| CODE | CPS5133 | ||||||||||||
| TITLE | Cyber Risk Management | ||||||||||||
| UM LEVEL | 05 - Postgraduate Modular Diploma or Degree Course | ||||||||||||
| MQF LEVEL | 7 | ||||||||||||
| ECTS CREDITS | 5 | ||||||||||||
| DEPARTMENT | Computer Science | ||||||||||||
| DESCRIPTION | Cybersecurity has become a global challenge impacting organizations across every industry sector. C-Suite and board-level executives are beginning to take their obligations seriously and, as a result, require competent business-focused advice and guidance from the organization's information security professionals. This study-unit focuses on how establishing a fully developed, risk-based, and business-focused information security program for an organization. Policies and procedures are the backbone of all organizations' cybersecurity strategy and posture, while compliance and audits are the best mechanisms to ensure they are followed. Since comprehensive security remains elusive due to resource and budget constraints, a risk-based approach to cybersecurity becomes key. In conducting a risk assessment, one can begin to prioritize the activities to implement first, second, and so on, as the security program takes shape. Study-unit Aims: This study-unit aims to prepare students for the following cybersecurity roles: - ¸£ÀûÔÚÏßÃâ·Ñ security officer - DevOps management - Security auditor by introducing concepts related to the establishment and management of organizational security programs, in the form of security policies that adhere to regulatory compliance requirements and information security standards, with guidance from risk management and best practices. Learning Outcomes: 1. Knowledge & Understanding By the end of the study-unit the student will be able to describe, discuss and conduct effective security programs for information assurance and IT security engineering, security programs based on: - Frameworks e.g. ISO 27000 series, NIST Cybersecurity Framework, ENISA security guides, COBIT 5; - Various industry guidelines and product security tech specifications/standards e.g. PCI-DSS, EMV ICC security and key management; - Regulatory compliance e.g. GDPR. Develop management/technical/operations security policies for: - Organisations that develop and/or run systems subject to cyberthreats; - DevOps; - Risk and security assessments; - Incident (breach or vulnerability) management; - Running a security operations centre; - Running a security architecture program. 2. Skills By the end of the study-unit the student will be able to: - Draft an organisation-centric security policy for a security program intended to put an organisation’s operations or its product development process in line with mandatory regulations and quality standard requirements; - Conduct risk assessment and management based on the definition of a cybersecurity threat landscape; - Produce a product design based on a technical standard with emphasis on security requirements. Main Text/s and any supplementary readings: Text: - Death, D. (2017). ¸£ÀûÔÚÏßÃâ·Ñ security handbook: develop a threat model and incident response strategy to build a strong information security framework. Packt Publishing Ltd. ISBN-13: 978-1788478830. Reference: - Pykhova E. (2021). Operational Risk Management in Financial ¸£ÀûÔÚÏßÃâ·Ñ : A Practical Guide to Establishing Effective Solutions. Kogan Page Ltd. ISBN-13: 978-1789667080 - Wittkop J. (2022). The Cybersecurity Playbook for Modern Enterprises : An end-to-end guide to preventing data breaches and cyber attacks. Packt Publishing Ltd. ISBN-13: 978-1803248639 - Hsu, T. H. C. (2018). Hands-On Security in DevOps: Ensure continuous security, deployment, and delivery with DevSecOps. Packt Publishing Ltd. ISBN-13: 978-1788995504. Online resources: - NIST Cybersecurity Framework - https://www.nist.gov/cyberframework - ENISA Cybersecurity Guidelines - https://www.enisa.europa.eu/securesme/downloads |
||||||||||||
| ADDITIONAL NOTES | Pre-Requisite qualifications: Bachelor's degree with a strong ICT component | ||||||||||||
| STUDY-UNIT TYPE | Lecture, Independent Study and Practical | ||||||||||||
| METHOD OF ASSESSMENT |
|
||||||||||||
| LECTURER/S | |||||||||||||
|
The University makes every effort to ensure that the published Courses Plans, Programmes of Study and Study-Unit information are complete and up-to-date at the time of publication. The University reserves the right to make changes in case errors are detected after publication.
The availability of optional units may be subject to timetabling constraints. Units not attracting a sufficient number of registrations may be withdrawn without notice. It should be noted that all the information in the description above applies to study-units available during the academic year 2025/6. It may be subject to change in subsequent years. |
|||||||||||||