Module: CYS5002-20 Cyber Resilience

Level: 5

Credit Value: 20

Module Tutor: John Curry

Module Tutor Contact Details: j.curry@bathspa.ac.uk

1. Brief description and aims of module:

Cyber criminals are adapting faster than security solutions are being devised. Many specialists agree that traditional cyber security measures are proving inadequate at handing the persistence and complexity of the evolving threat landscape. The concept of cyber resilience in turn represents a shift in mindset to one that assumes that cyber attacks are inevitable, and that organisations should focus efforts on developing post-breach strategies in addition to mitigatory measures. Cyber resilience is about an organisation’s ability to reduce the impact of an attack, and it’s capacity to return to operations as quickly as possible.

We begin with a review of the subtle yet critical differences between cyber security and cyber resilience with a particular focus on the notion of ‘assuming breach’. We then consider what cyber resilience means for the public, private and third sector, which includes an understanding of relevant published frameworks from the UK and other global powers. This is followed by a deep examination of potential strategies that an organisation can put in place for improving cyber resilience. This includes planning decisions that target cost of attack and risk exposure, as well as ways that organisations fine tune their post-incident recovery plans to meet individual circumstances.

2.Outline syllabus

• Cyber security vs cyber resilience

• The scope of cyber resilience: organisations, critical infrastructure, society, nation states

• Assuming breach: taking on an adversary mindset

• IT Governance Cyber Resilience Framework

• MITRE ATT&CK framework

• Defining a bespoke and robust organisational cyber resilience strategy

• Identifying cyber risk (pure and speculative) and its place within business risk management

• Analysing and calculating risk exposure

• The problem of security decay and cyber hygiene

• Tensions between security and complexity

• Cyber resilience through compliance: GDPR, Cyber Essentials and related ISO (International Organization for Standardization) standards

• The importance of organisational collaboration

3.Teaching and learning activities

Class Hours

Lectures and seminars are highly focused on strategic thinking and case study analysis. This is support where possible from insights on specific cyber resilience strategies from invited speakers. Workshop sessions invite you to establish and critically evaluate threat mitigation and post-incident recovery solutions for hypothetical business contexts.

Independent Learning

You are expected to undertake readings set by tutors and follow up concepts and examples introduced in class through independent research.

Assessment Item 1:

• Assessment Type: Course Work

• Description: Cyber resilience plan (5,000 words).

• % Weighting: 100%