Booster program: Cybersecurity

How can I understand and manage cybersecurity in my company?

> Target audience  - Key benefits  - Key topics  - Meet the staff

Cybersecurity is a threat to every business. Nowadays, hackers entertain a broad range of interests and many companies prove to be attractive targets for hackers in some shape or form. Realistic scenarios are: industrial espionage; theft of customer or employee data; safety implications of bad cybersecurity on the workshop floor or inside a smart product; financial market manipulation; business process disruption or business data deletion; and industrial sabotage of production processes or products. And with offense still outpacing defense, many of those threats pose potential catastrophic consequences.

Managing the problem is a necessity. Cybersecurity is a highly complex issue from the management perspective. Some of the problems a manager faces in this field are: getting the risk-assessment right; locating the risk in the right parts of the system; formulating and verifying demand and specifications; knowing which technology partners to trust; how to evaluate system vulnerabilities, a security unit, or product; how to hire good security experts, and how to act during an incident.

This English language program provides decision-makers with a set of tools and methods to understand the nuts and bolts and implications of cybersecurity and to manage the problem effectively and responsibly.

 

Target audience

Executives across industries interested in understanding and managing cybersecurity in their company.

 

Key benefits

  • understand cybersecurity from a management perspective and in a systematic and strategic way
  • identify and sort all relevant tasks
  • understand all options, limits and conditions
  • employ methods to achieve better security decisions
  • make more-informed decisions when entering into the industry 4.0 paradigm

 

Key topics

Understanding cybersecurity and industrial cybersecurity

  • The sources of insecurity: software vulnerabilities and extensive networks
  • Old cybersecurity: DDoS, botnets, petty criminals
  • New cybersecurity: NSA, industrial espionage, organized crime
  • “Junk hacking” and industrial cybersecurity


Cyber risk-assessment

  • Risk scenarios and location
  • Types of attackers
  • Understanding software vulnerabilities
  • Modeling dependencies
  • Understanding exposures


Cybersecurity management

  • Elements and procedures of a cyber strategy
  • Translating risk to demand to specs
  • Raising awareness on the necessary levels
  • Security as a part of overall technology acquisition
  • Creating human resources
  • Organizing your security unit
  • Gaps and limits of security technologies
  • Insurances
  • Achieving cyber readiness
  • Confronting residual risk
  • Incident management
  • Liability and compliance
  • Legal conditions
  • Forming alliances on info-sharing and acquisition

 

Meet the teaching staff

 

Dr. Sandro Gaycken (PROGRAM DIRECTOR)

Dr. Sandro Gaycken is the director of the Digital Society Institute, a strategic research institute for digital topics of the German DAX-companies at ESMT.

Sandro is a technology- and security-researcher, exploring the nexus of digital technology, economies and politics. Sandro’s research focus is on cyberwarfare, cyberdefense, cyberintelligence, and high security IT. He is a strong advocate of disruptive innovation and regulation in IT-security, proposing to solve the more high-end cyber problems through high security IT concepts from computer science. He employs a range of industrial policies and economically beneficial market and investment strategies to overcome persistent market and policy failures.

Sandro has published more than 60 articles and books on his topics, regularly writes op-eds in leading newspapers and has authored official government publications. He is a fellow of Oxford university’s Martin College, in the working group on cyberdefence and cyberintelligence, a director for strategic cyberdefense projects in the NATO SPS Program where he presently designs and implements the national cybersecurity and cyberdefense strategy for Jordan, a member of the benchmarking group for „Industrie 4.0“ standards for the German Ministry of Research BMBF, the director of the cybersecurity working group and associate fellow of the German Council on Foreign Relations (DGAP),  a senior fellow at EastWest Institute, and he serves as CTO in a German industrial effort to bring high security IT to the „Industrie 4.0“ universe.
He served in government as a strategist in the first design of a German Foreign and Security Policy on IT-matters, having been the lead-author of the Internet freedom and the cybersecurity/cyberdefense part of the policy, defining some first proposals for German Cyber Foreign Policy, and lead-authoring the first speech given by a German Minister of Foreign Affairs on Internet matters. He also served as a commentator for Germany’s position in the UN GGE work on international cybersecurity, and addressed the UNO general assembly ambassadors in New York in their first session on international cyberpeace.

He testified as a subject-matter expert in many hearings in the Bundestag and a range of ministries, provided strategic advice to NATO, UNO, OSCE, G8, EU, IAEA, and a few other governments. He has served as a principal expert witness in international court cases concerned with military cyber espionage and cyber sabotage, and is involved in other military cybercounterintelligence activities. Recently, he was involved in the construction of the No-Spy agreement between China and Germany.

Apart from government engagements, Sandro consults medium and large enterprises in the fields of IT, IT-sec and defense, serves as an advisor in one of the largest security funds, and authored eight major industry studies on strategic economic research and development in cybersecurity and cyberdefence, including an OS survey on the evolving global cyberdefence industry, a study on cloud security in banking and finance, and the development of insurance models and methodologies for the German insurance industry.

Dedicated to an informed democratic discourse, Sandro gives many public talks and takes pride in writing not only hard science, but also popular science books and articles. He also serves as a regular commentator on IT-related incidents in the press with appearances and guest reports in a number of outlets such as N24, Tagesschau, Heute Journal, Die Zeit, Handelsblatt, Financial Times, Süddeutsche Zeitung, Der Spiegel, Deutsche Welle, Wired, The Times, NBC, Vanity Fair, The Voice of Russia or Al Jazeera.