Course Purpose
To equip learners with advanced knowledge, frameworks, and practical skills required to design, implement, govern, and continuously improve information security management programmes in complex organizational environments, with reference to Kenyan legal obligations and international best practice standards including ISO/IEC 27001:2022, NIST CSF 2.0, and COBIT 2019.
Course Learning Outcomes
CLO 1: Critically evaluate information security governance frameworks and apply them to Kenyan organisational contexts.
CLO 2: Design and execute information security risk assessments using structured methodologies.
CLO 3: Architect advanced technical security controls across access, cryptography, network, and emerging technology domains
CLO 4: Manage security incidents and build organisational resilience using international standards.
CLO 5: Demonstrate compliance with Kenyan and international legal requirements governing information security.
Course Content
| Module | Title | Key Frameworks / Topics |
|---|---|---|
| 1 | Introduction to Information Security Management | CIA Triad, ISMS, PDCA, Kenyan legal landscape |
| 2 | Information Security Risk Assessment and Management | ISO 27005:2022, NIST 800-30, DPIAs, Risk registers |
| 3 | Security Governance Frameworks | ISO 27001:2022, NIST CSF 2.0, COBIT 2019, Governance structures |
| 4 | Access Control, Identity and Authentication | ZTA, IAM, RBAC, ABAC, MFA, biometrics, PAM |
| 5 | Advanced Cryptography and PKI | Symmetric/asymmetric, PKI, X.509, post-quantum cryptography |
| 6 | Advanced Network Security | NGFW, IDPS, SASE, SD-WAN, DDoS mitigation, Zero Trust networking |
| 7 | Incident Management and Cyber Resilience | NIST 800-61, ISO 27035, BCP/DRP, cyber resilience |
| 8 | Cyber Threat Intelligence | MITRE ATT&CK, Diamond Model, STIX/TAXII, KE-CIRT/CC |
| 9 | IoT Security and Emerging Technologies | ETSI EN 303 645, ICS/SCADA, cloud security, AI risk |
| 10 | Legal, Compliance and Ethics | DPA 2019, CMCA 2018, Budapest Convention, professional ethics |