This module aims to provide students with a systematic understanding of cyber security management, and of risk assessment and management, and with the skills to critically analyse and, evaluate existing practices. The module covers key cyber security concepts, principles, technologies and practices. The module delivers hands-on experience of conducting risk assessment for an information system, threat modelling, developing security policies of different types and strategy for an organisation. This module enables students to practice the skills of communicating security concepts and needs to a wide range of audiences; applying common security frameworks and best practices, as well as evaluating their effectiveness; researching and analysing recent cyber security incidents, threats and vulnerabilities. The module informs students about legal and regulatory environment surrounding the development and use of Information and Communication Technology (ICT) and information systems, as well as about ethics and responsibilities of cyber security professionals. 

1. Determine, establish and maintain appropriate information security regulations for an organisation. 
    
2. Identify, analyse, evaluate and manage risks related to different components of an information system (i.e. data, people, processes, hardware, software and network) accounting for current threat landscape.
    
3. Identify and effectively articulate different types of threat to, and vulnerabilities of, information systems to a range of audiences (e.g. top management, end users, non-technical and technical experts). 
    
4. Critically analyse a wide range of security countermeasures, select and justify appropriate security countermeasures to mitigate risks by calculating return on security investment and economic impact of a security-related incident on business. 
    
5. Effectively evaluate and apply popular risk assessment methodologies and information security management frameworks to case studies. 
    
6. Define and implement effective security policies and processes within an organisation, make and sustain argument; make judgement and propose solutions 

You will be guided through learning activities appropriate to your module, which may include: 

on-line resources that you work through at your own pace (e.g. videos, web resources, e-books, quizzes).

on-line interactive sessions to work with other students and staff (e.g. discussions, live streaming of presentations, live-coding, team meetings). 

face to face small group sessions (e.g. help classes, feedback sessions). 

Application of common security frameworks to case studies 

Estimating the impact of security incidents on business 

Analysis of organisation’s security strategy and policy 

Security policy development 

Calculating return on security investments 

Communicating security risks 

Establishing the context for risk assessment 

Risk identification, estimation, evaluation 

Choice of appropriate security control(s) 

Risk monitoring and review 

Critical analysis of an evidence-base available to a security professional 

Derivation of appropriate professional, ethical requirements for security professionals 

Evaluating the effectiveness of security countermeasures 

Research a range of cyber security threats and vulnerabilities 

Critically assess the challenges of information security and risk management 

Present arguments that evidence understanding of the subject 

Professionalism in the workplace 

Transferable Skills (Listening, Communication, Time Management, Research, Literature Review and Analysis, Group Work, Reflective Thinking and Learning, Report Writing, Critical Thinking, Rhetoric and Argumentation) 

A blend of assessment types will be based on portfolio assessments that will include group work, individual work and continuous assessment.

Students will be provided with reassessment opportunities in line with University regulations.

Week 1 Introduction to Cyber Security and Risk Management. Key security and risk concepts and terminology Security fundamentals Introduction to cyber security career paths.  

Week 2 Common Security Frameworks – ISO/IEC 27005, NIST SP 800-30, Architecture - SABSA, Purdue Model.  

Week 3 Security as a business-enabler-ROSI. Security Economics. Criminal Economy, Insurance. Cyber security regulation & Ethics in Cyber Security.  

Week 4 General Information Security Risk Methodologies. NIST-D 62443, ISO31000 Risk in a dynamic and agile business environment.  

Week 5 Risk Assessment Methodologies - ISO/IEC 27005 NIST SP 800-30 OCTAVE Allegro Case Study.  

Week 6 Vulnerability Management, Vulnerability Detection Asset Management & Patching.  

Week 7 IDAM & Directories, User Trust Models.  

Week 8 SOC, Playbooks MITRE ATT & CK Framework.  

Week 9 Threat Intelligence Types of Threat Types of Actor STRIDE Threat Modelling Methodologies (Attack- and fault-trees).

Week 10 Threat Landscape, Adversarial Thinking CTF Adversarial Thinking.  

Week 11 Real World Events- SCADA, Automotive o Cloud security . Module Revision and Recap.