• Course title: 1.1 Organisational Theory and Change (Théorie des organisations et du changement)
• Number of ECTS: 2
• Course code: MPMSSI-72
• Module(s): Module 1 : Understanding Organisations & Management (Compréhension des organisations et du management)
• Language: EN
• Mandatory: Yes

Define the characteristics of the organizational context within which security management is deployed

Provide insight into the different components of the organization, their respective roles and their interrelations

Identify the organizational changes related to security management, and how to manage these as well as the socio organizational risks

Understand the challenges of security management in terms of sense-making within the organizations

The course aims to develop your understanding of the organizational context.
It focuses on the structure (organizational configurations), types of strategies and corporate culture that characterize an organization.
Content :

• Class 1 : What is an organization ? Which configuration ?
• Class 2 : What is Corporate Strategy ? What are the links between Strategy, Information systems and the organizational structure ?
• Class 3 : What is change and how does it work ? What are the socio organizational risks related to security management ?

 

Group oral presentation and supporting documentation: Case study analysis of an organizational situation, using the theoretical frameworks seen in class.

Oral presentations, PowerPoint presentations, Videos, case studies

• Pichault, F. (2013), Change management : Towards polyphony, Manager RH (Coll), De Boeck, 182p


• Pichault, F., Schoenaers, F. (2003), “HRM practices in a process of organizational change: A contextualist perspective”, Applied Psychology, 52 (1), 120-143


• K.Laudon J.P. Laudon (2014) Management Information Systems, Global Edition, 13E, Pearson Education

• Course title: 2.1 Legal and Regulatory Aspects (Aspect légaux et réglementaires)
• Number of ECTS: 3
• Course code: MPMSSI-46
• Module(s): Module 2 : Regulatory Frameworks (Cadres réglementaires)
• Language: EN
• Mandatory: Yes

Create good legal reflexes, enable students to identify / flag (for further analysis / resolution by management / legal counsels) potential legal or regulatory issues linked to their function / duties or information security in general.

Acquire sufficient legal knowledge in computer criminal law, data protection, contractual aspects and other regulatory issues related to information security in order to determine policies and lines of action in this area.

General introduction (laws, regulations, courts)
IT law fundamentals
Liability principles
Contract law principles, pre-contractual arrangements
Study of usual IT contracts (development, license, maintenance, escrow)
Intellectual property basics
Criminal law and IT crime
GDPR and personal data protection law principles
Employee IT monitoring
IT investigations and inforensics rules
IT security statutory obligations
Forthcoming EU / Luxembourg rules

Task: Take-home assignment (100%)
Grading scheme: 20 points (0-20)
Objectives: Demonstrate a basic understanding of legal concepts, conduct an analysis of the legal aspects of a particular situation or risk, be able to identify legal issues within the CISO’s scope of expertise
Assessment rules: Students will work on their own.
Assessment criteria: The correctness of solutions to assigned questions, the existence of appropriate legal reasoning (even if the solution provided is not optimal).

Slides
Relevant Luxembourg / EU laws and regulations (IT security, data protection, cybercrime)

• Course title: 3.1 Information Security Management System – ISMS (Systèmes de Management de la Sécurité de l'Information – SMSI)
• Number of ECTS: 2
• Course code: MPMSSI-49
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

Introduce the ISO/IEC 27001 standard about “Information Security Management Systems” and detail how to comply with its requirements.

1.Students will understand ISO/IEC 27001, its structure and its requirements.
2.Students will be able to interpret the requirements of the standards and to “speak the same language.
3.Students will have a first view on “how” to comply with the different requirements of the standards.
4. Students will be able to define an action plan towards compliance

1. The ISO/IEC 27001 standard 
– Overview of the standard

2. ISMS establishment and management 
– Definition of an ISMS establishment and management project

3. Context and objectives

4. Document management

5. Leadership 
– Commitment, policy and roles & responsibilities

6. Performance evaluation
– Indicators, internal audit and management review

7. Improvement
– Nonconformity and corrective action and incident management

8. Risk management  
– Risk assessment  
– Risk treatment

9. Information security policy(ies) and procedures

10. Conclusions and work plan

Task 1: Written exam based on a MCQ and open questions (100%)

Grading scheme: 20 points (0-20)
Objectives: Prove that the standard and its interpretation have been understood and that the student is able to draw an implementation plan to comply with ISO/IEC 27001.
Assessment rules: Students will work on their own.
Assessment criteria: The correctness of solutions to assigned questions.

Syllabus☐Yes☒No
Literature list☐Yes☒No
Moodle page☒Yes☐No
Other, please specify:

Slideshow in a PDF file
ISO/IEC 27001. Information technology – Security techniques – Information security management systems – Requirements. International Organization for Standardization, Geneva, 2005.

