Cybersecurity Standards, Risk and Compliance

This module introduces students to concepts of Information technology governance, and the major governance policies which organisations use to manage their IT operations efficiently, safely and with a high degree of security. Frameworks such as COBIT, and ITIL are briefly explained and the elements of these frameworks relating to cybersecurity risk management. International cybersecurity standards, NIST-CSF, and HITRUST-CSF are explained. The module then examines cybersecurity risk categories, quantitative and qualitative risk assessment techniques, and management and operational risk mitigations. Finally, generic industry and public service organisations are examined: manufacturing, financial services, healthcare, government; from the point of view of cybersecurity compliance regulations.   

1. Outline and describe Information Technology governance rules and policies which ensure effective, controlled and secure operation of an organisation's IT infrastructure and data. 

2. Utilise qualitative and quantitative methods to assess cybersecurity risks in an organisation.

3. Examine a Risk Management Framework (RMF) which implements organisation-wide cybersecurity policies, controls and mitigations to reduce the impact malicious attacks on enterprise infrastructure and data.

4. Explain international cybersecurity standards and illustrate the context in which these are used to defend against cybersecurity threats. 

5. Demonstrate an understanding of the specific regulatory and cybersecurity compliance requirements in industry specific environments: Financial Services,   Healthcare, Manufacturing industry, Military and Government organisations.