Introductory description

The main aim of the module is to provide knowledge and strategic practice in how cyber security impacts and is managed in an organisational context. We examine the historical and modern rise of cyber threats and the foundational issues of information risk changes in social, organisational and governmental framework works.

Through case studies and practicing cyber security industry experts we identify current technical issues from a business and technology architecture perspective introducing key terms and definitions in assets, data, threats, vulnerabilities, impact, attack vectors and risk.

Module web page

Module aims

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

Whilst the module teaching is not a technical cyber security coding course, it will cover a wide range of subject matter knowledge in this space which is essential to understand the risks and threats of technology. It will also consider social and psychological behavior techniques as well. This will exceed the general cyber security certifications available and use applied business strategy theory with cyber security knowledge in a business context.
We relate the module to leading InfoSec certifications CompTIA Security+, GSEC SANS GIAC Security Essentials, including CISSP Certified information Systems Security Professional, CEH certified ethical hacker, ECSA - EC-Council Certified Security Analyst, CISM Certified Information Security Manager, ISACA Certified Information Security Auditor CISA, (ISC)² Certified Cloud Security Professional CCSP, CRISC Certified in Risk and Information Systems Control. GCHQ Certified Training (GCT).
This module is not part of the GCHQ Degree Certification, or the NCSC certification program.

Learning outcomes

By the end of the module, students should be able to:

• Demonstrate understanding of the types of cyber security threats classifications, sources and range of actors and impact responses on enterprise
• Demonstrate critical situation analysis.
• Demonstrate creativity in determining cyber attacks and required defences.
• Demonstrate thinking skills in anticipating moves and counter moves of enemies, and the cost and outcome risks.
• Evaluate types of risk, risk management, hackers, ethical hacking, psychology and motivations of threats.
• Demonstrate understanding of current standards in Information security, Identity authentication and management, cyber security certification, compliance and trust assessment and the mechanisms to monitor, assess, validate and certify.
• Demonstrate understanding of current and future emerging cyber security threat technologies and new cyber security solutions

Indicative reading list

No core text book required, the library offers a selection of relevant e-books, e.g.

Quade, P. (2019) The Digital Big Bang : the Hard Stuff, the Soft Stuff, and the Future of Cybersecurity Wiley

Taylor, A. (2013) Information Security Management Principles. BCS.

Pogrebna. G & Skilton, M. (2019) Navigating New cyber risks: How Businesses can Plan, Build, Manage Safe Spaces in the Digital Age". Springer, Palgrave Macmillan.

These books will be complemented by additional journal articles and other references:

Sloan Management Review

When entering https://sloanreview.mit.edu/tag/cybersecurity/

You will find many relevant articles, e.g. Cybersecurity for a Remote Workforce by Rico Brandenburg and Paul Mee (July 23, 2020) Or Develop Your Cyber Resilience Plan by Chon Abraham, Ronald R. Sims, and Tracy Gregorio (June 02, 2020)

Harvard Business Review (HRB), e.g. How Organizations Can Ramp Up Their Cybersecurity Efforts Right Now by Brenda R. Sharton (May 01, 2020), see:

https://hbr.org/2020/05/how-organizations-can-ramp-up-their-cybersecurity-efforts-right-now

Or Companies Need to Rethink What Cybersecurity Leadership Is by Matthew Doan (November 27, 2019) see https://hbr.org/2019/11/companies-need-to-rethink-what-cybersecurity-leadership-is

or articles on Cyber Security collated by the HBR insight centre in 2016: https://hbr.org/insight-center/the-future-of-cybersecurity

Or 2019 HBR Podcast:

https://hbr.org/podcast/2019/12/why-cybersecurity-isnt-only-a-tech-problem

It is also recommended to regularly check the Warwick library or google scholar for relevant journal articles, e.g.

Prince, D. (2018) ‘Cybersecurity: The Security and Protection Challenges of Our Digital World’, Computer, 51(4), pp. 16–19. doi: 10.1109/MC.2018.2141025.

Or

Srinivas, J., Das, A. K. and Kumar, N. (2019) ‘Government regulations in cyber security: Framework, standards and recommendations’, Future Generation Computer Systems, 92, pp. 178–188. doi: 10.1016/j.future.2018.09.063.

Or

Llanos Tobarra et al. (2019) ‘A Cybersecurity Experience with Cloud Virtual-Remote Laboratories’, Proceedings, 31(1), p. 3. doi: 10.3390/proceedings2019031003.

Or

Netkachova, K. and Bloomfield, R. (2017) ‘Is Chocolate Good for You—or, Is the Cloud Secure?’, Computer, 50(8), pp. 74–78. doi: 10.1109/MC.2017.3001250.

Interdisciplinary

The module explores cyber security and attacks from different perspectives of hackers, criminal, political, industrial and regulatory perspectives.

Subject specific skills

Conduct risk and threat assessments for Human resources security, Corporate intelligence and protection, Personal, Physical and environmental Security

Apply and evaluate organisational and technical controls to risk assessments and analysis

Transferable skills

Written skills.

Teamwork.