• Course title: 3.2 Risk Analysis and Management (Analyse et gestion de risques)
• Number of ECTS: 2
• Course code: MPMSSI-50
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

To introduce the concepts of risk regardless of context
To highlight the socio-cultural aspects of risk perception and its (empirical) assessment methods
To master the set of concepts related to Information System Security Risk Management (ISSRM)
To have the theoretical background to ease the understanding of risk management methods
To understand the ISO/IEC 27005:2011 standard
To have a pragmatic and ready-to-use view of the standard

Be able to present risks to people who have a different perception of those risks
Understand the economic relationship between the number of incidents, the financing of mitigation measures and the origin of this financing

 Introduction to risk management
Perception of risk and risk management in general
Influence of socio-cultural risk perception
Empirical methods
Endogenous and exogenous threats
Illustration based on examples
Relationship between frequency of losses, financing of the mitigation measures and origin of the funding for the mitigation. (Basel III approach)
* Introduction to information security risk management
* Outline of information security risk management concepts
Asset
Risk
Risk treatment
* Metrics of information security risk management
* The ISO/IEC 27005:2011 process and its underlying activities
Context establishment
Risk identification
Risk analysis
Risk evaluation
Risk treatment
Risk acceptance
Risk communication and consultation
Risk monitoring and review

 

2 projects (1 for each lecturer) to be done as homework.

Project on a case study (50%)

Grading scheme: 20 points (0-20)
Objectives: Prove that the concepts and the process have been understood and can be applied on a case.
Assessment rules: Students will work on their own or in pairs depending on what they prefer.
Assessment criteria: The alignment with the requirements of the standard and the relevance of suggested solutions.

Task 2: Project on a case study (50%)

Grading scheme: 20 points (0-20)
Objectives: Analysis of a non-ICT incident/accident applying the concepts seen during the course and showing the process have been understood.
Assessment rules: Students will work on their own or in pairs depending on what they prefer.
Assessment criteria: Alignment with the approach seen during the course and the ability to identify changes in the standard applicable to the sector.

Slideshow in a PDF file

• Course title: 3.3 Risk Analysis Practices (Pratiques d'analyse de risques)
• Number of ECTS: 1
• Course code: MPMSSI-87
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

• Course title: 4.1 Information Security 1 (Technologies de la sécurité 1)
• Number of ECTS: 2
• Course code: MPMSSI-51
• Module(s): Module 4 : Technical Aspects (Aspects techniques)
• Language: EN
• Mandatory: Yes

 

• Understand the basic concepts of modern cryptography such as: confidentiality, integrity and authentication, public and private key cryptography. 


• Study the principles of operation of basic cryptographic algorithms: block ciphers, stream ciphers, hash functions, message authentication codes, public-key encryption and digital signatures.


• Become familiar with the most widely used cryptographic standards: AES, DES, SHA,  RSA, DSA, etc. – Given certain security requirements, be able to propose solutions using current best practices and state-of-the-art cryptographic standards. 

The course teaches the fundamental security components used as building blocks in modern security technologies. The material is divided in two parts. One part covers the basics of public-key cryptography: public-key encryption, digital signatures, etc. The second part is dedicated to symmetric-key cryptography and discusses topics such as stream ciphers, block ciphers, hash functions and message authentication codes.
A brief outline of the covered topics follows.

• Overview of cryptography
• Introduction to public-key cryptography
• Public key encryption- Digital signatures
• Introduction to symmetric-key cryptography
• Block ciphers, stream ciphers
• Hash functions, Message authentication codes
• Real life applications

Written exam

• Lecture slides and lecture notes


• William Stallings, Cryptography and Network Security (5th edition)


• Keith M.Martin, Everyday Cryptography


• Alfred Menezes, Scott Vanstone, Paul van Oorschot, The Randbook of Applied Cryprography : http:\\cacr.uwaterloo.ca/hac/

• Course title: 6.1 Working in Information Security Management (Le métier de responsable de la sécurité de l'information)
• Number of ECTS: 1
• Course code: MPMSSI-52
• Module(s): Module 6 : Professional Part (Volet professionnel)
• Language: EN
• Mandatory: Yes

The course aims to provide students with a practical and strategic understanding of the role of a Chief Information Security Officer (CISO). It seeks to equip students with actionable knowledge, real-world tools, and critical thinking skills necessary for working in and leading information security management functions.

