Learning Outcomes
At the end of this course, students should be able to:
1. describe the cybersecurity risks, how to avoid/prevent them and state the cybersecurity
challenges and the path forward;
2. apply the decision and risk analysis techniques, and devise how to mitigate risks and
vulnerabilities;
3. develop the effective use of assessments for cybersecurity risk mitigation in the cloud and
how to use proactive measures to mitigate critical cybersecurity challenges;
4. analyse the implications of information technology to national development, cyber-attacks,
control, distribution and safety of information with a review of the economic and
geopolitical factors that have made African countries vulnerable to cyber-attacks;
5. review what information security means and the principles of applied information security
management, and examine the governance and security policy, threat and vulnerability
management, risk assessment and management frameworks, information leakage, crisis
management and legal security implementation considerations;
6. explore ISO 27000 series and the Plan-Do-Check-Act model, and assess threats and
vulnerabilities, incident response, forensics and investigations; and
7. describe how to deal with classified/sensitive data, legal and regulatory drivers and
practical considerations when implementing the frameworks to address current and future
threats.
Course Contents
Principles of applied information security management. Cybersecurity challenges.
Cybersecurity risks, challenges and the path forward. Recognising risks. Overview of decision
and risk analysis techniques. Mitigating risks and vulnerabilities. Effective use of assessments
for cybersecurity risk mitigation. Mitigating cybersecurity risk with the cloud. Proactive
measures mitigate critical cybersecurity challenges. Critical corporate and military
cybersecurity risks. Evolving challenges in cyber risk management. The social implication of
information technology to national development, cyber-attacks, control, distribution and
safety of information. Economic and geopolitical factors that have made African countries
vulnerable to cyber-attacks and the steps that can be taken to address this. Governance and
security policy. Threat and vulnerability management. Incident management, risk assessment
and risk management frameworks. Information leakage, crisis management and business
continuity. Legal and compliance, security awareness and security implementation
considerations. ISO 27000 series and the Plan-Do-Check-Act model. Assessment of threats
and vulnerabilities. Incident response, forensics and investigations. Dealing with
classified/sensitive data. Legal and regulatory drivers and issues. Certification. Common
criteria, security education and training. Practical considerations when implementing the
frameworks to address current and future threats.
Lab work: Practical approach to cyber hygiene. Practice cybersecurity risk mitigation in the
cloud and how to use proactive measures to mitigate the learned challenges. Work on applying
the decision and risk analysis techniques. Master how to mitigate risks and vulnerabilities.