2025 (Current Year) Faculty Courses School of Computing Major courses
Cybersecurity Governance
- Academic unit or major
- Major courses
- Instructor(s)
- Keisuke Tanaka / Masayuki Mamiya
- Class Format
- Lecture/Exercise
- Media-enhanced courses
- -
- Day of week/Period
(Classrooms) - Class
- -
- Course Code
- XCO.T478
- Number of credits
- 110
- Course offered
- 2025
- Offered quarter
- 4Q
- Syllabus updated
- May 29, 2025
- Language
- Japanese
Syllabus
Course overview and goals
With the advanced use of information and communications technology involving the internet, cybersecurity threats have become increasingly serious. Cyber attacks continue to have a serious impact on society, and the damage caused to society by the leakage of personal information and intellectual property due to cyber attacks is immeasurable. Despite the importance of the cybersecurity field, there is currently a significant shortage of human resources.
In response to such social needs, Tokyo Institute of Technology, the predecessor of Institute of Science Tokyo, has launched Progressive Graduate Minor in Cybersecurity in April 2016. In this minor, students will learn the practical aspects of cybersecurity, in collaboration with NRI as core, Rakuten, NTT, and AIST, and at the same time acquire knowledge of the theoretical background by taking advantage of the strengths of the theoretical field, which is a distinctive feature of the information and communication research field at Institute of Science Tokyo.
The curriculum consists of the following six courses as core, offered at School of Computing.
Foundation of Cybersecurity (1Q, 2-0-0)
Theory of Cryptography for Cybersecurity (3Q, 2-0-0)
Cybersecurity Governance (4Q, 1-1-0)
Attack and Defense on Cybersecurity I (2Q, 1-1-0)
Attack and Defense on Cybersecurity II (2-3Q, 1-1-0)
Attack and Defense on Cybersecurity III (4Q, 1-1-0)
This course aims to provide an understanding of the fundamental frameworks for information security management measures and to equip students with methods for corporate governance that take security into account.
Course description and aims
By completing this lecture, the following are understood and the way of thinking is acquired.
1)You will understand the management framework for information security
2)You will be able to understand the specific security measures for corporate governance
3)You will be able to plan for information security
4)You will be able to make recommendations, support and report to management.
Student learning outcomes
実務経験と講義内容との関連 (又は実践的教育内容)
The lecturer will deliver a practical lecture on cybersecurity governance based on experience in information security management gained in the private sector and expertise developed as a cybersecurity auditor in a government agency.
Case studies will utilize the case method. Using real incidents handled by the lecturer as teaching materials, students will actively engage in discussions to develop practical skills, exploring questions such as “What should a CISO be like?” and “How should staff support the CISO?”
Keywords
Security, Information Security, Cybersecurity, Governance, Incident Handling, Risk Management, IoT, Information Security Audit, Zero Trust, Proactive Cyber Defense, National Security, CISO, Cybersecurity Framework, Case Method
Competencies
- Specialist skills
- Intercultural skills
- Communication skills
- Critical thinking skills
- Practical and/or problem-solving skills
- By completing this course, participants will acquire broad and practical knowledge and perspectives necessary for cybersecurity governance.
Class flow
The course will be conducted through lectures, dialogues, group discussions, and the case method. In the case method, students will conduct their own research and analysis, and the class will proceed through discussions between the instructor and students.
Course schedule/Objectives
| Course schedule | Objectives | |
|---|---|---|
| Class 1 | Orientation, the basic idea of cybersecurity governance | Students will understand the framework needed to think about cybersecurity governance. |
| Class 2 | Our country's Cybersecurity Environment and Initiatives | Students will gain an understanding of the cybersecurity environment surrounding our country, as well as public and private initiatives and national security. |
| Class 3 | "Organization and rules" for cybersecurity governance | Students will understand how to build the organizations, rules and institutions that are prerequisites for establishing cybersecurity governance. In addition, students will understand psychological factors, human resources and labor, and public relations activities that should be kept in mind when managing group companies and overseas offices, and managing information security. |
| Class 4 | ”Education and training" for cybersecurity governance | Students will understand the education and training required to establish cybersecurity governance. Students will also understand how to secure and develop advanced security personnel. |
| Class 5 | "Technology and equipment" for cybersecurity governance | Students will understand the technical measures and facilities needed to establish cybersecurity governance. |
| Class 6 | "Audit and inspection" for cybersecurity governance | Students will understand the audits and inspections required to establish cybersecurity governance. In addition, think about utilizing the results of audits and inspections, and understand the development of information security response plans and risk control. |
| Class 7 | Embedded Systems and Cybersecurity Governance | In recent years, numerous industrial devices and vehicles have been connected to the Internet and enabled to exchange information with each other, a system known as the Internet of Things (IoT), which has been widely implemented in practice. These systems often incorporate sensors and actuators, giving them functionality as control systems. This course aims to develop an understanding of the characteristics of embedded systems, their cybersecurity vulnerabilities, and corresponding countermeasures. |
| Class 8 | Healthcare Systems and Cybersecurity Governance | Students will understand the characteristics of healthcare systems and their cybersecurity vulnerabilities and countermeasures. |
| Class 9 | Cybersecurity governance essentials and CISO qualities | Students will understand the requirements needed to establish cybersecurity governance and the qualities and capabilities required of a CISO. Students also understand the qualities and abilities expected of the staff who support CISOs. |
| Class 10 | Responding to and managing information security incidents | Students will understand how to handle information security incidents. |
| Class 11 | Case 1 Domestic Incident Case 1 | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of actual domestic cases, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 12 | Case 2 Domestic Incident Case 2 | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of actual domestic cases, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 13 | Case 3: Foreign Incident Case | Using actual incident cases as teaching materials, the CISO will discuss with the participants and instructors to come up with the best course of action. It also understands what people and organizations did until the worst happened and why they make poor decisions. Through the analysis of cases that have actually occurred overseas, the theory and practice learned so far are linked. In addition, since there is often no single solution to a problem, it is possible to enrich one's own knowledge from multiple perspectives, experiences, and perspectives of others. |
| Class 14 | Completion presentation | The student makes a presentation to demonstrate the results of his or her previous study in response to a given assignment. But if there are a lot of students, they may turn it into a report. |
Study advice (preparation and review)
In order to obtain a higher level of learning effect, it is recommended that the participants refer to the relevant parts of the handouts, reference books, etc., and prepare for and review the course content for approximately 60 minutes.
Textbook(s)
Textbooks will not be used in this course.
Reference books, course materials, etc.
References will be announced in the classes.
Evaluation methods and criteria
The assessment method is the percentage of correct answers on a quiz to check your understanding of the lesson. A presentation or report evaluation to be given on completion. In addition, consider attendance and participation (active and constructive speech and listening to what others say). These factors are combined for a comprehensive evaluation.
Related courses
- XCO.T473 : Foundation of Cybersecurity
- XCO.T474 : Theory of Cryptography for Cybersecurity
- XCO.T475 : Attack and Defense on Cybersecurity I
- XCO.T476 : Attack and Defense on Cybersecurity II
- XCO.T477 : Attack and Defense on Cybersecurity III
Prerequisites
There is no knowledge, skills or subjects taken as a condition for taking the course. A basic knowledge of computer science concepts and networks will help you understand them.
Contact information (e-mail and phone) Notice : Please replace from ”[at]” to ”@”(half-width character).
keisuke[at]comp.isct.ac.jp (Contact us via Slack direct message)
Office hours
Appointment by Slack direct message is required.