Understand the multi-faceted role of a CISO in modern organizations
Identify typical threats and risks in the field of information security
Apply practical tools and methods used in risk and security management
Evaluate real-life challenges faced by security leaders and propose effective solutions
Demonstrate communication skills relevant for raising cybersecurity awareness
Reflect on their own readiness for working in information security management

Introduction – The background and scope of a CISO’s responsibilities
Career pathways – How to become a CISO
The multiple roles and expectations of a CISO
Strengths and common obstacles in the profession
Organizational intelligence and navigating corporate environments
Communication strategies for effective security awareness
Practical methods & tools – Global paradigms, certifications and their combinations
The importance of risk management
A typical day in the life of a CISO
Becoming a future Chief Information Security Officer

Task 1: In-class oral presentation (100%)
Grading scheme: 20 points (0–20)
Weight: 100% of the final course grade
Objectives: Demonstrate the ability to communicate clearly, apply given instructions or recommendations effectively, and adapt one’s discourse to a professional context.
Assessment rules: Individual oral presentation held during the final session. No group work.
Assessment criteria:
oClarity and structure of the presentation
oAbility to translate advice into actionable communication
oProfessionalism and delivery

The PowerPoint used as support by the coordinator will be shared with the students after the course session, via Moodle.

• Course title: 1.2 Enterprise architecture – Structuring and Governing Strategic Digital Transformation
• Number of ECTS: 3
• Course code: MPMSSI-95
• Module(s): Module 1 : Understanding Organisations & Management (Compréhension des organisations et du management)
• Language: EN
• Mandatory: Yes

This course explores Enterprise Architecture (EA) as a strategic discipline to structure and govern digital transformation. It focuses on how EA enables organizations to navigate complexity, coordinate change, and make informed decisions through structured modeling and architectural thinking. Students will engage with established frameworks such as TOGAF and ArchiMate, and apply EA practices to real-world scenarios, with particular attention to transformation governance and security risk management.

Upon successful completion of the course, students will be able to:

Explain the strategic role of Enterprise Architecture in digital transformation.
Describe the key components of EA frameworks and modeling languages, including TOGAF and ArchiMate.
Apply EA modeling techniques to represent enterprise capabilities, processes, and systems.
Analyze how EA supports governance, decision-making, and security risk management.
Design and present a transformation proposal using EA models to justify architectural decisions and risk mitigation strategies.

Each session combines theoretical insights with practical modeling exercises:

1. Introduction to Enterprise Architecture: Concepts, evolution, and value in digital transformation.
2. Modeling Frameworks and Languages: Overview of EA frameworks and the ArchiMate modeling language.
3. Enterprise Capabilities and EA Function: Understanding the role of EA in capability-based planning.
4. EA Process Overview: Structure, phases, and application of the TOGAF standard.
5. EA for Decision Making and Security Risk Management: Using EA models to identify, assess, and mitigate security risks in transformation projects.

Task 1: Take-home assignment (70%)
Grading scheme: 20 points (0-20)
Objectives: Prove that the methodological framework has been understood and can be applied in real life scenario
Assessment rules: Students will work in groups of 3 to 4 and deliver a digital transformation proposal governed with EA
Assessment criteria: Relevance and motivation of the proposal. Quality of the designed EA models. Exploitation of the models to govern the project and the security risks
Task 2: Presentation (30%)
Grading scheme: 20 points (0-20)
Objectives: Grading scheme: 20 points (0-20)
Assessment rules: Each student of the group will present a part of the delivered proposal
Assessment criteria: Clarity of the presentation (visual and explanations). Control of the subject. Pitching capability

Syllabus ☐Yes☒No Remarks:Lecture slide deck is provided
Literature list ☒Yes☐No Remarks:Open access to the papers and articles
Moodle page ☐Yes☒No

Other, please specify:Standard Specifications
-TOGAF 
-ArchiMate 
-ISO/IEC/IEEE 42010:2022
Case study architecture models

• Course title: 1.3 Financial Management (Gestion financière)
• Number of ECTS: 1
• Course code: MPMSSI-74
• Module(s): Module 1 : Understanding Organisations & Management (Compréhension des organisations et du management)
• Language: EN
• Mandatory: Yes

Students get familiar with fundamental tools of financial management: financial reporting, planning, and capital budgeting. Any person who manages investments and risks must be familiar with these concepts. Understand fundamental concepts of financial accounting, read the financial reports  (balance sheet, income statement, cash-flow statement) and understand interlinkages, as well as the main value drivers and forecasting techniques. Understand some fundamentals of financial management: project financing, financial leverage, cost of capital, and valuation.

I. Financial reporting
1. Firms’ disclosure of financial information 
2. The balance sheet 
3. The income statement
4. The statement of cash flows 
5. Other financial statement information
II. Financial planning and capital budgeting
1. Forecasting earnings
2. Determining free cash flow and NPV
3. The discounted free cash flow model 

 

Task 1: Take-home assignment (40%)

Grading scheme: 20 points (0-20)
Objectives: Assure that logical concepts and methods have been understood and prepare students for the written exam
Assessment rules: Students will work on their own
Assessment criteria: The correctness of the answers
Task 2: Written exam (60%)
Grading scheme: 20 points (0-20)
Objectives: Assure that logical concepts and methods have been understood and can be applied for problem solving 
Assessment rules: Students will work on their own in the class
Assessment criteria: Correctness of each answer. Questions will be graded

