CMT308: Business Continuity and Transformation
| School | Cardiff School of Computer Science and Informatics |
| Department Code | COMSC |
| Module Code | CMT308 |
| External Subject Code | 100366 |
| Number of Credits | 20 |
| Level | L7 |
| Language of Delivery | English |
| Module Leader | Dr Yulia Cherdantseva |
| Semester | Spring Semester |
| Academic Year | 2025/6 |
Outline Description of Module
The advent of the internet has created many new business opportunities, especially with support for externally hosted services and infrastructure (e.g. cloud and mobile services). This module aims to equip students with an understanding of risks and vulnerabilities associated with an effective operation of a business using both in-house and externally hosted infrastructure. A broader initial perspective will be considered, ranging from consideration of risk analysis methodologies, potential impact of these risks on both business operation and data privacy/leakage. A scenario-driven approach will be used to introduce students to cybersecurity threats and vulnerabilities, and the potential socio- economic impact of these on a business. Potential mitigation strategies will also be introduced as part of this scenario-driven approach, focusing on continuity planning and disaster recovery.
Students will plan security policy and business continuity plans, which will be tested in Red v Blue scenarios both theoretically and practically.
On completion of the module a student should be able to
-
Critically analyse the potential impact of cyber threats on business continuity.
-
Demonstrate understanding of entrepreneurial activities, and critically analyse and appraise business opportunities, including risks of outsourcing.
-
Evaluate threats to SMEs vs. Large enterprise.
-
Develop and test security policy and business continuity plans.
-
Plan, write and present a business continuity strategy for a new company or social enterprise.
-
Attack and defend systems using methods learned from penetration testing and business continuity planning.
-
Reflect upon research methods and their role in innovation.
How the module will be delivered
The module will be delivered through a combination of lectures, supervised lab sessions and tutorials as appropriate. You will be expected to attend all timetabled sessions and engage with online material. You will be guided through learning activities appropriate to your module, which may include:
on-line resources that you work through at your own pace (e.g. videos, web resources, e-books, quizzes),
on-line interactive sessions to work with other students and staff (e.g. discussions, live streaming of presentations, live-coding, team meetings)
face to face small group sessions (e.g. help classes, feedback sessions)
Skills that will be practised and developed
Critical evaluation of the claims from proponents of new technologies and methodologies, product vendors, researchers and consultants.
Derivation of appropriate legal and ethical requirements relevant to a specific situation.
Research skills in quantitative and qualitative methods.
Survey of academic, technical, and practitioners’ literature.
Innovation
Entrepreneurship and Commercialisation
Critical thinking.
Rhetoric and argumentation.
Time management.
Presentation skills.
Report writing, including writing academic and technical reports.
Reflective practice: the ability to reflect on performance, as a means of instilling the habit of lifelong learning
How the module will be assessed
A blend of assessment types which may include coursework and portfolio assessments, class tests, and/or formal examinations
Students will be provided with reassessment opportunities in line with University regulations.
Assessment Breakdown
| Type | % | Title | Duration(hrs) |
|---|---|---|---|
| Written Assessment | 20 | Open Book Online Knowledge Test | N/A |
| Written Assessment | 80 | Individual Coursework | N/A |
Syllabus content
Introduction to Business Continuity and an emphasis on significance of this within a business.
Key security and business continuity concepts and terminology.
Business continuity management lifecycle and related standards (e.g. ISO22301, ISO27001, BS25999, BS27031).
Legal cyber security landscape: ensuring compliance with regulations (GDPR, Computer Misuse act, NIS Regulation)
Business Impact Analysis (BIA), as well as Tools and Methods supporting its different stages.
Engineering reliable and dependable systems (Resilience Engineering)
NCSC guidance on Business Continuity and relevant guidance on Cyber Security
Specifics of Cyber Security and Business Continuity in the context of SMEs and CNI
Mitigation strategies & techniques for Business Continuity
Digital Transformation: Stages, Risks, Opportunities and Case-Studies
Research Methods in Cyber Security and Business Continuity
Responsible Innovation and Ethics
Innovation and Entrepreneurship in Cyber Security