The ISiS Elective Package consists of three Bachelor courses, intended for and accessible to all TU/e Bachelor students
(no prior knowledge required). This package will provide a broad introduction to Information Security,
from the perspective of an individual person’s (employee’s) needs and responsibilities. It is to be expected that
engineers in their future work environments will encounter digital fraud, integrity issues and legal issues related
to digital information.
Quite recently PRISM and related spying programs get a lot of media attention. A large foreign power is not only
massively intercepting digital communications all over the world, but also influences companies and other
organizations to deliberately weaken information security in products. Phishing techniques are widely used
by criminal organizations to rob citizens of their digitally stored money. Privacy seems not to exist
anymore: large companies ask customers to give up their private data in exchange for small benefits.
Companies are more and more held accountable for their information security policies and incidents. And since
companies are as strong as their employees, responsibility of individual employees for the company information
security becomes more and more important.
In all three courses Information Security will be viewed from both technical and societal
perspectives. In this package the following disciplines come together:
The basics of the technical disciplines as well as the basic societal and legal knowledge will be introduced in the
first two courses. These topics will be taught in a problem-oriented approach, where the problems will be derived
from the need for a personal / professional Information Security Roadmap, and will be viewed from different
- digital security engineering,
- risk theory,
Upon completion of the package the student will have learned to design and implement his own "Information Security
Roadmap". This roadmap (or policy, or plan) is a personal document, developed by the student on the basis of
knowledge gathered throughout projects in the three courses that is shared between the students. The roadmap
enables the student / future professional to take effective measures for protecting his own digital
privacy and for dealing with digital information according to high standards of integrity, both in his personal and
professional life. The student will get a sufficient awareness and a proper understanding of the main technological
and legal aspects of digital security and will get familiar with available programs and solutions. In addition,
the student will get acquainted with the social psychology of trust. The student has learned to share this knowledge
and to use it in practical situations.
- 2AC10 - Information Security Basics
- Information Security Basics
- Risk Theory
- Cryptography in Real Life
- Crypto Law
- 2AC20 - Digital Security Engineering
- Digital Security
- International, Penal and Civil Law
- 2AC30 - Information Security Roadmap Engineering
The overall objective of the package is to let the student develop a personal Information Security Roadmap.
This roadmap will be developed in three stages.
The first two courses lay the foundation of knowledge and competences, i.e. the basics of Information
Security Engineering, in particular basics and applied cryptography, computer security and law. In the first course
a framework for the roadmap will be set up, and the technical and legal details - as far as they were covered in the
first course - will be filled in. In the second course this will be expanded by system level security aspects and
general penal and civil law aspects.
The third course is an OGO course in which the acquired basic knowledge is further applied and integrated in fully
developing a detailed personal Information Security Roadmap for use in both a personal and a professional environment.
Such a roadmap not only describes environmental (e.g. legal) constraints, operational rights and duties and intended
behavior of the individual, but also contains a concrete plan of security measures and their technical realization.
Reporting to lecturers and fellow students is supported by the Wiki, which will play an important role in all three
The first course has course level 1 ("basic"), the second one has course level 2 ("intermediate"), and the third
course is a level 3 course ("advanced").
The first two courses will consist of lectures presenting the main line of the course and introducing the basics of
the different topics, and students working in small groups on projects, working out many details by themselves.
Reporting to other groups and the classroom is done via a Wiki. Such a Wiki builds up a base of acquired knowledge
for the whole class. Technology and law subjects are taught intertwined, so that the same problems are viewed from
different angles at about the same time. Student projects integrate the different views. Time for basics is equally
divided over the three topics basics+cryptography, computer security, law and social psychology.
The third course will consist of only a few plenary meetings with a.o. guidelines and student presentations, while
most of the time students work in small groups or individually on projects, supervised by lecturers from all three
involved groups. Students communicate between themselves and with lecturers mainly via the Wiki, which in this course
is further expanded.
The course material will be developed in English as much as possible. As the legal parts will naturally treat mostly
Dutch law, for these parts most reading material will inevitably be in Dutch. For non-Dutch speaking students
alternatives in English will be provided. Teaching will in principle be done in English.
One of the lasting outcomes of each course will be a Wiki filled with a body of common knowledge gathered by individual
students / student groups, and that is available for all students, also for the subsequent courses and years.
Students who choose to follow only the second or third course can use this for quickly reaching the required
Each class will (further) develop a Wiki on the subjects covered during the course. At the start of the course groups
of students will be assigned a topic/chapter. Four weeks into the course the individual ‘chapters’ will be put together
in one Wiki. From then on there is a group responsibility to really develop group/class knowledge inside the Wiki.
The Wiki setup will easily enable a student peer review system and students are expected to interact on their chapters
after the initial writing phase. The students should have gathered a sufficiently wide and deep common base of
knowledge in the Wiki to enable students to start developing their own individual Information Security Roadmap.
The finalized Wiki will be available only for the students following the package in one year.
During all three courses guest speakers from outside the university will be invited to give "Open Lectures".
The Open Lectures are mandatory for students following the package. Students can be asked to make explicit how an
Open Lecture contributed to his course work. The Open Lectures are open for all other interested students and staff,
and will be advertised within the TU/e community.
Examination for the first two courses consists of written tests on the basic knowledge topics (assessed by the topic
experts) and assessing the mentioned student projects.
Examination for the OGO course is done entirely by assessing the Wiki contributions, the delivered Information Security Roadmaps, and the student presentations. It involves lecturers from all three groups.
Quarter 2 (nov - jan): Course 1 - 2AC10 - Information Security Basics
Quarter 3 (feb - apr): Course 2 - 2AC20 - Digital Security Engineering
Quarter 4 (apr - jun): Course 3 - 2AC30 - Information Security Roadmap Engineering
This package is a cooperation of
- Technology, Innovation & Society @ Industrial Engineering & Innovation Sciences
(prof. Jan Smits).
- Coding and Crypto @ Mathematics (dr. Benne de Weger),
- Security @ Computer Science (dr. Boris Škorić),