Course materials
Syllabus☒Yes☐No
Literature list☒Yes☐No
Remarks:Berk, J., DeMarzo, P. (2020). Corporate finance: Global edition (6th ed.). Pearson.
Moodle page☐Yes☒No
Remarks:Lecture and assessment material shared via  Onedrive 

• Course title: 1.5 Digital Product Management – Structuring, Designing, and Securing Digital Products
• Number of ECTS: 1
• Course code: MPMSSI-75
• Module(s): Module 1 : Understanding Organisations & Management (Compréhension des organisations et du management)
• Language: EN
• Mandatory: Yes

This course introduces students to the principles and practices of Digital Product Management as a modern alternative to traditional IT service management. It focuses on how digital products create value, how they are structured and managed across their lifecycle, and how they contribute to secure and sustainable digital transformation. The course emphasizes product-centric thinking, value-driven design, and the use of industry standards such as IT4IT to support product lifecycle management. It complements the course on Enterprise Architecture, offering a product-oriented perspective on digital governance.

Upon successful completion of the course, students will be able to:
Define the concept of a digital product and explain its value in the context of secure information systems.
Describe the key modeling elements used in digital product management.
Apply product design practices to develop a roadmap aligned with business and security objectives.
Explain the stages of the digital product lifecycle and how they are supported by IT4IT.
Collaborate in teams to design and present a digital product strategy using real-world case studies.

 

Each session combines theoretical foundations with practical application:
1.From IT Services to Digital Products
Understanding the shift in mindset and value creation.
2.What is a Digital Product?
Key characteristics, value proposition, and product thinking.
3.IT4IT Overview
Managing the digital product lifecycle: strategy, development, delivery, and operations.
4.Modeling Digital Products
Describing structure, capabilities, and outcomes.
5. Digital Product and Secure Transformation
Aligning product strategy with security, governance, and enterprise goals.

Task 1: Take-home assignment (70%)

Grading scheme: 20 points (0-20)
Objectives: Prove that the methodological framework has been understood and can be applied in real life scenario
Assessment rules: Students will work in groups of 3 to 4 and deliver a roadmap for a digital product
Assessment criteria: Quality of the designed Product Roadmap
Task 2: Presentation (30%)
Grading scheme: 20 points (0-20)
Objectives: Understand the role of Digital Product in communication
Assessment rules: Each student of the group will present an aspect of the digital product
Assessment criteria: Clarity of the presentation (visual and explanations). Control of the subject. Pitching capability

Syllabus☐Yes☒No
Remarks:Lecture slide deck is provided
Literature list☒Yes☐No
Moodle page☐Yes☒No
Other, please specify:Standard Specifications
-IT4IT
Case study product design models

• Course title: 2.2 Law Enforcement (Mise en application des dispositions légales)
• Number of ECTS: 2
• Course code: MPMSSI-77
• Module(s): Module 2 : Regulatory Frameworks (Cadres réglementaires)
• Language: EN
• Mandatory: Yes

Acquire basic knowledge about law enforcement action in the field of cyber-/computer crime investigations.

Students should become familiar with the legal and procedural environment of digital and cybercrime investigations. 
Students should also become familiar with good practices and learn about the specific procedural difficulties encountered by law enforcement bodies during (computer and cybercrime) investigations. 
Students should eventually become familiar with the specific problems linked to gathering and reporting digital evidence in court.

Part I. Criminal procedure and (digital) investigations

1.  Law enforcement bodies
2.  General principles of criminal investigations
3.  Specific procedures
  – Native competences of LE bodies
  – Emergency procedure
  – Judicial examination
  – Access to telecommunication data     
  – Legal interception
4.  Specific aspects of obtaining digital evidence
5.  International police cooperation
6.  Mutual legal assistance

Part II. Digital forensics

1. Good practice
2. Acquisition of numeric information
3. Authentication of digital evidence
4. Analysis of digital evidence and reporting
5. Professional/Open source software
6. Examples

Task 1: Written exam – Questionnaire (100%)
Grading scheme: 20 points (0-20)
Objectives: Assess the knowledge and the understanding of the course content.
Assessment rules: Individual answers to a written questionnaire. No documentation or electronic devices are allowed. The questionnaire may contain short practical questions to answer in compliance with the course content. Oral interruptions by participants during the assessment are not allowed. Fraud will be strictly sentenced.
Assessment criteria: Degree of compliance with the course handouts. 

Handouts of powerpoint presentations
Official texts and good practice guides are provided as PDF files.

• Course title: 2.3 Special Businesses and Impacts (Spécificités du secteur financier)
• Number of ECTS: 2
• Course code: MPMSSI-91
• Module(s): Module 2 : Regulatory Frameworks (Cadres réglementaires)
• Language: EN
• Mandatory: Yes

This course prepares students for working as an Information Security Officer in the financial sector, which plays a major role in the Luxembourg economy.

