Information Security Management
──
Information Security Management
This course introduces the principles, frameworks, and practices required to manage risk and protect organisational information assets in a structured, governance-driven way. Students gain a thorough grounding in the CIA triad, security policy, defence-in-depth, and the role of cybersecurity culture, before progressing to industry-standard frameworks including ISO/IEC 27001, the NIST Cybersecurity Framework, and DORA. The course covers risk identification, assessment methodologies, and control implementation, alongside supply chain security and the challenges of real-world data breach scenarios. Combining interdisciplinary knowledge with practical application, it prepares graduates for cybersecurity governance and risk management roles in both Greek and international organisations.
Main Topics
- Introduction to Information Security Management
- Information Security Management Frameworks
- Building a cybersecurity culture
- Risk identification – Threat modelling
- Risk identification – Vulnerability assessment
- Risk analysis and evaluation
- Contingency planning
General Competences
The General Competences that students should have acquired include:
- Search for, analysis and synthesis of data and information, with the use of the necessary technology
- Decision-making
- Working independently
- Team work
- Production of free, creative and inductive thinking
- Thinking out of the box
Skills
Upon completion of the course, students are expected to be able to:
- Develop an organisation’s cybersecurity risk management strategy
- Apply risk assessment methodologies to identify assets, threats, vulnerabilities, and assess risks in a given organizational context
- Apply threat modeling techniques to identify potential cyber threats Create security policies tailored to specific threats and vulnerabilities and aligned to best practices
- Design awareness-raising activities, contributing to the development of an organizational cybersecurity culture
- Create a personal development plan to pursue a career in cybersecurity, informed by professional frameworks such as the ENISA ECSF
Knowledge
Information Security Management introduces students to the principles, frameworks, and practices necessary to manage risks and protect organizational information assets. The course covers fundamental concepts and practices that are applied in cybersecurity governance, with a focus on risk management and assessment methodologies. Students will learn how to apply structured approaches to identify and manage risks, implement effective controls, and foster a strong cybersecurity culture.
The program is structured to integrate contemporary interdisciplinary knowledge with effective and efficient application, aiming to equip students with skills essential for the modern job market in Greece and internationally, thus enhancing their career prospects.
Upon successful completion of this course students will be able to:
- Explain the importance of cybersecurity governance
- Describe the steps and objectives of the risk assessment process
- Specify key terms, e.g., threats, vulnerabilities, threat actors, risk
- Select threat modeling techniques to identify potential cyber threats
- Discuss the effectiveness of various risk treatment strategies and justify the selection of appropriate security controls based on industry standards
- Identify key challenges to establish a strong organizational cybersecurity culture
Competences
Students will be able to:
- Lead enterprise risk-management initiatives and justify risk-treatment plans to senior leadership.
- Contribute to incident-response, business-continuity and disaster-recovery planning.
- Promote and contribute to the development of an organizational cybersecurity culture.
- Interpret and apply data protection and privacy principles, ensuring organizational practices comply with regulatory frameworks such as the GDPR.
- Demonstrate professional responsibility by coaching teams toward their professional growth