2024 Faculty Courses School of Computing Major courses
Cybersecurity Governance
- Academic unit or major
- Major courses
- Instructor(s)
- Keisuke Tanaka / Masayuki Mamiya
- Class Format
- Lecture/Exercise (Face-to-face)
- Media-enhanced courses
- -
- Day of week/Period
(Classrooms) - 1-4 Wed
- Class
- -
- Course Code
- XCO.T478
- Number of credits
- 110
- Course offered
- 2024
- Offered quarter
- 4Q
- Syllabus updated
- Mar 14, 2025
- Language
- Japanese
Syllabus
Course overview and goals
With the development of information and communications networks and the advanced use of information and communications technology, represented by the Internet, threats to cybersecurity are becoming more serious. Cyber attacks continue to have a significant impact on society, and the damage to society caused by the leakage of personal information and the leakage of intellectual property by attacks is immense. Despite the importance of cybersecurity, there is still a significant shortage of human resources.
In response to these social demands, Tokyo Institute of Technology established the Cybersecurity Special Program in April 2016. This special training program on cybersecurity will provide students with practical knowledge on cybersecurity through collaboration with Rakuten, NTT, AIST, and the Cabinet Cybersecurity Center, as well as with knowledge on the theoretical background by utilizing the strengths of the theoretical field, which is characteristic of the information and communications field at Tokyo Tech. The curriculum is centered around six subjects: Cybersecurity Overview (1Q, 2-0-0), Cybersecurity Cryptography (3Q, 2-0-0), Cybersecurity Governance (4Q, 1-1-0), Cybersecurity Attack and Defense I (2Q, 1-1-0), Cybersecurity Attack and Defense II (3Q, 1-1-0), and Cybersecurity Attack and Defense III (4Q, 1-1-0).
In this course, you will understand the basic framework of management measures related to information security and learn how to conduct corporate governance with security in mind.
Course description and aims
By completing this lecture, the following are understood and the way of thinking is acquired.
1)You will understand the management framework for information security
2)You will be able to understand the specific security measures for corporate governance
3)You will be able to plan for information security
4)You will be able to make recommendations, support and report to management.
Student learning outcomes
実務経験と講義内容との関連 (又は実践的教育内容)
The lecturer will give practical lectures on cybersecurity governance based on his experience in information security management acquired in the private sector and his knowledge as a cybersecurity auditor acquired in government agencies.
In a case study, consider "What should a CISO be?" and "How staff can help CISOs" using actual cases that the instructor worked on.
Keywords
Security, Information Security, Cyber Security, Governance, Incident Handling, Risk Management, IoT, Information Security Audit, Security, CISO, Cyber Security Framework, Case Methods
Competencies
- Specialist skills
- Intercultural skills
- Communication skills
- Critical thinking skills
- Practical and/or problem-solving skills
- By completing this course, students will have the extensive knowledge and perspective required for cybersecurity governance.
Class flow
These classes are taught through lectures and dialogues, group discussions, and case methods. In the case method, students conduct their own research and analysis, and teachers and students "discuss" each other in class.
Course schedule/Objectives
| Course schedule | Objectives | |
|---|---|---|
| Class 1 | Orientation, the basic idea of cybersecurity governance | Students will understand the framework needed to think about cybersecurity governance. |
| Class 2 | Our country's Cybersecurity Environment and Initiatives | Students will gain an understanding of the cybersecurity environment surrounding our country, as well as public and private initiatives and national security. |
| Class 3 | "Organization and rules" for cybersecurity governance | Students will understand how to build the organizations, rules and institutions that are prerequisites for establishing cybersecurity governance. In addition, students will understand psychological factors, human resources and labor, and public relations activities that should be kept in mind when managing group companies and overseas offices, and managing information security. |
| Class 4 | ”Education and training" for cybersecurity governance | Students will understand the education and training required to establish cybersecurity governance. Students will also understand how to secure and develop advanced security personnel. |
| Class 5 | "Technology and equipment" for cybersecurity governance | Students will understand the technical measures and facilities needed to establish cybersecurity governance. |
| Class 6 | "Audit and inspection" for cybersecurity governance | Students will understand the audits and inspections required to establish cybersecurity governance. In addition, think about utilizing the results of audits and inspections, and understand the development of information security response plans and risk control. |
| Class 7 | Embedded Systems and Cybersecurity Governance | Today, various industrial devices and cars are connected to the Internet and exchange information with each other. Sensors, actuators, and the like may be incorporated into the system and function as a control system. Understand the characteristics of embedded systems and their cybersecurity vulnerabilities and countermeasures. |
| Class 8 | Healthcare Systems and Cybersecurity Governance | Students will understand the characteristics of healthcare systems and their cybersecurity vulnerabilities and countermeasures. |
| Class 9 | Cybersecurity governance essentials and CISO qualities | Students will understand the requirements needed to establish cybersecurity governance and the qualities and capabilities required of a CISO. Students also understand the qualities and abilities expected of the staff who support CISOs. |
| Class 10 | Responding to and managing information security incidents | Students will understand how to handle information security incidents. |
| Class 11 | Case 1 Domestic Incident Case 1 | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of actual domestic cases, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 12 | Case 2 Domestic Incident Case 2 | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of actual domestic cases, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 13 | Case 3: Foreign Incident Case | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of cases that have actually occurred overseas, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 14 | Completion presentation | The student makes a presentation to demonstrate the results of his or her previous study in response to a given assignment. But if there are a lot of students, they may turn it into a report. |
Study advice (preparation and review)
In order to obtain a higher level of learning effect, it is recommended that the participants refer to the relevant parts of the handouts, reference books, etc., and prepare for and review the course content for approximately 60 minutes.
Textbook(s)
Textbooks will not be used in this course.
Reference books, course materials, etc.
References will be announced in the classes.
Evaluation methods and criteria
The assessment method is the percentage of correct answers on a quiz to check your understanding of the lesson. A presentation or report evaluation to be given on completion. In addition, consider attendance and participation (active and constructive speech and listening to what others say). These factors are combined for a comprehensive evaluation.
Related courses
- XCO.T473 : Foundation of Cybersecurity
- XCO.T474 : Theory of Cryptography for Cybersecurity
- XCO.T475 : Attack and Defense on Cybersecurity I
- XCO.T476 : Attack and Defense on Cybersecurity II
- XCO.T477 : Attack and Defense on Cybersecurity III
Prerequisites
There is no knowledge, skills or subjects taken as a condition for taking the course. A basic knowledge of computer science concepts and networks will help you understand them.
Contact information (e-mail and phone) Notice : Please replace from ”[at]” to ”@”(half-width character).
keisuke[at]is.titech.ac.jp
Office hours
Appointment by e-mail is required.