Understand the Luxembourg financial sector and its national and European regulatory constraints. Explain the specificities of the CISO profession and its position within governance as defined in regulations, particularly DORA. Understand the role of the regulator. Understand cyber security issues related to new technologies like DLT and AI.

Supervised entities, Legal & regulatory context, ISD: Investment Services Directive, MIFID, Credit Institutions (banks), SSM, Access to the activity, Other Professionals of the Financial Sector, Classification of information, Professional secrecy and recent changes (2018), Refresh on basic components (C, I, A, P), Principles of internal contro, lCircular CSSF 20/750 (ICT risk management), Circular CSSF 22/806 (outsourcing), DORA, Information Security in the context of various financial services, Markets in Crypto-Assets Regulation (MiCA), AML & KYC, Compensation scheme (fond de garantie des dépôts et système d’indemnisation – FGDL).

Task 1: Written exam (100%) – Max 2 hours
Grading scheme: 20 points (0-20)
Objectives: Assess the students’ understanding of the financial sector based on 6 to 8 questions on the essential elements of the course. Questions are rated from 1 point to max 5 points depending on the complexity.
Assessment rules: End of course assessment during the course period. Minimum 3 weeks after the last course to give time to the students to prepare.
Assessment criteria: Accuracy of the answers to the questions.

• Course title: 4.2 Information Security Technologies 2 (Technologies de la sécurité 2)
• Number of ECTS: 2
• Course code: MPMSSI-79
• Module(s): Module 4 : Technical Aspects (Aspects techniques)
• Language: EN
• Mandatory: Yes

The course is about the main fundamental security components/technologies that are basic blocks used in most of security solutions. A first part of the course is dedicated to cryptography and the second one is about secured platforms. This second part is about public key infrastructures and how to build secure component-based platforms. The third part is about understanding the concepts of eIDAS Regulation and applying it to business uses cases.

Content :
A.PKI applications

• Public key infrastructure
• Authentication protocols
• Application to the financial sector
• Case study

B.Architectures the secure platforms

• Modern web architectures
• The different technical levels for securing a platform
• Implementation of a component-based system embedding security policies
• Case study

Task 1: Group project (30%)

Grading scheme: 20 points (0-20)
ObjectivesStudents need to design an access control policy based on a use case.
Task 2: Presentation – Group presentation (30%)
Grading scheme: 20 points (0-20)
Objectives: Students perform a group presentation on a security issue.
Task 3: Presentation (40%)
Grading scheme: 20 points (0-20)
Objectives: Prove the understanding of the eIDAS Regulation by applying its concepts to business use cases. 
Assessment rules: Students will work on their own.
Assessment criteria: The correctness of solution to assigned use cases.

• Course title: 4.3 Communication, Information Processing and Persistence 1 (Communication, traitement et persistances des informations 1)
• Number of ECTS: 2
• Course code: MPMSSI-80
• Module(s): Module 4 : Technical Aspects (Aspects techniques)
• Language: EN
• Mandatory: Yes

Information systems combine three dimensions that must be independently and globally secured from a systemic viewpoint; the communication aspect (classical and dynamic networks), treatments (software, business logic), and persistency (databases and data storage). The objectives of this course can be formulated as:

• Apprehend the different parameters impacting network and communication security.
• Understand the software layer and be familiar with the safe and secure design and deployment of software.

An overview of security and safety challenges and solutions for network communication and software development.

This course treats the technological means that are available or required to secure the communication between users over a hostile network, software and information systems. This course will cover but not be limited to the topics listed below:

• Introduction to computer networks and protocols
• ISO/OSI layered communication model
• Virtual private networks
• IPSec, Firewalls, SSL/TLS
• Intrusion detection
• E-mail security
• Security protocols
• Web security
• User authentication
• Viruses/malware, RFID security, attack trees (optional)

Evaluation based on practices and assignments

The lectures and lecture notes are partly based on the following textbooks:

• W. Stallings, L. Brown, Computer Security – Principles and Practice
• W. Stallings, Network Security Essentials – Applications and Standards
• D. Gollmann – Computer Security
• C.P. Pfleeger and S.L. Pfleeger – Security in Computing

• Course title: 1.4 Project Management (Gestion des projets)
• Number of ECTS: 2
• Course code: MPMSSI-82
• Module(s): Module 1 : Understanding Organisations & Management (Compréhension des organisations et du management)
• Language: EN
• Mandatory: Yes

– Give students the keys to understanding the benefits of project mode
– To give students the ability to make decisions about activating and choosing project mode methods
– Provide students with the conceptual and practical fundamentals to enable them to implement project mode in their information security activities

– Working effectively in project mode as a team member
– The keys to coordinating a small project

– History of project management
– Why project mode
– The different project management standards / methods / certifications available

Final exam

Slides

• Course title: 3.4 Security Policy (Politique de sécurité)
• Number of ECTS: 2
• Course code: MPMSSI-83
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

