University of Wisconsin Oshkosh

Cybersecurity and Digital Risk Management Certificate

Overview

The Cybersecurity and Digital Risk Management Certificate will provide learners with foundational knowledge of Cybersecurity concepts, threats, and risk management practices to help support a more secure organizational environment. A general understanding of technology is recommended, however the coursework is designed to be approachable for all levels of learners who want to gain a better understanding of the Cybersecurity landscape.

Module Sequence

Module 1 – Introduction to Cybersecurity Concepts

Module 1: An introduction to Cybersecurity concepts In this first module, learners will be given foundational knowledge of the Cybersecurity concepts and a quick preview of what will be covered in the coursework. This module will share a brief history and evolution of information systems (with emphasis on networking, data sharing, and the Internet), cover some basic Information Technology concepts, define the terms that will be used in the course, and demonstrate why Cybersecurity is an important part of today’s organizational environment. This initial module will also underscore that while the learner will be explore technology concepts, it is not a programming or network engineering course. Instead, this certificate will prepare those working in leadership roles, with private information, or part of internal processes that interact with technology to be more educated, aware, and diligent in the areas of Cybersecurity. Some of the topics covered include:

• An introduction to networks, the Internet, email, and other technology solutions that we see in today’s organizational environments

• Defining Cybersecurity, the scope, and what it means for organizations today

• Why leaders need to be aware of how Cybersecurity impacts all areas and processes of an organization (Big Data, The Internet of Things, Automation, and Data Sharing with third parties)

• Examples of recent Cybersecurity breaches, projections, trends, and events that emphasize the importance of managing Cybersecurity

• Cultivating a holistic approach to Cybersecurity and that everyone in the organization has a role in Cybersecurity. We must educate our people, change the mindset, and develop good habits. o People o Mindset o Habits

• An introduction to NIST Cybersecurity Framework, which outlines Identifying threats, protecting our environment, detecting threats, responding to threats, and then recovering

Module 2 – Understanding the Threats

The second module will introduce learners to the various types of threats and emerging industry trends. This will not only explore technology-based risks, but also issues like physical security, managing data/information that is hosted off-site, human error, and organized criminal activity. Examples of data breaches and the tools that were used will be shared as part of the scenario-based learning. Some of the topics covered include:

• Common external Cybersecurity threats such as hacking, ransomware, viruses, hackers, and Denial of Service Attacks

• Common internal Cybersecurity threats including malicious insiders, human error, social media misuse, social engineering, and employee turnover

• Understand what outsiders are targeting

Module 3 – Managing Network, Infrastructure, and Application Security

The third module will begin to examine the development of Cybersecurity strategy that acknowledges the potential threats and what makes organizations susceptible to data breaches and data loss. This module will be the most technical as it will provide basic understanding of network routing and how data flows through an organization. Some of the topics covered include:

• Networking basics including TCP/IP, IMAP, and routing of data

• Virtual Private Networks

• Patch Management for servers and applications

• Operating software, application software, and the weaknesses of poorly written code

• Changing default settings

Module 4 – Protecting Information

The fourth module will focus on data management and protecting data. The main focus will be on the balance of making data available and convenient, while still maintaining a level of security and privacy. Some of the topics covered include:

• The types of information we protect and understanding how and where it moves throughout the organization • The formats and channels for information sharing

• CIA Triad (Confidentiality of Data, Integrity of Data, and Availability of Data)

• The role of Authentication and passwords in protecting data and private information

• The impact and ramifications of losing or exposing private information

• How long to keep data and data retention guidelines

Module 5 – Identifying, Assessing, and Mitigating Risk

Now that the learner has a basic understanding of the various threats, the coursework will explore the various risks that exist for different types of organizations. This includes both known and unknown risks as well as the legal requirements for managing risk (ie, financial firms, healthcare, and education). Learners will be exposed to a Risk Matrix, that calculates risk based on likelihood, impact, and tools that mitigate specific risks. This module will lean more towards the managerial aspects of Cybersecurity and how risks can be documented and remoted. Some of the topics covered include:

• Actively identifying the risks within our network and organizational environment

