• Student home
• Things to know this week
• Student news
• Student events
• New students' welcome
• Studying at York
  • Semesters
  • Teaching hours
  • Enrolment
  • Manage your studies
    • Enrol or re-enrol
    • Your student record
    • Your timetable
    • Change your plan
    • Programmes and modules
      • Programme specifications
      • Studying beyond your department
      • Module catalogue
    • University study spaces
  • Student Visa holders
  • Study skills
  • Assessment and examination
  • Academic progress issues
  • Graduation
• Support and advice
• Health and wellbeing
• Work, volunteering and career planning
• Study and work abroad
• Accommodation
• IT and online services
• Finance
• Student life in York
• If things go wrong
• Student Centre

Cyber Security for Managers - MAN00039H

« Back to module search

• Department: The York Management School
• Module co-ordinator: Prof. Philip Garnett
• Credit value: 20 credits
• Credit level: H
• Academic year of delivery: 2022-23
  • See module specification for other years: 2021-22 2023-24 2024-25

Module summary

The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security.

Module will run

Occurrence	Teaching period
A	Spring Term 2022-23

Module aims

Cyber security has been recognised as a significant issue for companies, in particular their information technology and security departments. However, cyber security is also emerging as a significant management issue. The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security. The students will also develop an understanding of the expectations from society and the media around cyber security, and how organisations respond to information leaks and cyber-attacks.

An additional aim of the module is to improve student's awareness of their own cyber security, and critically reflect on their own behaviour in cyberspace.

Module learning outcomes

• Understand the importance of information systems and information technology to cyber security.
• Understand the types of cyber security threat faced by modern organisations, and the origin of security threats (internal/external).
• Students will develop an awareness of the ethical and operational issues around cyber security and systems surveillance, and be able to critically evaluate the ethical implications for individuals, organisations, and society, of cyber security strategies and policy.
• Understand the basics of the UK and International regulatory requirements for cyber security, and the role organisations play in national security.
• Be able to critically evaluated how organisations response to cyber-attacks, through the analysis of both successful and failed organisational responses.
• Be able to critically evaluated organisational strategy and policy around

Students will critically evaluate their own online behaviour and their personal cyber security, by reflecting on what they learn on the course.

Module content

There are numerous managerial issues around cyber threats that students should have experience of before entering the work place. Leaks, hacking, and viruses/malware a very real threat to organisations, and society is becoming increasingly concerned with privacy, data retention, and the moral arguments around whistle-blowing. This module will address these issues and hopefully generate lively and interesting debate among students.

Managers often encounter cyber security threats after the fact, that is, once disaster has struck. Therefore, an important aspect to this module will be the critical evaluation of organisational response to cyber threats, leaks, or hacking. Students will also be assessed on their ability to prepare a suitable response to a fictional security breach at an organisation. Including a short, written, report reassuring shareholders, and a mock press conference, with a questions and answer session.

Students will also develop skills to critically evaluate cyber security policy and strategy to enable to discover problems within organisations before disaster strikes, perhaps reducing the possibility needing to respond to an attack. This knowledge can also be used to improve their own security online.

The module will be taught using a mixture of lectures, guest lectures, and seminars, and make use of documentary material and news reports as well as journals and textbooks.

The module includes peer marking on the group work.

Assessment

Task	Length	% of module mark
Essay/coursework Critical evaluation of a case study including reflective analysis.	N/A	70
Groupwork Presentation : Cyber Security for Managers: Group Mock Media Statement and Q&A	N/A	15
Groupwork Response Report : Cyber Security for Managers: Response Report to Media and Shareholders (Group Work)	N/A	15

Special assessment rules

None

Reassessment

Task	Length	% of module mark
Essay/coursework Reassessment: Critical Evaluation Case Study	N/A	100

Module feedback

Module assessment reports to students are written by the module leader for all assessments (open and closed) and placed on the VLE after the Board of Examiners has received the module marks.

The timescale for the return of feedback will accord with University and UYMS policy

Indicative reading

Cyber Security: An Introduction for Non-Technical Managers. Swinfen Green, Gower,

Gurpreet Dhillon, Information Systems Security, Wiley, 2007.