At A Glance
Duration: Up to 16 weeks, divided into seven modules
Modality: Online, self-paced with access to the instructor at any time, non-credit
Technology: The course will be instructed using the Canvas platform, including readings, videos, discussions and quizzes.
Time: Students should anticipate eight to 10 hours of coursework per module.
Materials: All content is included in the course modules, no textbook is required. Login information will be provided approximately one week prior to the course start date.
Additional Information: The seven modules must be completed in sequence. A certificate of completion will be issued upon the conclusion of Module 7.
Fully Online | Self-Paced | CEUs Available
The Cybersecurity and Digital Risk Management Certificate provides learners with foundational knowledge of Cybersecurity concepts, threats, and risk management practices to help support a more secure organizational environment. A general understanding of technology is recommended; however, the coursework is designed to be approachable for all levels of learners who want to gain a better understanding of the Cybersecurity landscape.
Upcoming Dates and Registration Information
Course dates: Sept. 6 – Dec. 31, 2022
Register before Sept. 6, 2022: $949 for the full certificate ($150 savings)
Register on or after Sept. 6: $1099 for the full certificate
Cybersecurity Brings Job Security
Enter a growing field that has a 0% unemployment rate!
Data provided by monster.com.
Seventy-four percent (74%) of surveyed professionals reported that the cybersecurity skills shortage has made an impact on their organizations “significantly” or “somewhat.”
Data provided by csoonline.com.
Module 1: Introduction to Cybersecurity Concepts
In this first module, learners will be given foundational knowledge of Cybersecurity concepts and a preview of what will be covered in the coursework. This module will share a brief history and evolution of information systems (with emphasis on networking, data sharing, and the Internet), cover some basic Information Technology concepts, define the terms that will be used in the course, and demonstrate why Cybersecurity is an important part of today’s organizational environment. This initial module will also underscore that while the learner will explore technology concepts, it is not a programming or network engineering course. Instead, this certificate will prepare those working in leadership roles, with private information, or part of internal processes that interact with technology to be more educated, aware, and diligent in the area of Cybersecurity. Some of the topics covered include:
- An introduction to networks, the Internet, email, and other technology solutions that we see in today’s organizational environments
- Defining Cybersecurity, the scope, and what it means for organizations today
- Why leaders need to be aware of how Cybersecurity impacts all areas and processes of an organization (Big Data, The Internet of Things, Automation, and Data Sharing with third parties)
- Examples of recent Cybersecurity breaches, projections, trends, and events that emphasize the importance of managing Cybersecurity
- Cultivating a holistic approach to Cybersecurity and that everyone in the organization has a role in Cybersecurity
- An introduction to NIST Cybersecurity Framework, which outlines identifying threats, protecting our environment, detecting threats, responding to threats, and then recovering
Module 2: Understanding the Threats
The second module will introduce learners to the various types of threats and emerging industry trends. This will not only explore technology-based risks but issues like physical security, managing data/information that is hosted off-site, human error, and organized criminal activity. Examples of data breaches and the tools that were used will be shared as part of the scenario-based learning. Some of the topics covered include:
- Common external Cybersecurity threats such as hacking, ransomware, viruses, hackers, and Denial of Service Attacks
- Common internal Cybersecurity threats including malicious insiders, human error, social media misuse, social engineering, and employee turnover
- Understanding what outsiders are targeting
Module 3: Managing Network, Infrastructure and Application Security
The third module will begin to examine the development of Cybersecurity strategy that acknowledges the potential threats and what makes organizations susceptible to data breaches and data loss. This module will be the most technical, as it will provide basic understanding of network routing and how data flows through an organization. Some of the topics covered include:
- Networking basics including TCP/IP, IMAP, and routing of data
- Virtual Private Networks
- Patch Management for servers and applications
- Operating software, application software, and the weaknesses of poorly written code
- Changing default settings
Module 4: Protecting Information
The fourth module will focus on data management and protecting data. The main focus will be on the balance of making data available and convenient, while still maintaining a level of security and privacy. Some of the topics covered include:
- The types of information we protect and understanding how and where it moves throughout the organization
- The formats and channels for information sharing
- CIA Triad (Confidentiality of Data, Integrity of Data, and Availability of Data)
- The role of Authentication and passwords in protecting data and private information
- The impact and ramifications of losing or exposing private information
- How long to keep data and data retention guidelines
Module 5: Identifying, Assessing and Mitigating Risk
Now that the learner has a basic understanding of the various threats, the coursework will explore the various risks that exist for different types of organizations. This includes both known and unknown risks, as well as the legal requirements for managing risk (i.e., financial firms, healthcare, and education). Learners will be exposed to a Risk Matrix that calculates risk based on likelihood, impact, and tools that mitigate specific risks. This module will lean more towards the managerial aspects of Cybersecurity and how risks can be documented and remoted. Some of the topics covered include:
