The growing reliance on digital technologies across sectors has made cybersecurity an indispensable element of modern organizational management. Cybersecurity is no longer a purely technical domain reserved for IT professionals. It now intersects with governance, business continuity, legal compliance, and national security. This module introduces students to the fundamentals of cybersecurity management by exploring core concepts, frameworks, and strategic approaches needed to navigate an increasingly hostile digital environment.
At its core, cybersecurity management involves safeguarding digital assets—such as data, applications, networks, and infrastructure—against intentional and accidental threats. These threats may include malware, ransomware, phishing, insider attacks, or unauthorized access to sensitive systems. Organizations must adopt proactive, structured measures to ensure the confidentiality, integrity, and availability of their information assets, also known as the CIA triad.
Students will begin the module by examining the evolving nature of cyber threats and how these threats affect personal, organizational, and national ecosystems. Emphasis is placed on understanding the motivations of threat actors, including cybercriminals, hacktivists, insiders, and nation-state adversaries. Real-world examples such as the SolarWinds attack and Colonial Pipeline ransomware incident will be used to highlight the scale and impact of cyber incidents.
A key component of the module is the exploration of cybersecurity governance. Learners will study how cybersecurity policies, procedures, and standards are established and maintained within an organization. This includes the role of Chief Information Security Officers (CISOs), governance committees, and risk oversight boards. Students will learn how organizations align cybersecurity efforts with strategic goals and regulatory demands.
The module introduces globally recognized cybersecurity frameworks that serve as guiding structures for managing information security. These include the NIST Cybersecurity Framework, ISO/IEC 27001, and the CIS Controls. Each of these frameworks provides a structured approach to identifying, protecting, detecting, responding to, and recovering from cyber threats. Through case studies and practical exercises, students will evaluate the usefulness of these models in different organizational contexts.
Cybersecurity culture is another area of emphasis in this module. Culture influences how employees perceive and respond to cyber risks. Students will learn about the role of security awareness training, leadership, communication, and ethical behaviour in fostering a resilient cybersecurity environment. The human factor, often referred to as the weakest link in cybersecurity, will be examined through insider threat scenarios and social engineering examples.
Students will also explore the distinction between cybersecurity and information security. While both disciplines aim to protect information assets, cybersecurity specifically focuses on protecting systems and networks from digital threats, whereas information security encompasses all forms of information, including paper records and verbal communications.
The importance of leadership and communication in cybersecurity management will also be addressed. Students will learn how to articulate security risks and policy implications to both technical teams and non-technical stakeholders, including executives, board members, and regulatory bodies. The ability to translate complex security concepts into business language is critical for informed decision-making.
By the end of the module, students will have a strong foundational understanding of cybersecurity management. They will be able to identify major threat vectors, describe the elements of a security governance program, and explain how cybersecurity strategy aligns with organizational objectives and compliance requirements.