a two-year interruption, a renewed Hybrid education method shall be launched on March 1, 2023.
“Combining monitored self-study, with in-person classes featuring senior European experts, and a case study in teams will give a blended experience and an extensive knowledge base to our participants. Wim Bartsoen has been a regular guest lecturer and topic leader with Solvay since 2015 and is always highly appreciated by the students for his insights. We are delighted that he has once more agreed to take up topic leadership.” Commented Professor Ataya.
Karin Doguet, CEO of Solvay Lifelong learning, reports that “this new education programme shall be leading the way for more hybrid education in the Lifelong Learning portfolio”.
For release 9.AM, February 25, 2023.