SEC-202: Secure Startup

Course Syllabus

Course Description

Cybersecurity is now a requirement for every company in the world regardless of size or industry. This Secure Startup competency covers everything a founder, entrepreneur and venture capitalist should know when building a secure company in today's world. This competency takes you step-by-step through the cybersecurity moves you need to make at every stage, from landing your first round of funding through to a successful exit. This competency will discuss how to include security and privacy from the start and build a cyber resilient company. You'll learn the basic cybersecurity concepts every founder needs to know, and you'll see how baking in security drives the value proposition for your startup's target market. This competency will also explore you how to scale cybersecurity within your organization, even if you aren't an expert!

General Information

Competency Code SEC-202
Competency Name Secure Start-up
Competency Credits 4
Competency Duration 7 Weeks (~8.5 Hours Per Week = 60 Hours in Total)
Instructor Dr. Charnon Pattiyanon <charnon@cmkl.ac.th>

Assessing Skills

  1. [SEC-202:00010] Understand the lifecycle of data and information within startup operations. - Successful students must demonstrate a comprehensive understanding of the data and information lifecycle and be able to describe how it operates within their mock startup company.
  2. [SEC-202:00020] Design an integrated landscape of security controls for the mock startup company. - Successful students must be able to design a comprehensive landscape of security controls for their mock startup company at a level that ensures the protection and security of customer data.
  3. [SEC-202:00030] Evaluate the existing use of data and information within a startup company and critically assess its security measures. - Successful students must be able to analyze, evaluate, and critically assess the current security posture of a mock startup company and provide well-founded recommendations for improvement.

Class Schedule and Topics

Week Lecture Topic Lab/Practical Session Topic
Week 1 Lecture 1: Secure Start-up Strategy and Fundamentals
  • Maslow's Hierarchy of Needs
  • Data Classification
  • CIA Triad Revisits
  • The Cost of Security Investment
[Lecture 1 (PDF)]
  • Assessment Project Announcement
Week 2 Lecture 2: Identity and Endpoint Security
  • Zero Trust Network Access
  • Identity and Access Management Concepts
  • Endpoint Protection
  • Mobile Device Management
[Lecture 2 (PDF)]
  • Lab 1: Access Control Matrix
  • Homework 1: IAM Strategy and Policy [PDF]
Week 3 Lecture 3: Infrastructure Security
  • Network Security
  • Container Security
  • Secure Remote Access
  • Backups and Availability
  • Physical Security
[Lecture 3 (PDF)]
  • Homework 2: Infrastructure Security [PDF]
Week 4 Lecture 4: Governance, Risk, and Compliance (GRC)
  • The Documentation Hierarchy
  • Risk Assessment Methodology
  • Key Compliance Frameworks
  • Privacy Regulations
  • Auditing Activities
[Lecture 4 (PDF)]
Week 5 Lecture 5: Application Security
  • OWASP Top 10 Security Risks
  • Automated Security Testing Tools
  • Supply Chain Security
  • Penetration Testing
  • API Security
[Lecture 5 (PDF)]
  • Lab 2: Application Security [PDF]
Week 6 Lecture 6: Incident Response and Crisis Communications
  • Incident Response Lifecycle
  • Forensic Basics
  • Ransomware Special Case
  • Crisis Communications
  • Legal Privilege
[Lecture 6 (PDF)]
  • Homework 3: Incident Response [PDF]
Week 7 Lecture 7: The Human Element and Future Careers
  • Designing the Security Organization
  • Security Culture
  • Insider Threat
  • Outsourcing Strategy
  • Ethics in Cybersecurity
[Lecture 7 (PDF)]
  • Assessment Project Presentation

Assessment and Submission Guideline

This competency requires each student group to submit three deliverables, including:

  1. A list of team members and the company profile: This list should include the first name, last name, nickname, email address, and role of each member. Also, it must provide a short paragraph describing the mock start-up company for this assessment project.
  2. A Presentation Deck: This is the deck used during your presentation session. It must be submitted one day before the presentation date.
  3. A Final Report: This is the final document summarizing the details of your assessment project. Please refer to the report template provided below.

To support students throughout this competency, the following documents are provided:

Grading Rubric

Final Report Grading Rubric

The final report accounts for 100% of your total score, equivalent to 300 points out of 300 points (based on three assessing skills). Each section in the report carries a different score weight. Please refer to the Final Report Template for the detailed score distribution of each section.