Corporate information security

The course has an objective of immersion in the practice of information security management in the field.

The basis are the various themes considered in the theoretical courses given in the Master in Cyber Security, especially IT Risks and Cyber Risks.
Students will make the link between all their courses and how the concepts they learn get implemented/used on the field, in practice on a daily basis.
At the beginning of the course, students have the opportunity to propose topics that correspond to their interests.

Typical  topics addressed are

- Threat Intelligence (How does this help to mitigate cyberattacks)
- Ransomwares (Why is this attack so successful)
- Cyberresilience (Why is still the Graal)
- Quantum Computing (Should companies already worry about quantum computing applied to cryptography)
- Cloud Security (less or more secure than having one's one infrastructure - what should I pay attention to)
- Cybersecurity of supply chain management
- Mobile Security (why are smartphone more secure than desktop and laptops)
- Websecurity and the same origin principle (Why are web browsers are in fact very secure despite their open door policy ?)
- Enclaves (why Intel SGX is not the best model)
- Securing Corporate Networks (and the zero-trust model).
- Cyberregulation, certification, does it really help to improve one's cyberposture ?
- Scamming (why does it work always ? Why people are trapped)
- Threat Modelling
- Patch Management - (How to,  ideally)
- Remote Identity Proofing
- Decision Process in Cybercrisis Situation  & Safety Culture 

The student will have acquired a vision of how cybersecurity and information security work in the field,  in the industry and for the general public.
He will be able to apply his theoretical knowledge, how to apply it and create the cyberadhesion of his employer or his client.

Required and Corequired knowledge and skills

None, except courses already followed  in the master (so that the student can propose topics at the beginning of the course).

Interactive courses based on a dialog with students, especially since some of them already have professional experience.

References, bibliography, and recommended reading

References will be given throughout the course and topics covered.

Campus

Plaine

Method(s) of evaluation

• written examination

written examination

• Open question with short answer
• Open question with fill-in the blanks text
• Closed question with multiple choices (MCQ)
• Closed question True or False (T/F)

Written exam: questions will be chosen among a list of predefined questions per chapter distributed at the end of the course to help students preparing the exam. The questions that will be asked the day of the exam will/might slightly differ from the list of questions published to avoid the preparation is only a memorization of prepared answers (the exam is NOT open books) .

If the student prepares the questions in advance, he will be able to answer the questions of the exam that will be simple variants of the predefined questions. Questions can be prepared via the slides that have served as a support for the classes. Having attended to the classes is preferred as some questions will be discussed during the lectures themselves.

This evaluation method allows the instructor to check the students has acquired the core principles of corporate information security via/thanks to the covered chapters/topics and domains.

For the year 2024-2025, the exam day is June 17, 2025.

Mark calculation method (including weighting of intermediary marks)

written exam only. The student has the option not to answer to questions related to two chapters of his choice without penalty.

Language(s) of evaluation

• english
• (if applicable english )