- Actively identifying the risks within our network and organizational environment
- Tools for measuring and assessing risk
- Tools for mitigating risk, which include technical solutions, polices/guidelines, partnerships, and other risk mitigation resources
- Password and user policies
- Access Controls
- Governance and oversight
- Internal Audits
- Data Loss Prevention tools
- Intrusion detection, firewalls, logs, and monitoring devices
- Third party management and vendor controls
Module 6: Responding to a Cybersecurity Breach or Incident
Even with the best tools in place, a Cybersecurity incident may occur. This module will discuss how to prepare for a breach or incident and what actions can be taken to minimize damage (both financial and reputational) to the organization. This module will also explore how data breaches or incidents should be reported, the importance of crisis communications from a managerial perspective, and documenting the incident. Some of the topics covered include:
- Initial reporting and assessment of the damage
- Tools for documenting and reporting the incident, as well as managing the “kill chain”
- Preventing similar attacks
- Root cause analysis
Module 7: Disaster Recovery Management and Business Continuity
The final module closes out with how to recover after a Cybersecurity incident has occurred. If severe damage has been done, strategies need to be in place to restore impacted data, recover applications, and repair network infrastructure. This module will also introduce learners to the criticality of continuing operations after an incident, as well as the concepts of Active/Active environments. Some of the topics covered include:
- Definition of Disaster Recovery and Business Continuity
- Development, review, and testing of Disaster Recovery and Business Continuity Plans
- Recovery Time Objective (RTO) and Recovery Point Objectives (RPO)
- Data backup and restoration policies
- Maintaining multiple data centers and Active/Active environments versus Active/Passive or single hosted environments
Dr. Brian Danzinger brings over 20 years of Cybersecurity policy development, Risk Management, Contingency Planning, and Incident Response to the course with a passion to help learners develop a more resilient and prepared organizational environment. In addition to his Bachelor of Business Administration (BBA) in International Business and Language Area Studies from St. Norbert College, Danzinger also received his Masters of Science (MS) in Management and Organizational Behavior from Holy Family College of Manitowoc and Doctor of Philosophy (PhD) in Electronic Commerce from Northcentral University. He continued his professional development receiving a Graduate Certificate in Cybersecurity from Harvard University, Professional Certificate in Cybersecurity from Texas A&M, a Graduate Certificate of Project Leadership and System Design from Cornell University, Professional Certifications in Emergency Management and Disaster Response from Columbia University, Professional Certifications in Emergency Operations from University of North Carolina – Chapel Hill, and a Professional Certificate for Emergency Management from the Emergency Management Institute.
Danzinger’s real-world experiences include serving as a Vice President of Business Resumption and Corporate Risk Management for one of the nation’s top 50 publicly traded financial institutions, where he helps manage the Disaster Recovery and Business Continuity program as well as facilitate training and exercises for Cybersecurity resilience and response. Adhering to his philosophy of staying “always ready”, Danzinger also serves as an Officer and Contingency Planner for the United States Coast Guard, where he develops and facilitates multi-agency preparedness exercises that include cybersecurity readiness, use of the Incident Command System (ICS), and continuity of critical operations. With the United States Coast Guard, Danzinger earned qualifications as an ICS Type 3 Planning Section Chief (PSC), Contingency Planner (CP), and HSEEP exercise designer in addition to serving multiple roles for disaster, cyber, and public safety responses and exercises. He is also a Certified Business Continuity Professional (CBCP) through DRII International.
Danzinger also teaches Leadership and Information Systems Management courses for 3 area Graduate programs, which include cybersecurity and risk management practices for business environments and application design. Brian was named the Concordia – Batterman School of Business MBA Instructor of the Year in 2017 and the Concordia 2021 Adult Learning Faculty Member of the Year. Brian is heavily involved and invested in the community and was named as one of the Greater Green Bay Chamber Future 15 and Young Professional of the Year. Danzinger served 3 terms on the City of Green Bay City Council sitting on the Academic Advisory and Ethics Boards and served on the St. Norbert College Board of Trustees. He currently serves as a board member for Junior Achievement of the Greater Green Bay Area and Greater Green Bay Habitat for Humanity.
Questions and More Information
Questions concerning registration and program content should be directed to the Division of Online and Continuing Education, University of Wisconsin Oshkosh, 800 Algoma Boulevard, Oshkosh, WI 54901-8623. Please email firstname.lastname@example.org or call (920) 424-1129.
Refunds must be requested in writing to email@example.com within 2 weeks of the program start date. A $35 administrative fee will be charged for any cancellations and will be deducted from any refunds.
UW Oshkosh reserves the right to cancel any program due to insufficient enrollment, as well as the right to limit enrollment due to excessive demand. UW Oshkosh is an Equal Opportunity/Affirmative Action institution. If you need special assistance and/or accommodations, please notify us by the registration deadline. All requests will be kept confidential.