The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security.
|A||Spring Term 2022-23|
Cyber security has been recognised as a significant issue for companies, in particular their information technology and security departments. However, cyber security is also emerging as a significant management issue. The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security. The students will also develop an understanding of the expectations from society and the media around cyber security, and how organisations respond to information leaks and cyber-attacks.
An additional aim of the module is to improve student's awareness of their own cyber security, and critically reflect on their own behaviour in cyberspace.
Students will critically evaluate their own online behaviour and their personal cyber security, by reflecting on what they learn on the course.
There are numerous managerial issues around cyber threats that students should have experience of before entering the work place. Leaks, hacking, and viruses/malware a very real threat to organisations, and society is becoming increasingly concerned with privacy, data retention, and the moral arguments around whistle-blowing. This module will address these issues and hopefully generate lively and interesting debate among students.
Managers often encounter cyber security threats after the fact, that is, once disaster has struck. Therefore, an important aspect to this module will be the critical evaluation of organisational response to cyber threats, leaks, or hacking. Students will also be assessed on their ability to prepare a suitable response to a fictional security breach at an organisation. Including a short, written, report reassuring shareholders, and a mock press conference, with a questions and answer session.
Students will also develop skills to critically evaluate cyber security policy and strategy to enable to discover problems within organisations before disaster strikes, perhaps reducing the possibility needing to respond to an attack. This knowledge can also be used to improve their own security online.
The module will be taught using a mixture of lectures, guest lectures, and seminars, and make use of documentary material and news reports as well as journals and textbooks.
The module includes peer marking on the group work.
|Task||Length||% of module mark|
Critical evaluation of a case study including reflective analysis.
Presentation : Cyber Security for Managers: Group Mock Media Statement and Q&A
Response Report : Cyber Security for Managers: Response Report to Media and Shareholders (Group Work)
|Task||Length||% of module mark|
Reassessment: Critical Evaluation Case Study
Module assessment reports to students are written by the module leader for all assessments (open and closed) and placed on the VLE after the Board of Examiners has received the module marks.
The timescale for the return of feedback will accord with University and UYMS policy
Cyber Security: An Introduction for Non-Technical Managers. Swinfen Green, Gower,
Gurpreet Dhillon, Information Systems Security, Wiley, 2007.