Design Thinking for Information Security: An Interdisciplinary Approach

CourseV-847-THIS
Semester20242
ETCS7,5
CoreNo

Year1. year
SemesterSummer 2024
Level of courseN/A
Type of courseElective
PrerequisitesNo prerequisites.
ScheduleNo schedule found.
Lecturer
Stefan Bauer
Content
In the age of digitalization, information security is more important than ever. A key layer for ensuring information security is the employees, who need to be aware of possible information security risks and behave accordingly. Organizations introduce information security policies to establish required rules for information security behavior and implement information security awareness programs, which are systematically planned campaigns. The course provides a comprehensive overview of information security from the management perspective. The focus is on how to design measures such as awareness programs to protect organizations’ data and keep it safe from cybercrime. The content is divided into three main sections. First, addressing actual information security risks, students will get an overview of the managerial perspective of information security and associated problems in organizations. Second, the course provides a deep dive into design thinking for solving problems of employee misbehavior and fostering an active risk culture. Third, the course addresses learned techniques for organizations. Students chose an organization and apply design thinking to develop information security awareness programs and mitigate information security risks. In the lectures, we will: · apply design thinking methods to create information security awareness programs, · identify organizational challenges in designing information security methods, · measure information risks and information security awareness (e.g. KPIs), · discuss leaderships’ influence on risk and security behavior, · structure a bundle of measures to create a proactive risk culture, · evaluate emerging technologies trends such as AI, Blockchain technology and IoT enable opportunities for Risk and Information Security Management. In sum, the course introduces a holistic approach to designing solutions for organizations regarding information security risks.
Learning outcome - Objectives
Knowledge The student should be able to: 1. describe concepts and terms regarding information security, cybersecurity, risk management and policy compliance, 2. identify and classify information security risks and threats in organizations, 3. reflect on the role of penalties for policy compliance violations, 4. understand success factors for information security awareness programs Skills The student should be able to: 5. design mitigation strategies to overcome information security threats, 6. identify critical success factors to increase employees’ compliant behavior, 7. apply design thinking to develop materials to increase awareness of cybersecurity risks, 8. evaluate methods to establish a proactive risk culture Competences The student should be able to: 9. conceptualize holistic information security management in organizations, 10. handle information security incidents by setting a process plan, 11. select and combine methods and measures to ensure information security 12. discuss bundles of measures to create a proactive risk culture
Course assessment
No assessment found.
Reading material
No reading material found.
Teaching and learning activities
No activities found.
Language of instructionEnglish