• Tools for measuring and assessing risk

• Tools for mitigating risk, which includes technical solutions, polices/guidelines, partnerships, and other risk mitigation resources

• Password and user policies
• Access Controls o Governance and oversight
• Internal Audits
• Data Loss Prevention tools
• Intrusion detection, firewalls, logs, and monitoring devices
• Third party management and vendor control

Module 6 – Responding to a Cybersecurity Breach or Incident

Even with the best tools in place, a Cybersecurity incident may occur. This module will discuss how to prepare for a breach or incident and what actions can be taken to minimize damage (both financial and reputational) to the organization. This module will also explore how data breaches or incidents should be reported, the importance of crisis communications from a managerial perspective, and documenting the incident. Some of the topics covered include:

• Initial reporting and assessment of the damage

• Tools for documenting and reporting the incident as well as managing the “kill chain”

• Preventing similar attacks

• Root cause analysis

Module 7 – Disaster Recovery Management and Business Continuity

The final module closes out with how to recover after a Cybersecurity incident has occurred. If severe damage has been done, strategies need to be in place to restore impacted data, recover applications, and repair network infrastructure. This module will also introduce learners to the criticality of continuing operations after an incident as well as the concepts of Active/Active environments. Some of the topics covered include:

• Definition of Disaster Recovery and Business Continuity

• Development, review, and testing of Disaster Recovery and Business Continuity Plans

• Recovery Time Objective (RTO) and Recovery Point Objectives (RPO)

• Data backup and restoration policies

• Maintaining multiple data centers and Active/Active environments versus Active/Passive or single hosted environments

Self-paced / timeframe 3 months access

Instructor: Dr. Brian Danzinger

Dr. Brian Danzinger brings over 20 years of Cybersecurity policy development, Risk Management, Contingency Planning, and Incident Response to the course with a passion to help learners develop a more resilient and prepared organizational environment. In addition to his Bachelor of Business Administration (BBA) in International Business and Language Area Studies from St. Norbert College, Danzinger also received his Masters of Science (MS) in Management and Organizational Behavior from Holy Family College of Manitowoc and Doctor of Philosophy (PhD) in Electronic Commerce from Northcentral University. He continued his professional development receiving a Graduate Certificate in Cybersecurity from Harvard University, Professional Certificate in Cybersecurity from Texas A&M, a Graduate Certificate of Project Leadership and System Design from Cornell University, Professional Certifications in Emergency Management and Disaster Response from Columbia University, Professional Certifications in Emergency Operations from University of North Carolina – Chapel Hill, and a Professional Certificate for Emergency Management from the Emergency Management Institute.

Danzinger’s real-world experiences include serving as a Vice President of Business Resumption and Corporate Risk Management for one of the nation’s top 50 publicly traded financial institutions, where he helps manage the Disaster Recovery and Business Continuity program as well as facilitate training and exercises for Cybersecurity resilience and response. Adhering to his philosophy of staying “always ready”, Danzinger also serves as an Officer and Contingency Planner for the United States Coast Guard, where he develops and facilitates multi-agency preparedness exercises that include cybersecurity readiness, use of the Incident Command System (ICS), and continuity of critical operations. With the United States Coast Guard, Danzinger earned qualifications as an ICS Type 3 Planning Section Chief (PSC), Contingency Planner (CP), and HSEEP exercise designer in addition to serving multiple roles for disaster, cyber, and public safety responses and exercises. He is also a Certified Business Continuity Professional (CBCP) through DRII International.

Danzinger also teaches Leadership and Information Systems Management courses for 3 area Graduate programs, which include cybersecurity and risk management practices for business environments and application design. Brian was named the Concordia – Batterman School of Business MBA Instructor of the Year in 2017 and the Concordia 2021 Adult Learning Faculty Member of the Year. Brian is heavily involved and invested in the community and was named as one of the Greater Green Bay Chamber Future 15 and Young Professional of the Year. Danzinger served 3 terms on the City of Green Bay City Council sitting on the Academic Advisory and Ethics Boards and served on the St. Norbert College Board of Trustees. He currently serves as a board member for Junior Achievement of the Greater Green Bay Area and Greater Green Bay Habitat for Humanity.