MAN 5166 Cyber Security for Leaders
MAN 5166 Cyber Security for Leaders
This Master of Management course (15 ECTS), is designed to be a part in a 90 ESCTS Executive Master of Management degree specializing in Security management and Cultural Understanding.
Cyber security is the application of technologies, processes, and controls to protect networks, programs, devices and data from syber attacks. The aim is to reduce the risk of cyber attacks and protect against the unauthorised exploitation of these systems.
Digitalization is among the highest political priorities in many countries. In Norway digitalization is seen as part of the strategy to overcome the challenges of the wide geographic distribution of the population, and enable equal services throughout the country. The political push towards digitalization for citizens, businesses and public services must be accompanied with precautions and strategies to create resilience against threats and attacks in cyberspace. Resilience means to protect your system, detect cyber security treats at the earliest possible occasion, and respond to incidents so that normal operation can be continued as soon as possible after a breach. In short, follow the principle “Protect, Detect and Respond”.
A high degree of resilience can be achieved via aware decision makers, deep and sound risk analysis, and teams which can balance the trade-off between vulnerability and overprotection. Moreover, the professional management and implementation of organizational and technical innovations in the context of cyber security involves managing across multiple stakeholders and networks. In short, cyber security leaders need to support such strategies and balancing processes, while consulting society and decision makers as part of the endeavor.
The students are troughout the course working experience based in an iterative process with challenges relevant for their organisation.
The participants shall be in a position to acquire and use specialised knowledge about theories and research methods within information and cyber security, hereunder:
- the complex issues of management of cyber security, technology and networks.
- the challenge of increaased vulnerability due to increesing needs of innovation.
- how to influence and build awareness of cyber security in their own organization.
- how to improve networking among decision-makers.
- risk, cyber security and incident management.
- high-reliability organizations, including practice, culture, and structure elements.
The program is designed to improve the participants’ tools and frameworks for analyzing digital threats and respond properly. Participants shall be in a good position to critically assess both academic and policy debates on this topic with respect to information, data, research methods and practical application of academic work. Through independent work based on research using open sources, and in line with pertinent ethics guidelines, they should be able to:
- Analyse systematically and critically challenge cyber risks.
- Analyse and evaluate cyber incidents
- Analyse and utilize relevant methods to develop and evaluate business continuity, disaster recovery and incident response plans.
- Analyse and develop digital security strategies and policies.
- Communicate effectively with management and stakeholders as well as people from other disciplines and context.
- Evaluate and assess security challenges throug an iterative process.
Upon completion of the course the participants shall acquire an overall holistic perspective on digital security challenges nationally and internationally, be in a position to analyse pertinent research, policy and ethical issues independently, and to:
- Advanced communication and discussion about independent work in speech and writing to different audiences in national and international contexts.
- Apply his/her knowledge and skills to make independent decisions and contribute to major decision-making processes that have a strong focus on security issues.
- Apply his/her knowledge and skills to establish ethical responsibility, and supervise other people in an independent and reflective way.
- Critically analyze opportunities and constraints regarding knowledge about the surroundings and alternative courses of action.
Session 1: Setting the Scene for a Secure Digitalized World
- Standards, Frameworks and Regulations
- Introduction to networks and management
- Innovation challenges
- Digitalization and secure digitalization
- Execution, control and respond
Session 2: Risk Management and Audit
- Vulnerabilities, Threats, and Business Impact
- Risk Management and Audit
- Cyber Insurances
- Change management
- Polycies and governance
Session 3: Mastering Digital Incidents and Crises
- Incident response and readiness.
- Investigations and digital forensic readiness.
- Business continuity management and disaster recovery planning.
- The value of trust networks and collaboration with authorities.
- Building security culture and socio-technical aspects
Nine teaching days in three 3-day sessions, amounting to 72 hours. The students must expect to use at least 400 study hours, which is the norm for 15 ECTS.
Lectures will consist of a combination of lectures, group work and discussions, where theory and the wide set of experience among students will form a valuable basis for interactions.
Between sessions, students are expected to work actively in groups with a change project related to their own organization, or perhaps in the relationships between organizations. This will be documented and discussed in relation to the curriculum, in a final report (project paper).
The students are evaluated through a term paper, counting 60% of the total grade and a 72 hours individual home exam counting 40%. The term paper may be written individually or in groups of maximum three persons. We recommend starting the work on the term paper early to supplement classroom learning. The term paper should be 15-20 pages
In all BI Executive courses and programs, there is a mutual requirement for the student and the course responsible regarding the involvement of the student's experience in the planning and implementation of courses, modules and programmes. This means that the student has the right and duty to get involved with their own knowledge and practice relevance, through the active sharing of their relevant experience and knowledge.
Bachelor degree, corresponding to 180 credits from an accredited university, university college or similar educational institution. The applicant must be at least 25 years of age. At least four years of work experience. For applicants who have already completed a master’s degree, three years of work experience are required. (two years of work experience are required for applicants employed at The Norwegian Armed Forces)
Disclaimer
Deviations in teaching and exams may occur if external conditions or unforeseen events call for this.
| Assessments |
|---|
Exam category: Submission Form of assessment: Written submission Weight: 60 Grouping: Group/Individual (1 - 3) Duration: 1 Semester(s) Comment: Term paper, counting 60% of the total grade. Exam code: MAN 51661 Grading scale: ECTS Resit: Examination when next scheduled course |
Exam category: Submission Form of assessment: Written submission Weight: 40 Grouping: Individual Duration: 72 Hour(s) Comment: Individual 72 hours home exam, counting 40% of the total grade. Exam code: MAN 51662 Grading scale: ECTS Resit: Examination when next scheduled course |
All exams must be passed to get a grade in this course.
| Activity | Duration | Comment |
|---|---|---|
Examination | 24 Hour(s) | |
Examination | 75 Hour(s) | |
Prepare for teaching | 75 Hour(s) | |
Student's own work with learning resources | 151 Hour(s) | |
Teaching | 75 Hour(s) |
A course of 1 ECTS credit corresponds to a workload of 26-30 hours. Therefore a course of 15 ECTS credit corresponds to a workload of at least 400 hours.