Equipping leaders to manage information security and risk
Alongside terrorism, cyber security threats and attacks comprise two of the UK’s top national security risks. Cyber crime cost the UK economy £27bn in 2011 and is projected to run into more substantial figures if it is not strategically combatted.
Concerns around cyber security for the private and the public sectors have led to a growing market for technical specialists in fields such as cryptography. However, there are few courses which offer training and certification to professionals blending management and business awareness with the technical aspects of software reliability.
City University London’s MSc in the Management of Information Security and Risk (MISR) is taught by academics from the Centre for Software Reliability who are carrying out world-class research. This postgraduate qualification bridges the gap between business risk and IT security, equipping experienced professionals with a range of capabilities which include quantifying and qualifying the costs of protecting their organisations from cyber attacks and devising comprehensive strategies for managing risk. The City course is targeted at senior professionals like Dan Skeggs, group cyber security manager with supermarket giant Tesco. For Dan, the MISR, “comfortably straddles the technical and the non-technical world”. Though Dan encountered initial challenges with some of the MISR’s mathematical aspects, he willingly recommends it to other senior managers like himself. As part of their course modules, students on the MISR understand how to communicate cyber and software risk to their technical and executive business teams (chief executive officer, chief information officer, chief financial officer and chief operating officer) in ways they can all understand. Students are also brought up to speed on the latest information security standards, legislation and best practice from world leading technical experts.
Vivek Dubey, an independent IT management consultant says that though he has spearheaded the implementation of IT services across organisations, he did not have a full grasp of security issues. He has now gained a greater appreciation and awareness of security and leadership.
For Brett Roux, Infrastructure Director at London Bridge Media, the “focus on software dependability on the course is distinctive. It’s a different approach to the way that the IT industry looks at IT security and risk.” Brett is also impressed by the “high-quality” guest speakers, such as Dr Ian Robertson (IBM), Ken Munro (Pen Test Partners) and Dr Corrado Leita (Lastline Inc), who have respectively addressed “Governance risk and compliance”, “Pen testing” and “Anti-malware tools and technologies”.
All of the course modules are taught in ‘block mode’ which consists of two long weekends (a Thursday evening beginning at 5pm, all day on Friday and Saturday). City’s MISR is delivered by academics such as Professor of Software and System Dependability, Professor Robin Bloomfield, who has also led several high-profile consultancy projects involving cyber risk to critical national infrastructure.
Benoit Heynderickx, an Information Security Manager at Sony Mobile Communications, says that from the research he has carried out the MISR is the only MSc of its kind, a view echoed by Peter Rutherford, an Information Security Consultant at Deutsche Bank’s Global Market Equities division.
Cyber risk refers to any risk of financial loss, disruption or damage to the reputation of an organisation from the failure of its information technology systems.