Cyber Security Governance

This subject is available under ICMS undergraduate degrees, please click the button below to find an undergraduate course for you.

Subject Code:

CYB302A

Subject Type:

Specialisation 

Credit Points:

3 credit points 

Pre-requisite/Co-requisite: 

ICT301A IT Risk Management 

Course level pre-requisite: a total of 24 credit points (15 credit points, including ICT101A, ICT102A, ICT103A, DAT101A from level 100 and 9 credit points from level 200 core subjects) prior enrolling into level 300 core and specialisation subjects. 

Subject Level:

300

Subject Rationale:

There is neither a single industry sector nor a government agency immune to cyberattacks on a global scale with cybercriminals becoming smarter each day. Disruption of essential services and critical infrastructure costs organisations billions of dollars worldwide. Cyber security governance is an essential part of an organisation’s overarching governance system to safeguard its operations and assets, manage cybersecurity risks, threats, and vulnerabilities, and establish compliance mechanisms that are vital to protect brand value and end-to-end supply chain. Besides, organisations have legal, ethical, and corporate social responsibilities to shield customer data in cyberspace. 

In this subject, students will explore the principles of cyber security governance, industry frameworks and best practices, and key provisions for compliance. They will examine the system-level models, tools, and techniques organisations methodologically and procedurally employ to bolster their cyber resilience and information assurance.  

This subject will equip students with a holistic view of organisational governance, covering the concepts and practices in threat and risk management, policy-making, business continuity planning, emergency response, and disaster recovery in a cybersecurity context. Students will investigate how cyber operations are planned and implemented to control the end-to-end business landscape in cyberspace in compliance with IT governance frameworks and standards. Ethical, legal, and regulatory aspects of the cyber security governance will also be studied. 

Learning Outcomes:

a) Articulate the principles, critical aspects, and elements of cyber governance in an organisational sphere, demonstrating understanding of its applications in business operations.

b) Analyse the key components of organisational governance, critically assess the shortcomings, and present well-reasoned strategies for sound corporate governance in a cybersecurity context.

c) Utilise legislative instruments, governance frameworks, standards, and information security models to inaugurate well-established cyber governance for a given organisation.

d) Model an implementation scheme for ISO 27001 to enhance organisational information security management system (ISMS) appropriate to a specific business setting.

e) Examine cyberattacks, identify organisational cybersecurity needs, and develop governance mechanisms to ensure effective cyber risk management in an organisational context.

f) Explain the legal, ethical, and regulatory factors and challenges relating to cybersecurity and exercising cyber governance.

Student Assessment:

Broad Topics to be Covered:

Please note that these topics are often refined and subject to change so for up to date weekly topics and suggested reading resources, please refer to the Moodle subject page.