Course Contents
In the event of a cyber incident like a Distributed Denial of Service (DDoS) attack, widespread malware infection, or data breach, organisations must act swiftly to continue or restore operations and maintain stakeholders' trust. This course delves into the concepts of decision-making in preparation and response to cyber incidents.
The focus in this course will be rational decision-making. Rational here means that the investments made and the measures taken should be both effective and efficient. As we will discuss quite some regularly taken measures aimed to improve cyber security have no proven proportionality.
We will use the concept of the safety chain to help determine what investments in preparation are effective and efficient.
Another core concept is the use of resilience in organizations. We discuss three interrelated concepts: a resilient cyber decision-making process, a resilient cyber decision, and a cyber resilient performance. As we will show the relationship between three concepts is not trivial. Drawing on the principles of naturalistic decision-making (NDM), we demonstrate that a resilient cyber decision-making process during cyber incidents requires anticipation of and overcoming inherent flaws in decision-making, which, while theoretically feasible, proves challenging for professionals under severe time constraints and uncertainty.
The course will furthermore rely on interaction of the students with their host-organization, for which the students will write an advice on proportional cyber security policies (see ‘examinierung’), so the students get an insight on practical cyber security.
Expected Number of Participants
max. 40
Further Information
[url]https://cipr.peasec.de[/url]
Additional Information
There will physical and online colleges, as well as an advice to be written.
The course will start with a two-day intensive and immersive session during which the basics of the governance of safety and security are covered. This will be the base for the specific course content on cyber incident preparation and response.
During the semester there will be weekly on-line colleges during which specific themes are covered, and the exam-advice development (see below under ‘Examinierung’) will be discussed.
Guest lectures will be given by o.a. dr. Jelle Groenendaal, o.a. former senior IT-security advisor with an international operating Dutch-based bank whose work will be part of the literature studied. This will give students the chance to interact with ‘reflective practitioners’ on the domain.
The course will end as it begins, that is with a two-day session in which the concept of the exam advice will be presented (this will be a base for the grades), discussed and whenever necessary improved.
Students must be present during the two-day sessions and during 90% of the online lectures as there will be no recordings due to the sometimes confidential content shared.
In the event of a cyber incident like a Distributed Denial of Service (DDoS) attack, widespread malware infection, or data breach, organisations must act swiftly to continue or restore operations and maintain stakeholders' trust. This course delves into the concepts of decision-making in preparation and response to cyber incidents.
The focus in this course will be rational decision-making. Rational here means that the investments made and the measures taken should be both effective and efficient. As we will discuss quite some regularly taken measures aimed to improve cyber security have no proven proportionality.
We will use the concept of the safety chain to help determine what investments in preparation are effective and efficient.
Another core concept is the use of resilience in organizations. We discuss three interrelated concepts: a resilient cyber decision-making process, a resilient cyber decision, and a cyber resilient performance. As we will show the relationship between three concepts is not trivial. Drawing on the principles of naturalistic decision-making (NDM), we demonstrate that a resilient cyber decision-making process during cyber incidents requires anticipation of and overcoming inherent flaws in decision-making, which, while theoretically feasible, proves challenging for professionals under severe time constraints and uncertainty.
The course will furthermore rely on interaction of the students with their host-organization, for which the students will write an advice on proportional cyber security policies (see ‘examinierung’), so the students get an insight on practical cyber security.
Expected Number of Participants
max. 40
Further Information
[url]https://cipr.peasec.de[/url]
Additional Information
There will physical and online colleges, as well as an advice to be written.
The course will start with a two-day intensive and immersive session during which the basics of the governance of safety and security are covered. This will be the base for the specific course content on cyber incident preparation and response.
During the semester there will be weekly on-line colleges during which specific themes are covered, and the exam-advice development (see below under ‘Examinierung’) will be discussed.
Guest lectures will be given by o.a. dr. Jelle Groenendaal, o.a. former senior IT-security advisor with an international operating Dutch-based bank whose work will be part of the literature studied. This will give students the chance to interact with ‘reflective practitioners’ on the domain.
The course will end as it begins, that is with a two-day session in which the concept of the exam advice will be presented (this will be a base for the grades), discussed and whenever necessary improved.
Students must be present during the two-day sessions and during 90% of the online lectures as there will be no recordings due to the sometimes confidential content shared.
- Lecturer: Ira Helsloot
- Lecturer: Christian Reuter
Semester: ST 2026
Jupyterhub API Server: https://tu-jupyter-t.ca.hrz.tu-darmstadt.de