Introduction

The ISiS Elective Package consists of three Bachelor courses, intended for and accessible to all TU/e Bachelor students (no prior knowledge required). This package will provide a broad introduction to Information Security, from the perspective of an individual person’s (employee’s) needs and responsibilities. It is to be expected that engineers in their future work environments will encounter digital fraud, integrity issues and legal issues related to digital information.
Quite recently PRISM and related spying programs get a lot of media attention. A large foreign power is not only massively intercepting digital communications all over the world, but also influences companies and other organizations to deliberately weaken information security in products. Phishing techniques are widely used by criminal organizations to rob citizens of their digitally stored money. Privacy seems not to exist anymore: large companies ask customers to give up their private data in exchange for small benefits. Companies are more and more held accountable for their information security policies and incidents. And since companies are as strong as their employees, responsibility of individual employees for the company information security becomes more and more important.
In all three courses Information Security will be viewed from both technical and societal perspectives. In this package the following disciplines come together: The basics of the technical disciplines as well as the basic societal and legal knowledge will be introduced in the first two courses. These topics will be taught in a problem-oriented approach, where the problems will be derived from the need for a personal / professional Information Security Roadmap, and will be viewed from different disciplinary viewpoints.

Learning objectives

Upon completion of the package the student will have learned to design and implement his own "Information Security Roadmap". This roadmap (or policy, or plan) is a personal document, developed by the student on the basis of knowledge gathered throughout projects in the three courses that is shared between the students. The roadmap enables the student / future professional to take effective measures for protecting his own digital privacy and for dealing with digital information according to high standards of integrity, both in his personal and professional life. The student will get a sufficient awareness and a proper understanding of the main technological and legal aspects of digital security and will get familiar with available programs and solutions. In addition, the student will get acquainted with the social psychology of trust. The student has learned to share this knowledge and to use it in practical situations.

Content

Setup

The overall objective of the package is to let the student develop a personal Information Security Roadmap. This roadmap will be developed in three stages.
The first two courses lay the foundation of knowledge and competences, i.e. the basics of Information Security Engineering, in particular basics and applied cryptography, computer security and law. In the first course a framework for the roadmap will be set up, and the technical and legal details - as far as they were covered in the first course - will be filled in. In the second course this will be expanded by system level security aspects and general penal and civil law aspects.
The third course is an OGO course in which the acquired basic knowledge is further applied and integrated in fully developing a detailed personal Information Security Roadmap for use in both a personal and a professional environment. Such a roadmap not only describes environmental (e.g. legal) constraints, operational rights and duties and intended behavior of the individual, but also contains a concrete plan of security measures and their technical realization.
Reporting to lecturers and fellow students is supported by the Wiki, which will play an important role in all three courses.
The first course has course level 1 ("basic"), the second one has course level 2 ("intermediate"), and the third course is a level 3 course ("advanced").

Teaching formats

The first two courses will consist of lectures presenting the main line of the course and introducing the basics of the different topics, and students working in small groups on projects, working out many details by themselves. Reporting to other groups and the classroom is done via a Wiki. Such a Wiki builds up a base of acquired knowledge for the whole class. Technology and law subjects are taught intertwined, so that the same problems are viewed from different angles at about the same time. Student projects integrate the different views. Time for basics is equally divided over the three topics basics+cryptography, computer security, law and social psychology.
The third course will consist of only a few plenary meetings with a.o. guidelines and student presentations, while most of the time students work in small groups or individually on projects, supervised by lecturers from all three involved groups. Students communicate between themselves and with lecturers mainly via the Wiki, which in this course is further expanded.
The course material will be developed in English as much as possible. As the legal parts will naturally treat mostly Dutch law, for these parts most reading material will inevitably be in Dutch. For non-Dutch speaking students alternatives in English will be provided. Teaching will in principle be done in English.

Wiki

One of the lasting outcomes of each course will be a Wiki filled with a body of common knowledge gathered by individual students / student groups, and that is available for all students, also for the subsequent courses and years. Students who choose to follow only the second or third course can use this for quickly reaching the required starting level.
Each class will (further) develop a Wiki on the subjects covered during the course. At the start of the course groups of students will be assigned a topic/chapter. Four weeks into the course the individual ‘chapters’ will be put together in one Wiki. From then on there is a group responsibility to really develop group/class knowledge inside the Wiki. The Wiki setup will easily enable a student peer review system and students are expected to interact on their chapters after the initial writing phase. The students should have gathered a sufficiently wide and deep common base of knowledge in the Wiki to enable students to start developing their own individual Information Security Roadmap.
The finalized Wiki will be available only for the students following the package in one year.

Open Lectures

During all three courses guest speakers from outside the university will be invited to give "Open Lectures".
The Open Lectures are mandatory for students following the package. Students can be asked to make explicit how an Open Lecture contributed to his course work. The Open Lectures are open for all other interested students and staff, and will be advertised within the TU/e community.

Assessment

Examination for the first two courses consists of written tests on the basic knowledge topics (assessed by the topic experts) and assessing the mentioned student projects.
Examination for the OGO course is done entirely by assessing the Wiki contributions, the delivered Information Security Roadmaps, and the student presentations. It involves lecturers from all three groups.

Schedule

Quarter 2 (nov - jan): Course 1 - 2AC10 - Information Security Basics
Quarter 3 (feb - apr): Course 2 - 2AC20 - Digital Security Engineering
Quarter 4 (apr - jun): Course 3 - 2AC30 - Information Security Roadmap Engineering

Responsible groups

This package is a cooperation of