CyberSecurity Governance, Risk and Compliance
Description
This module introduces students to concepts of Information technology governance, and the major governance frameworks which organisations use to manage their IT operations efficiently, safely and with a high degree of security: COBIT, ITIL, COSO, and CMMI. Specifically, the module explains the elements of these frameworks relating to cybersecurity risk management, cognitive risk, and the International cybersecurity standards in use: ISO 27001/2/3, NIST-CSF, and HITRUST-CSF. The module examines in detail cybersecurity Risk categories and quantitative and qualitative risk assessment techniques. Probabilities around attack likelihood, annual loss expectancy, and impact are calculated. Management, Technical and Operational risk mitigations are explained in terms of the MITRE ATT&CK and Lockheed Martin Kill Chain frameworks. Finally, generic industry and public service organisations: are examined: manufacturing, financial services (PCI DSS), healthcare (HL7), government; from the point of view of cybersecurity compliance/data protection regulations.
Learning Outcomes
Analyse key Information Technology Governance Frameworks including COBIT, ITIL, CMMI, COSO, etc, and the rules and policies which ensure effective, controlled, and integrated operation of an organisation's IT infrastructure and data.
Examine cyber security risk management frameworks, including the Mitre Cyber Prep 2.0, NIST CSF, and Cognitive Risk Frameworks.
Explain international cyber security standards (ISO 27001/2/3/4, NIST CSF, and O-RT, O-RA), and explain the context in which these are used to defend against cybersecurity threats.
Examine and apply qualitative and quantitative risk assessment methodologies (DREAD, CVSS, SLE, EF, ARO, and ALE) in the context of threat probabilities and vulnerabilities.
Critically explore threat/cyber risk mitigation philosophies in terms of effectiveness, adaptability, and strategic integration including Lockheed Martin Cyber Kill Chain, and the Mitre ATT&CK framework.
Identify the guidelines and best practices which form the compliance and regulatory frameworks in manufacturing, financial services industries, healthcare, and public service arenas: (SOX, PCI DSS, NIST, HL7, HIPAA/HITECH, SOCs, AT-101, and FedRAMP).