Cyber risks in organisations
This module aims to provide the student with the knowledge and skills to undertake security risk management where risk management is the identification, assessment and prioritisation of the effects of uncertainty on organisational objectives, followed by the coordinated and economical application of resources to minimise, monitor, and control the combination of a) the probability of an unfortunate event occurring and b) the negative impact on organisational objectives were the unfortunate event to occur. In the context of this module information is restricted to anything stored, processed or transmitted digitally.
This module aims to ensure students understand systematically addressing threats, vulnerabilities and the negative consequences that occur should a threat exploit a vulnerability in any organisation's day-to-day cyber engagement. The organisation includes the home user, commerce, and any organisation using digital networks. This embraces most organisations in existence today or likely to exist in the future.
The module will equip students to establish and maintain a risk management framework to provide assurance that information security and assurance strategies are aligned with business objectives and consistent with legal and regulatory obligations.
Various approaches to information risk management and resolution will be compared and contrasted for a simple system. There is an emphasis on the practical nature of this process and the real-world issues that face managers.
Principal Learning Outcomes
By the end of module students should be able to:
• Outline current cyber security threats to a simple IT system.
• Outline current cyber security threats to the storage of information.
• Define practical cyber security measures to counteract intentional and unintentional human misbehaviour.
• Select the most appropriate approach to information risk management for a given organisation or scenario.
• Outline how inadequate information risk management affects organisations across a range of specific sectors.
• Demonstrate a systematic understanding of the key aspects of formulating a cyber-incident response plan.
• Evaluate the response to a cyber-incident across the incident's lifecycle.