• Course title: 3.5 Compliance Assurance (Assurance de la conformité)
• Number of ECTS: 2
• Course code: MPMSSI-84
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

• Course title: 4.4 Communication, Information Processing and Persistence 2 (Communication, traitement et persistance des informations 2)
• Number of ECTS: 4
• Course code: MPMSSI-94
• Module(s): Module 4 : Technical Aspects (Aspects techniques)
• Language: EN
• Mandatory: No

The course aims at presenting design techniques to develop a secure software integrating persistency. The course is two-fold : the first part is about modeling, development and testing of software (including security policies); the second one about secured databases. We thus introduce software engineering techniques for security.
Modelling will be done with UML standard, that will be briefly presented, as well as the link with programming. The student will understand the main challenges for efficient implementation of a maintainable security policy (access control, XACML standard)

A.Design and validation for safety and security

1. Design methods for designing software and architectures
2. Security policies and their deployment
3. Software functional testing
4. Software security testing

B.Secured databases

1. Architectures for persistency (databases, cloud, datacenters)
2. Securing a database
3. Performance, robustness and security testing of databases

Use case :
A practical case will be (partly) implemented in Java (e.g. Auction system) or an Android application

Evaluation via practical work and questionnaires

Lectures (24hrs), personal work (72hrs)

• Course title: 4.5 Threats, Attacks and Controls (Menaces, attaques et parades)
• Number of ECTS: 2
• Course code: MPMSSI-86
• Module(s): Module 4 : Technical Aspects (Aspects techniques)
• Language: EN
• Mandatory: Yes

Understand common web vulnerabilities, their impact on security properties, and how to fix them, prevent them. Acquire the ability to exploit web vulnerabilities through tools or manually.

SQL Injection & other injection flaws in theory and in practice. Cross Site Scripting theory and practical exploitation. Common web application vulnerabilities. Web application auditing methodology.
Self-teaching ressources and material.

Practical exam on real-world vulnerability discovery and exploitation

Virtual machines, online ressources.
Web applications Hacker Handbook, OWASP Top 10, OWASP Wiki

• Course title: 5.1 Human Risk (Risque humain)
• Number of ECTS: 2
• Course code: MPMSSI-68
• Module(s): Module 5 : Human Aspects (Aspects humains)
• Language: EN
• Mandatory: Yes

Introducing and familiarizing course participants with basic principles and properties of the human risk, including:
Understanding how human mistakes and behaviors can cause cybersecurity risks
Learning how human factors (emotions, stress and attention,…) impact our digital security actions
Recognizing how attackers use manipulation, social engineering and OSINT
Exploring ways to improve cybersecurity habits

After the course, students will understand how human behavior affects cybersecurity and how to recognize, prevent, and respond to human-related security risks.

The course will encompass topics such as 
1. Human basics : understanding how some human factors influence our attitudes and behaviors in cybersecurity
2. Risky behaviors, how and why 
3. OSINT, social engineering : presentation of the main concepts and understanding of the uses and risks
4. Managing the human risk today

Oral presentation of a selected topic from the field of human risks (small groups up to four students: 50%, on 20 points), written exam based on a questionnaire (individual: 50%, on 20 points). 

Powerpoint presentations, video clips 
Cialdini, R. (2001). Influence. Science and practice. Boston, MA: Pearson Education, Inc.
Hadnagy, C. (2011). Social Engineering: The art of human hacking. Indianapolis, IN: John Wiley Sons Ltd.

• Course title: 3.6 Business Continuity Management (Gestion de la continuité)
• Number of ECTS: 1
• Course code: MPMSSI-70
• Module(s): Module 3 : Information Security Management (Gestion de la sécurité de l'information)
• Language: EN
• Mandatory: Yes

Provide students with a comprehensive understanding of Business Continuity Management (BCM) principles, standards, and regulatory expectations, with a focus on ISO 22301.Equip students with the skills to design, implement, and maintain a BCM framework aligned with organizational risk appetite and critical business functions.Develop the ability to conduct a Business Impact Analysis (BIA) and create actionable Business Continuity (BCP) and Disaster Recovery Plans (DRP).

By the end of this course, students will be able to explain the core components of BCM and their alignment with ISO 22301 requirements. They will be able to perform a Business Impact Analysis, map critical business processes, and define recovery objectives (RTO/RPO). Students will be capable of designing effective BCP and DRP plans that ensure organizational resilience and service continuity. They will learn how to integrate BCM into the wider risk management and information security strategy. Students will also understand how to test, maintain, and continuously improve BCM programs in a real-world context

This course introduces the ISO 22301 standard and its role in establishing a robust BCM framework. Students will learn the step-by-step process to design a BCM program, from context analysis to governance and communication planning. The course covers practical methods for conducting a BIA, determining critical processes, and setting RTO/RPO targets. It explores how to develop and document BCPs and DRPs, including crisis management and IT recovery procedures. Finally, students will be trained in exercising, maintaining, and improving the BCM system through regular reviews and scenario-based tests.

