This subject is available under ICMS undergraduate degrees, please click the button below to find an undergraduate course for you.
CYB302A
Specialisation
3 credit points
ICT301A IT Risk Management
Course level pre-requisite: a total of 24 credit points (15 credit points, including ICT101A, ICT102A, ICT103A, DAT101A from level 100 and 9 credit points from level 200 core subjects) prior enrolling into level 300 core and specialisation subjects.
300
There is neither a single industry sector nor a government agency immune to cyberattacks on a global scale with cybercriminals becoming smarter each day. Disruption of essential services and critical infrastructure costs organisations billions of dollars worldwide. Cyber security governance is an essential part of an organisation’s overarching governance system to safeguard its operations and assets, manage cybersecurity risks, threats, and vulnerabilities, and establish compliance mechanisms that are vital to protect brand value and end-to-end supply chain. Besides, organisations have legal, ethical, and corporate social responsibilities to shield customer data in cyberspace.
In this subject, students will explore the principles of cyber security governance, industry frameworks and best practices, and key provisions for compliance. They will examine the system-level models, tools, and techniques organisations methodologically and procedurally employ to bolster their cyber resilience and information assurance.
This subject will equip students with a holistic view of organisational governance, covering the concepts and practices in threat and risk management, policy-making, business continuity planning, emergency response, and disaster recovery in a cybersecurity context. Students will investigate how cyber operations are planned and implemented to control the end-to-end business landscape in cyberspace in compliance with IT governance frameworks and standards. Ethical, legal, and regulatory aspects of the cyber security governance will also be studied.
a) Articulate the principles, critical aspects, and elements of cyber governance in an organisational sphere, demonstrating understanding of its applications in business operations.
b) Analyse the key components of organisational governance, critically assess the shortcomings, and present well-reasoned strategies for sound corporate governance in a cybersecurity context.
c) Utilise legislative instruments, governance frameworks, standards, and information security models to inaugurate well-established cyber governance for a given organisation.
d) Model an implementation scheme for ISO 27001 to enhance organisational information security management system (ISMS) appropriate to a specific business setting.
e) Examine cyberattacks, identify organisational cybersecurity needs, and develop governance mechanisms to ensure effective cyber risk management in an organisational context.
f) Explain the legal, ethical, and regulatory factors and challenges relating to cybersecurity and exercising cyber governance.
No | Assessment Task | Weighting | Learning Outcomes |
1 | Online Quiz (Invigilated) | 15% | a, f |
2 | Simulation Part A Preliminary Analysis | 25% | a, b, c, f |
3 | Simulation Part B Governance Baseline | 30% | a, b, c, e, f |
4 | Simulation Part C Continuous Improvement | 30% | a-e |
Broad Topics to be Covered:
Topic: |
Week 1: Overview
|
Week 2: ISO 27001
|
Week 3: COBIT
|
Week 4: NIST 800
|
Week 5: Organisational Governance
|
Week 6: Asset Management
|
Week 7: Procurement and Vendor Management
|
Week 8: Business Continuity
|
Week 9: Compliance
|
Week 10: Operations Management
|
|