Information Security Governance (PSS321)

PSS321 Information Security Governance introduces students to governance of data with a focus on policy and risk management. Governance is an important topic in cybersecurity as it provides guidance on how organisations assess risks to their data and information, implement safeguards, and respond to cyber incidents. Considering the legal implications and loss of public trust involved when there is a cyber incident, information security governance should be an enterprise-wide endeavour and not regarded as only a technology-related issue. The course aims to illustrate the fundamental concepts and goals of cybersecurity, security governance design, relevant laws and regulations, as well as policies, strategies, and procedures involved in the protection of digital assets. With that understanding, students would be able to appreciate the need to protect digital assets by working as a team to deliver business outcomes within the context of risk management and security strategies.

• Technology, organisation and infocomm systems
• Governance structure
• Risk management framework
• Management of data
• Data stewardship and access controls
• System interconnections and information sharing
• Cyber security framework
• Information security management system and cyber resilience
• Related laws/regulations/guidelines
• Audit and compliance
• Security breach and crisis management
• Significance of senior management and human resources in good governance

• Compare governance frameworks
• Appraise risk assessment and risk mitigation approaches
• Discuss the impact of digitalisation on organisation
• Examine approaches to governance in organisations
• Analyse risks to information security and their mitigations
• Implement measures to prevent and treat security breaches
• Apply rules and guidelines for system interconnections and information sharing