Security OT underexposed
In order to provide a good answer to these questions, Avans University of Applied Sciences and ICT Group have worked together to completely revise the existing Cyber Security module. One of the most significant additions is the focus on the OT environment, the Operational Technology. This includes the automation of the (industrial) production environment with machines and robots. OT often remains underexposed in cyber security, even though this is the domain with the highest risk factor. Avans’ Maurice van Haperen and Marco Rijkschroeff and Pascal Maus of ICT Group’s Industrial Cyber Security unit explain the main issues.
Cyber security from the shop floor
Maurice: "The demand for experience-based expertise in the domain of cyber security is huge, and this is why we want to offer a module in which we cooperate with cyber security professionals with specific domain experience. ICT Group is already providing courses at Avans and, what’s more, they are experts in cyber security, so it's the perfect opportunity for collaboration. Our thinking has made a shift and we now work from the perspective of the field itself. This also makes the module suitable for software engineers as well as consultants, who have their own specific set of tasks to fulfil, but who also have to work together. Cyber security truly is a joint effort."
Marco: "We focus on the technical aspects of cyber security as well as the business aspects. That's absolutely necessary, because both aspects offer plenty of opportunities to improve your cyber security. The NIST cyber security framework constitutes the common thread for the module. The framework is based on a universal enterprise architecture that fits in with any organisation, which means that you’ll always address issues that occur in your own business situation. "
"In order to optimise the preparation of students for their step into the business world, ICT Group considers cooperation with trainers crucial. This co-creation with Avans shows how we can bring work and education together."
- Erwin Pouwels, Director Strategic Alliances ICT Group and initiator of the collaboration with Avans
Every IT professional is already implementing cyber security
How do you make sure you are complete? This is the big question for every organisation. Marco: "Every IT professional is already implementing cyber security, but the question is: are you doing enough, and is there anything else you can do? Complete prevention from being hacked is an illusion, so make sure you’re prepared! This module deals with a complete range of aspects, from prevention to recovery following an incident. We also discuss the practical side, such as carrying out a risk analysis and using ethical hacking, plus we take an in-depth look at how attackers operate. How do you ensure that you are taking the right basic measures (cyber hygiene), and how do you use standards such as ISO27001 and the IEC/ISA62443 industry standard? And how do you deal with vulnerabilities in IT or OT? We provide participants with insight into what they get to see and what this means. In short, we create a foundation that will enable participants to take a deep dive and find out relevant details for themselves."
From the shop floor
Pascal: "We especially want to show the breadth of the cyber security profession. That's why we've also added the OT environment. A lot of cyber security focuses on the IT side, because that's where most of the experience is. However, OT is of crucial importance for business operations in industry and critical infrastructure. The problems soon become incalculable when a factory is brought to a standstill. That’s what we want to show in this module. Where are the vulnerabilities, and how significant are the consequences? Once you have a clear view of these aspects, you can work on solutions to improve cyber security. Our expertise and experience gained on the actual shop floor allows us to share a wealth of relevant know-how during the course. And that's not only IT-related. "
Full breadth of the field
"You also have to take a closer look at your organisation, your processes and your procedures. There’s a good reason why Security by Design is part of the training programmes. It enables you to create a preventive foundation with a guaranteed pay-off, and you’ll build on this foundation with IT-related solutions. We teach you to think and act from the continuity of your business and let you experience the profession in its full breadth. Our collaboration with Avans allows us to combine their educational guidance with our expertise in the domain of cyber security. Perfect for anyone who wants to develop and advance in this profession."
Cyber Security module
The Cyber Security module is part of the Avans part-time programmes in Informatics and Business IT & Management. But you can also follow this module as a separate course! The total duration of this course is 10 weeks. You follow the lessons online, physically at school (afternoon + evening) and make assignments in your own workplace.
The course is based on a case study of a water authority. You will conclude the course with an advisory report that focuses on the IT and OT cyber security of your own organisation. This year, the course will commence in the beginning of November.
Click here for more information (only available in Dutch): https://www.avans.nl/studeren/cursussen/cybersecurity