Task 1: Take-home assignment (100%)

Grading scheme: 20 points (0-20)
Objectives: Validate that the students understand how to perform a BIA
Assessment rules: Case study with 7 exercises (total 20 points)
Assessment criteria: Ability to follow what has been presented during the course and to explain the choices

Syllabus☒Yes☐No
Remarks:PDF with all course content
Literature list☐Yes☒No
Moodle page☐Yes☒No

• Course title: 5.2 Human Communication (Communication humaine)
• Number of ECTS: 2
• Course code: MPMSSI-71
• Module(s): Module 5 : Human Aspects (Aspects humains)
• Language: EN
• Mandatory: Yes

Charles Max:
Understand essential components and theoretical models of human communication;
Reflect on and critically assess own communication styles in both personal and professional contexts;
Apply the core principles of communication in interactive tasks;
Develop strategies for managing complex communication tasks in academic and workplace environments.
Rodolphe Mans:
Develop communication as a professional skill, with emphasis on practical applications and real-world challenges.
Ensure students’ self-development by moving beyond technical expertise to soft skills critical for leadership.
Master verbal and non-verbal techniques to better prepare public interventions, manage stress, and adapt to professional situations.
Improve efficiency in professional interactions: meetings, presentations, negotiations, interviews.
Learn practical tips and tricks to avoid common pitfalls in workplace communication.

Charles Max – By the end of the course, students will be able to:
Identify key components of effective communication.
Analyze the impact of communication styles in professional settings.
Apply communication strategies in complex and dynamic workplace scenarios.
Rodolphe Mans – By the end of the course, students will be able to:
Recognize and interpret non-verbal signals to enhance professional interactions.
Prepare, structure and deliver effective public presentations with confidence.
Apply communication strategies to make meetings more productive and impactful.
Design efficient presentation materials (slides) that reinforce rather than weaken communication.
Demonstrate professional behavior and communication skills during interviews, evaluations and negotiations.
Reflect on their own communication practices and identify areas for improvement.

Charles Max – This course focuses on developing communication as a professional skill in the workplace. Students will explore both verbal and non-verbal communication techniques, map their communication landscape, reflect on communication processes in academic and corporate contexts. Emphasis will be placed on applying communication skills in diverse and challenging situations, including presentation, conflict resolution, intercultural communication, and team collaboration.
Rodolphe Mans – This module focuses on the pragmatic aspects of communication in professional environments, complementing the theoretical foundations provided in the first-year module. Topics include:
Non-verbal communication: understanding body language, gestures, eye contact, and stress signals.
Public presentations: preparation, stress management, audience engagement, voice and posture.
Effective slides: design principles, clarity, visual impact, and common mistakes to avoid.
Conducting and closing meetings: efficiency, professionalism, respect, and persuasion.
Performance reviews & job interviews: preparing, presenting achievements, handling tricky questions.
Practical methods: tips, role-playing, and real-life examples.

Task 1
: Presentation – Mapping my communication  practice (25%)

Grading scheme: 20 points (0-20)
Objectives – Charles Max:
Reflect your private and professional communication regarding tools, addressees, time, styles, etc.;
Find a creative way (e.g., model, picture, road map, drawing…) to visualize your communication practice;
Map your landscape on a support of your choice;
Describe and explain the graphical representation by digital storytelling video.
Assessment rules – Charles Max:
Present your digital story as a short video clip ( 10 minutes);
Speak about relevant features of your communication landscape you want to emphasise or you became aware of while designing your landscape (about 3-4 minutes);
Illustrate major differences between your private and professional communication style / routines (about 3-4 minutes);
Upload the video onto the course Moodle page.
Assessment criteria – Charles Max 
Content (6 criteria);
Design principles (2 criteria);
Effective communication (6 criteria);
Creativity (3 criteria);
Learning outcome (1 criterion).
Task 2: Presentation – The conception of my MSSI thesis presentation (25%)
Grading scheme: 20 points (0-20)
Objectives – Charles Max:
Conceive a professional talk;
Transform your thesis manuscript into an appealing presentation;
Use Schulz von Thun’s model as a heuristic device to analyse interactions with other participants involved;
Practice your communication skills in the video of your presentation;
Assessment rules – Charles Max:
Present your thesis talk as a short video clip ( 10 minutes);
Develop the four relevant dimensions of Schulz von Thun’s model for your case in your contribution;
Upload the video onto the course Moodle page;
Assessment criteria – Charles Max
Content (6 criteria);
Design principles (2 criteria);
Effective communication (6 criteria);
Creativity (3 criteria);
Learning outcome (1 criterion).
Task 3: Oral exam – Case Study (50%)
Grading scheme: 20 points (0-20)
Objectives – Rodolphe Mans:
Demonstrate ability to apply communication principles in a professional context.
Translate practical advice into clear, structured and persuasive discourse.
Show adaptability, self-confidence and professionalism in public speaking.
Assessment rules – Rodolphe Mans:
Individual oral presentation delivered during the final session (no group work).
Duration: 8–10 minutes per student.
Presentation must be based on a professional communication situation (meeting, speech, negotiation, interview, etc.).
Assessment criteria – Rodolphe Mans:
Relevance and professionalism of delivery (voice, posture, confidence).
Ability to engage and convince the audience.
Use of supporting materials (slides, examples, storytelling).
Overall impact and persuasiveness of the presentation.

