Cyber Security Management

Abstract

Cyber security is primarily a management and not a technical problem. Identifying risk and implementing effective policy and practice to secure information is recognised as a management issue. This subject is comprised of a series of topics that investigate cyber security and the implications for the management of Information and Communications Technology (ICT) and primarily management aspects of cyber security to provide a practical insight into ICT security practices. The foundational concepts of cyber security management models and practices are included.

Syllabus

Introduction to the management of cyber securityPlanning for securityCyber security policyDeveloping the security programRisk management: Identifying and assessing riskRisk management: controlling riskSecurity management modelsSecurity management practicesPlanning for contingenciesSecurity maintenanceCyber law and compliance

Learning outcomes

Upon successful completion of this subject, students should:

be able to describe the key concepts associated with management of cyber security;

be able to explore and analyse the principle components of enterprise information security governance and planning;

be able to develop an enterprise information security policy;

be able to propose risk management and risk mitigation strategies; and

be able to discuss the legal and regulatory environment in the context of cyber security.

Assumed knowledge

It is assumed students will have completed ITC292, or content similar

Enrolment restrictions

Available to undergraduate students only.