The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security.
|A||Semester 2 2023-24|
Cyber security has been recognised as a significant issue for companies, in particular their information technology and security departments. However, cyber security is also emerging as an increasingly significant management issue. The objective of this course is to provide students with an understanding of information security, and organisational cyber security.
The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security. The students will also develop an understanding of the expectations from society and the media around cyber security, and how organisations respond to information leaks and cyber-attacks.
An additional aim of the module is to improve student's awareness of their own cyber security, and critically reflect on their own behaviour in cyberspace.
Understand the importance of information systems and information technology to cyber security.
Understand the types of cyber security threats faced by modern organisations, and the origin of security threats (internal/external).
Students will develop an awareness of the ethical and operational issues around cyber security and systems surveillance and be able to critically evaluate the ethical implications for individuals, organisations, and society, of cyber security strategies and policy.
Understand the basics of the UK and International regulatory requirements for cyber security, and the role organisations play in national security.
Be able to critically evaluate how organisations respond to cyber-attacks, through the analysis of both successful and failed organisational responses.
Be able to critically evaluate organisational strategy and policy around cyber security.
Students will critically evaluate their own online behaviour and their personal cyber security, by reflecting on what they learn on the course.
There are numerous managerial issues around cyber threats that students should have experience of before entering the workplace. Leaks, hacking, and viruses/malware are a very real threat to organisations, and society is becoming increasingly concerned with privacy, data retention, and the moral arguments around whistle-blowing. This module will address these issues and hopefully generate lively and interesting debate among students.
Managers often encounter cyber security threats after the fact, that is, once disaster has struck. Therefore, an important aspect to this module will be the critical evaluation of organisational response to cyber threats, leaks, or hacking. Students will also be assessed on their ability to prepare a suitable response to a simulated security breach at an organisation. Including a short, written, report reassuring shareholders, and a mock press conference, with a questions and answer session.
Technology is a central issue to cyber security, often critical to the detection and defence of cyber attacks, but also frequently the site of attack. The module will also highlight where these technologies interface with the management of the organisation, for example artificial intelligence and risk detection.
Students will also develop skills to critically evaluate cyber security policy and strategy to enable them to discover problems within organisations before disaster strikes, perhaps reducing the possibility of needing to respond to an attack. This knowledge can also be used to improve their own security online.
The module will be taught using a mixture of lectures, guest lectures, and seminars, and make use of documentary material and news reports as well as journals and textbooks.
The module includes peer marking on the group work.
|Task||Length||% of module mark|
Cyber Security for Managers: Open Assessment – critical evaluation of a case study including reflective analysis.
Incident Simulation - Press conference – Mock Press conference and Q&A (Group Work)
Incident Simulation - Written Statement to Media and Shareholders (Group Work)
|Task||Length||% of module mark|
Individual videoed response to incident
Individual written incident statement for the press or shareholders
Open Assessment – critical evaluation of a case study including reflective analysis.
Module assessment reports to students are written by the module leader for all assessments (open and closed) and placed on the VLE after the Board of Examiners has received the module marks.
The timescale for the return of feedback will accord with School policy
Gurpreet Dhillon, Information Systems Security, Wiley, 2007.