Lecture support :

Set of slides to download from the related moodle space

 

Literature :

 

• 
  Iyamu, T. Shaanika, I. (2019). The use of activity theory to guide information systems research. Education and Information Technologies, 24:165–180 https://doi.org/10.1007/s10639-018-9764-9
  


• 
  Research Group on Socio-Digital Systems (2011). Things we have learnt about communication. Issue 1. Microsoft Corporation. Online available at: http://research.microsoft.com/en-us/projects/thingswevelearnt/things_issue1.pdf
  


• 
  Russell, D. (2001). Looking beyond the interface: Activity theory and distributed learning. In M. Lea K. Nicoll (Eds.). Distributed learning (pp. 64-82). New York: Routledge Falmer. Online available at: http://www.public.iastate.edu/~drrussel/drresume.html
  

• Course title: 6.3 Professional Project (Projet professionnel)
• Number of ECTS: 14
• Course code: MPMSSI-81
• Module(s): Module 6 : Professional Part (Volet professionnel)
• Language: EN
• Mandatory: Yes

Work on a project of the student’s choice under the supervision of a tutor, who is also a teacher in the program.
Write a Master’s thesis related to the professional project assigned to the student by the teaching team.
Understand the value of academic contributions in professional practices.
Become familiar with applying the knowledge acquired.
Take on real-world responsibility for information security.

The topic and content are to be defined by the student and their academic and professional supervisors at the start of the project.

Task 1: Take-home assignment (100%)

Grading scheme: 20 points (0-20)
Objectives: Write a Master thesis. Formulate a problem statement. Survey the state of the art. Design a scientific contribution. Evaluate the contribution.
Assessment rules: Evaluation of the thesis manuscript and the defense/presentation.
Assessment criteria: Novelty, rigor, soundness, significance/impact, clarity of the presentation.

Syllabus☐Yes☒No
Literature list☐Yes☒No
Moodle page☐Yes☒No
Remarks:Might use Moodle for submissions.

• Course title: 6.2 Security Emerging Technologies
• Number of ECTS: 3
• Course code: MPMSSI-93
• Module(s): Module 6 : Professional Part (Volet professionnel)
• Language: EN
• Mandatory: Yes

This course provides students with comprehensive knowledge of emerging technologies in information security, including distributed ledger technologies, artificial intelligence applications in security, and modern approaches to secure records management and digital archiving. Students will develop critical analysis skills to evaluate these technologies’ security implications and practical applications in organizational contexts.

Upon successful completion, students will be able to:

– Analyze security properties and vulnerabilities of distributed ledger technologies
– Evaluate AI/ML applications in cybersecurity and their associated risks
– Design secure electronic records management strategies
– Assess security requirements for digital transformation and archiving projects
– Apply security principles across emerging technology implementations
– Critically evaluate research and industry developments in security technologies

1. Distributed Ledger Technologies (DLT) and Blockchain 
SecurityFundamentals of blockchain and distributed ledgers
Security properties and consensus mechanisms
Smart contracts and their vulnerabilities
Applications in cybersecurity
2. Artificial Intelligence and Machine Learning in Security
Machine Learning fundamentals for security applications
AI for cybersecurity (threat detection, anomaly detection)
Security challenges in AI/ML systems
Adversarial machine learning and defenses
3. Electronic Records Management (ERM)
Security aspects of electronic records management
Information governance and compliance
Digital preservation and long-term security
Records lifecycle management
4. Dematerialization and Digital Archiving
Security constraints in dematerialization processes
Archiving policies and procedures
Digital document management security
Legal and regulatory requirements
5. Information Security in Records Management
Specific security challenges in records management
Access control and confidentiality
Integrity and authenticity of digital records
Audit trails and compliance

Task 1: Take-home assignment (100%)

Grading scheme: 20 points (0-20)
Objectives: Demonstrate understanding of emerging security technologies including DLT, AI/ML applications, and critical thinking wrt to novel approach propositions.
Assessment rules: Students will work individually.  A critical review of 1 to 2 pages targeting one research paper published in top-tiers venues (SP, Usenix Sec, CCS, NDSS).
Assessment criteria: Technical understanding (35%), critical analysis quality (30%), practical applications and implications (20%), writing clarity and structure (15%)