Cybersecurity Governance for Business Leaders

Course Overview:

This course provides an excellent playbook to construct and manage cybersecurity governance. It applies to the business leaders and managers from a wide range of industries who manage policies, procedures and practices that foster organisational security within and beyond their work context.   

The exponential growth in the use of technology, coupled with an emerging awareness of cybercrimes and vulnerabilities, has created unprecedented attention to cybersecurity. However, as of today, cybersecurity is considered to be predominantly technical and most often delegated to the technical team of the organisation. This course identifies this gap and provides an enterprise-wide governance approach to manage cybersecurity. It’s a great way to start for the leaders in this space as it sheds light on the key tenets of how cyber resilience can be designed and managed.   

This course requires very little or no technical knowledge of computer systems. In this course, you will learn the context, governance, frameworks and risk management of cybersecurity through the lens of business acumen. After completing the course, you should be able to make informed decisions on cybersecurity governance including identifying, protecting, detecting potential cyber threats and vulnerabilities. Response and recovery of critical cyber incidents will also be covered in-depth with real-life examples.

Course Structure:

This course integrates a four-part intertwined learning platform that encapsulates an A-Z approach to cybersecurity management and governance. The four interrelated parts of your learning journey are: 

A. Cybersecurity Landscape  
B.Cybersecurity Governance and Policy
C.Cybersecurity frameworks, and
D.Cybersecurity Risk Management.

What you need to know (Prerequisite):
Basic/elementary knowledge of computer devices, computer networks and the internet.

 Career Opportunities

  • Information Security Officer
  • Cyber Risk Manager
  • Cybersecurity Architect
  • Cyber Auditor
  • Vulnerability Assessor
  • Security Incident and Event Manager

Prescribed Textbook (Included with the course fee)
Santos, O 2019,  Developing Cybersecurity Programs and Policies, 3rd Edition, Pearson Education, USA.

Prescribed Learning Materials (Included with the course fee)

Learning resources available at myAuPI

Course Fee

Introductory Video

Key Features

Who should do the course

This course is intended for anyone who is currently working or preparing for a leadership role in organizational security, risk management, and/or areas relevant to cybersecurity. Anyone starting from cybersecurity professionals to incident managers, auditors, executives, board members and business owners can benefit from this course.  

What you will learn

After successful completion of this course the students should be able to:

  • Possess strong business acumen to translate the cybersecurity paradigms in layman’s terms for non-technical audiences.
  • Transforming cybersecurity from a technical support function into a strategic management function.
  • Articulate the critical thinking, creativity and problem-solving skills not only of the IT team but of the entire organisation.
  • Be proficient in speaking the business language when communicating about cybersecurity to influence senior management and the Board of Directors.
  • Align the objectives of cybersecurity functions with the business strategy.
  • Know the principles of cybersecurity incident response and how to develop an incident response plan.

Study Load​

Course Content – Cybersecurity Governance for Business Leaders

Part A
Cybersecurity Landscape
• Introduction
• History and emergence
• Cybersecurity myths
• Is it FAD or Fact
• Some Common Threats
• Glossary/Key terms
Part B
Cybersecurity Governance and Policy
• Defining policy and governance
• Cybersecurity policy and life cycle
• Human factor
• Incident response
• Case Study
• Glossary/Key terms
Part C
Cybersecurity frameworks
• Cybersecurity concepts and building blocks
• CIA Model
• NIST Framework
• Asset Management and control (identify and protect)
• Detect, respond and recovery
• Incident and event management
• Case Study
• Glossary/Key terms
Part D
Cybersecurity Risk Management
• How secure you are
• Risk management and NIST approach
• Stacked Risk
• Risk framework
• Risk lifecycle
• Access control management
• Cybersecurity incident response
• Business continuity risk management
• Cybersecurity audit and ISO27000
• Risk reporting template
• Glossary/Key terms