Cyber security breaches cause significant personal and organisational damage and pose a clear and present risk to business profitability and resilience. Forbes, the business magazine, estimates that the annual cost of cyber-crime might reach (or surpass) $2Trillion by 2019. At a ground-level, Cyber security breaches are causing business insolvencies and posing challenges to employee safety and wellbeing. In this unit the learner will be introduced to a variety of threats and risks emanating from the cyberspace. The unit will look at various methods of attack and will use case studies to analyse various threat vectors, including Malware, Botnets and Trojans. The unit will introduce and explain various models of measuring threats, risks and impacts. Including, those proposed and recommended by a range of information security standards published by the International Standards Organisation and US NIST (National Institute of Standards and Technology). Using a well-documented ‘real-world case study’, the learner will investigate and examine the business impact of a recent mega data breach.

In this unit the learner will look at the component parts of digital communications and interoperability with IT networks, hardware, firmware and software components. The inherent insecurity of the internet will be described and discussed. What are the basics of computer science and technology? How do computers communicate with one another? How can networks communicate and how can we plan their security architecture in a more proactive and organised manner? The second half of this unit will look at security planning and core concepts including ‘security engineering’, systems hardening and cyber resilience.

Database security concerns the use of a broad range of information security controls to protect databases (potentially including the data, the database applications or stored functions, the database systems, the database servers and the associated network links) against compromises of their confidentiality, integrity and availability. It involves various types or categories of controls, such as technical, procedural/administrative and physical. Database security is a specialist topic within the broader realms of computer security, information security and risk management. In this unit the learner will explore security risks to database systems and mitigation techniques. Understanding the function of computer programming is essential to understanding the dark arts of ‘Black Hat Hackers’. Learners will examine (as a rolling case study) Python as a popular contemporary programming language. The symbiotic link between developments in computer programming and vulnerabilities to hacking will be examined and explored.

In this unit the learner will examine Incident Response, Computer Emergency Response Teams (CERTS), and events requiring investigative techniques. Learners will identify and examine aligned business tasks and task forces including Disaster Recovery, Business Continuity Management and Crisis Management. The unit then focuses on exploring cyber-related incident investigations, including evidential analysis gathering, logging and reporting. Learners will have the opportunity to look at case studies and assess how the approaches used could be applied into their own workplace.

Knowing how to build a cyber defence strategy, what legal tools require consideration, how policies can be written and embedded, are all vital ingredients to successful in-house cyber security practices. In this unit the learner will bring together knowledge acquired from previous units and build on this in relation to developing plausible strategic plans, executive buy-in and legal compliance. Key questions and challenges are posed:

• What is ‘strategy’ and what can a ‘cyber security strategy’ look like?

• How do we achieve senior-level buy-in?

• How do we monitor and safeguard compliance, particularly if our operations are dispersed across a multinational environment?

• What are the key legal requirements and industry standards that can assist and enhance our cyber security strategies and practices?

In this unit the learner will look at banking and financial services in relation to cyber security threats and risks and the potential methods to mitigate and lessen organisational vulnerability to cyber security attacks. The unit is relevant to anybody who wishes to learn how to identify and plan for direct cyber-attacks on financial services architecture, including those directly employed by the sector, or learners who need to understand their own organisational financial dependencies underpinning financial systems, including payment systems. As ‘traditional’ financial institutions, financial market platforms, and emerging cryptocurrency markets attract attacks from state and non-state cyber criminals, how can employees and companies protect their own financial infrastructure and supply chains? Case studies, including the TINBA and ZEUS trojans, will be evaluated and discussed.

In this unit the learner will look at the emerging cyber offensive and defensive strategies of nation states that reportedly engage in what is called ‘cyber war’ or ‘information warfare’. What nation-state governments have the most advanced cyber capabilities? How might they be used to defend or attack an institution, group or infrastructure? Why is this knowledge important for cyber security practitioners based within businesses? As part of this unit learners will analyse geopolitical considerations in relation to cyber security incidents and also explore the direct, likely implications, for their business organisations, and surrounding Critical National Infrastructure (CNI), that might get caught up in widescale disruption and long-term power outage.