Next start:
11.01.2024

CAS Cybersecurity and Information Risk Management (CISSP/BSI/ISO/NIST)

Certified competence to prevent attacks and protect assets

Key data

Degree: CAS
ECTS points: 15
Duration: 3 months
School days: 16
Place: Online
Price: CHF 7'500

Safety first! Cyber-attacks, information security and risk management are top issues for management. Today, the protection of digital assets (information, company, and personal data) is business critical. Therefore, cybersecurity strategies, security awareness campaigns and comprehensive information security management are necessary tools for managers in the IT environment.

IT security is a growing market in IT. This course offers IT professionals and career changers the opportunity to expand their skills around cybersecurity in a targeted manner. Our classes are characterised by a mix of IT and business IT specialists as well as people with a legal background, board members, consultants, and auditors. In addition to a solid technical foundation, you will gain a broad overview of security and risk management, law, awareness campaigns and cybersecurity. Furthermore, you will apply this knowledge to a project and thus receive a template for the implementation in your company/organisation.

Upon successful completion of the course, you will receive:

FHNW Certificate CAS Cybersecurity and Information Risk Management
ISO 27001 Foundation Certificate
General preparation for Cybersecurity challenges and examination (e.g. CISSP)
Compact knowledge ISO, BSI and NIST

Graduates will be able to...

create and implement a security framework
conduct and document a standards-based information security audit
collect and evaluate a risk analysis around information security and propose appropriate measures
understand the overarching context of information security and apply it to new technologies
design and implement awareness campaigns
name and classify the basics of BSI, ISO 27001 as well as NIST
take the ISO 27001 certification (validity: unlimited)
describe and explain relevant security technologies (required for the CISSP exam)
assess different levels of protection needs
allocate the types of security organisation and security architecture
describe the structure of public key infrastructures/directory services
classify data protection aspects and management responsibilities around information security

In this course you will receive a complete template for a security framework. The systematic approach, the legal framework and the practical implementation are shown in a structured and holistic way. In short: The course will equip you in the field of technology and management of cybersecurity. The acquired knowledge is directly implemented in a sample company.

Systematics according to ISO/IEC 27001 and ISO/IEC 19011
ISO/IEC Foundation examination (ISFS)
Structure and foundation of the NIST Framework
BSI Information Security Framework with the basics of an audit methodology
Threats and dangers, security guidelines and standards
Physical security and business continuity strategies
Risk analyses according to CISSP, industrial espionage, social engineering
Mobile communication, VoIP and CISSP, WLAN/telephone/Bluetooth security
Preparation for the international CISSP certification examination
Security Models, System Security Architecture, Identity & Access Control
Application Security: Business Processes, Web Security, Web Architectures
Infrastructure: Perimeter Security, TCP/IP Protocol Architecture
Cryptology: cryptoanalysis, steganography, applications
Crisis management, disaster recovery concepts
Security awareness: training concepts, campaigns, corporate culture
Contract law in the IT environment, data protection and DSGVO

IT professionals, IT managers
IT security and data protection officers
Auditors, controllers, lawyers with a focus on IT
IT business consultants, IT sales consultants with a focus on security

Sectors: Banks, insurance companies, hospitals, pharmaceuticals, logistics, service providers, media, telecommunications, IT outsourcers, software development, local authorities, federal authorities, NPO/NGO, SME, industry.

Am I eligible to apply, if I am not a Swiss citizen?
Yes, you are eligible to apply. This course is designed for an international audience.

When do I need to apply?
It is best to apply at least two months before the start date. You can reserve a place without obligation. We will contact you as soon as the last five places are allocated.

Do I have to pay any fees when applying?
No. There are no further fees.

Will the classes be live or pre-recorded?
Our classes are always live. You can find the current timetable on our website. Classes are usually held from 9 a.m. to 7 p.m. with one hour for lunch. Additionally, you will be able to use LinkedIn Learning with your FHNW-email. There are a number of supportive video-classes that we recommend.

Do I need an English fluency test?
If you work in an English-speaking environment and can follow English videos on information technology topics, you do not need to take an English fluency test.

Are your classes coding-oriented?
The classes focus on organising and leading cybersecurity in international organisations, not on coding.

Do the assignments consist more of essays or multiple-choice questions?
The exam includes the creation and presentation of a security framework with these steps: Audit, Analysis, Strategy, Design, Roadmap and Recommendation to Management Entities.