Chat with us, powered by LiveChat

Cyber Security Management

Cyber Security Management is available as a postgraduate-level subject offered by the International College of Management, Sydney (ICMS). Please click the button below to find a postgraduate course suitable for you.

 

Subject Code:

CYB701A

Subject Type:

Specialisation 

Subject Level:

700

Credit Points:

4 credit points

Subject Aim:

The number of cyber-attacks on companies has risen sharply. A successful cyber-attack has devastating effects on business operations, customer reputation, and legal affairs. The challenge of cyber security management is therefore to establish governance structures, procedural, and technical cyber security measures in such a way that companies are effectively protected from cyber-attacks. However, cyber security measures are associated with significant financial investments and require technical and human resources.

The aim of this subject is for students to engage critically with the challenges and opportunities of modern cyber security management. They will be enabled to evaluate threats in the business context. Furthermore, students will be able to identify, design and finally evaluate threat-adequate governance structures, procedural controls and technical controls in regard to regulatory demands, costs, and business operations.

This subject is divided into five key information security management topics: Fundamentals of Information Security Management, Cyber Security Risk Management, Procedural Security Controls, Technical Security Controls and Evaluation of Security Controls. Students will not only be competent with concepts and techniques but will also be able to critically analyse cyber threats, and evaluate, design and justify cybersecurity measures.

Learning Outcomes:

a) Identify and critically analyse cybersecurity threats to the business.

b) Critically evaluate the economic impact of cybersecurity threats on the business.

c) Critically assess cybersecurity governance and risk management measures in response to changing threats within an organisational context.

d) Design and justify procedural and technical cybersecurity controls to mitigate cybersecurity threats under consideration of the IT and business process landscape.

Assessment Information:

Learning outcomes for this subject are assessed using a range of assessment tasks as described in the table below.

WordPress Table

Broad topics to be covered: 

Topic: 
Week 1:  Fundamentals of Cyber Security Management I: Cybersecurity Economics 

  • Cybersecurity incidents and their organisational impact  
  • Economic aspects of cybersecurity for organisations 
  • Types of cybersecurity incidents and related costs 
  • Organisational cybersecurity vulnerabilities 
Week 2: Fundamentals of Cyber Security Management II: Fundamental Concepts 

  • Assets, vulnerability, threat, risk, controls, policies 
  • Cryptography in security management 
  • Types of attackers (internal and external) 
  • Cybersecurity threat modelling 
  • Business impact analysis 
  • Cybersecurity (human) resource management  
  • Cybercrime and digital forensics  
Week 3: Cyber Security Risk Management I: Principals 

  • Tensions between security controls, costs, and business needs 
  • Security management as risk management 
  • Internal and external cybersecurity risks 
  • Cryptography key management 
  • Deming cycle: plan, do, check, act 
  • Enterprise Risk Management (ERM) and cyber forensics 
Week 4: Cyber Security Risk Management II: Governance, Standards and Best Practices 

  • Cybersecurity governance  
  • Cybersecurity policies and procedures 
  • Cybersecurity roles 
  • Managing security by standards: ISO/IEC2700x, SABSA, NIST 800 
  • Certifications and audits 
  • Digital forensics as part of a risk management policy in ERM 
Week 5: Procedural Security Controls I: Asset Security 

  • Information life cycle 
  • Information classification (levels and controls) 
  • Data governance and roles 
Week 6: Procedural Security Controls II: Secure Software Development 

  • Secure software development processes 
  • Change and release management  
Week 7: Procedural Security Controls III: Security Incident Response 

  • Security incident process 
  • Crises response planning 
  • Business continuity management  
  • Digital Forensics and Incident Response (DFIR) 
Week 8: Technical Security Controls I: Security Engineering 

  • System security architecture 
  • Security models 
  • System evaluation: common criteria 
Week 9: Technical Security Controls II: Security Assessment and Testing 

  • Technical auditing controls (Vulnerability Testing, Penetration Testing) 
  • Audit strategies and technical reporting 
  • The role of forensics in cybersecurity prevention 
Week 10: Evaluation of Security Controls I: Cost-based Methods 

  • Economic evaluation of cybersecurity measures: Return on Security Investment 
Week 11: Evaluation of Security Controls II: Presentation 

  • Process-oriented evaluation of cybersecurity measures  

Please note that these topics are often refined and subject to change so for up to date weekly topics and suggested reading resources, please refer to the Moodle subject page.