Accessibility statement

Cyber Security for Managers - MAN00039H

« Back to module search

  • Department: The York Management School
  • Credit value: 20 credits
  • Credit level: H
  • Academic year of delivery: 2023-24

Module summary

The objective of this course is to provide students with an understanding of information security, and organisational cyber security. The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security.

Module will run

Occurrence Teaching period
A Semester 2 2023-24

Module aims

Cyber security has been recognised as a significant issue for companies, in particular their information technology and security departments. However, cyber security is also emerging as an increasingly significant management issue. The objective of this course is to provide students with an understanding of information security, and organisational cyber security.

The course will enable students to understand the importance of information and systems security, ethics, and regulatory expectations around organisational cyber security. The students will also develop an understanding of the expectations from society and the media around cyber security, and how organisations respond to information leaks and cyber-attacks.

An additional aim of the module is to improve student's awareness of their own cyber security, and critically reflect on their own behaviour in cyberspace.

Module learning outcomes

  • Understand the importance of information systems and information technology to cyber security.

  • Understand the types of cyber security threats faced by modern organisations, and the origin of security threats (internal/external).

  • Students will develop an awareness of the ethical and operational issues around cyber security and systems surveillance and be able to critically evaluate the ethical implications for individuals, organisations, and society, of cyber security strategies and policy.

  • Understand the basics of the UK and International regulatory requirements for cyber security, and the role organisations play in national security.

  • Be able to critically evaluate how organisations respond to cyber-attacks, through the analysis of both successful and failed organisational responses.

  • Be able to critically evaluate organisational strategy and policy around cyber security.

  • Students will critically evaluate their own online behaviour and their personal cyber security, by reflecting on what they learn on the course.

Module content

There are numerous managerial issues around cyber threats that students should have experience of before entering the workplace. Leaks, hacking, and viruses/malware are a very real threat to organisations, and society is becoming increasingly concerned with privacy, data retention, and the moral arguments around whistle-blowing. This module will address these issues and hopefully generate lively and interesting debate among students.

Managers often encounter cyber security threats after the fact, that is, once disaster has struck. Therefore, an important aspect to this module will be the critical evaluation of organisational response to cyber threats, leaks, or hacking. Students will also be assessed on their ability to prepare a suitable response to a simulated security breach at an organisation. Including a short, written, report reassuring shareholders, and a mock press conference, with a questions and answer session.

Technology is a central issue to cyber security, often critical to the detection and defence of cyber attacks, but also frequently the site of attack. The module will also highlight where these technologies interface with the management of the organisation, for example artificial intelligence and risk detection.

Students will also develop skills to critically evaluate cyber security policy and strategy to enable them to discover problems within organisations before disaster strikes, perhaps reducing the possibility of needing to respond to an attack. This knowledge can also be used to improve their own security online.

The module will be taught using a mixture of lectures, guest lectures, and seminars, and make use of documentary material and news reports as well as journals and textbooks.

The module includes peer marking on the group work.

Indicative assessment

Task % of module mark
Essay/coursework 70
Groupwork 15
Groupwork 15

Special assessment rules

None

Indicative reassessment

Task % of module mark
Essay/coursework 15
Essay/coursework 15
Essay/coursework 70

Module feedback

Module assessment reports to students are written by the module leader for all assessments (open and closed) and placed on the VLE after the Board of Examiners has received the module marks.

The timescale for the return of feedback will accord with School policy

Indicative reading

Gurpreet Dhillon, Information Systems Security, Wiley, 2007.



The information on this page is indicative of the module that is currently on offer. The University constantly explores ways to enhance and improve its degree programmes and therefore reserves the right to make variations to the content and method of delivery of modules, and to discontinue modules, if such action is reasonably considered to be necessary. In some instances it may be appropriate for the University to notify and consult with affected students about module changes in accordance with the University's policy on the Approval of Modifications to Existing Taught Programmes of Study.