CYB806 – Cybersecurity Governance and Management Practices
In this unit, students will explore the fundamental principles and practices in the management of cybersecurity in organisations. The unit is divided into three parts. The first part sets the organisational context of cybersecurity and the key cybersecurity management challenges and objectives. The second presents the key management practices (risk, policy, training) and governance. The third part introduces security controls in a ‘defence-in-depth’ formation – starting with perimeter security controls followed by interior security controls. Physical security controls are introduced for completeness to complement the digital technology controls.
By engaging with the management and governance components of cybersecurity, students will integrate the ‘human’ and ‘process’ components of effective cybersecurity with the technical components. It is essential for cybersecurity practitioners to synthesise human, process and technical components of security to protect organisational assets.
Learning outcomes:
- Identify, describe and distinguish between cyber-threats and cyber-attacks
- Identify, describe and critically analyse on the role and utility of cybersecurity management practices, blueprints and governance structures in supporting cybersecurity programs
- Identify, describe and critically analyse the role and utility of formal and informal management controls of policy, risk, and training in supporting cybersecurity programs
- Identify, describe and critically analyse the role and utility of technological controls including firewalls, VPNs, intrusion detection systems, antivirus software and authentication mechanisms in supporting cybersecurity programs
- Design high-level cybersecurity management practices that address key risks for real-world organisations