Information and Cyber Security Management and Leadership (5 cr)
Code: MS00CR14-3002
General information
- Enrollment
-
02.12.2024 - 23.03.2025
Registration for the implementation has ended.
- Timing
-
01.01.2025 - 31.07.2025
Implementation is running.
- Number of ECTS credits allocated
- 5 cr
- Local portion
- 5 cr
- Mode of delivery
- Contact learning
- Unit
- ICT
- Campus
- Kupittaa Campus
- Teaching languages
- Finnish
- Seats
- 10 - 36
- Degree programmes
- Master of Business Administration, Cyber Security
- Master of Engineering, Cyber Security
- Teachers
- Pia Satopää
- Course
- MS00CR14
Realization has 4 reservations. Total duration of reservations is 17 h 0 min.
| Time | Topic | Location |
|---|---|---|
|
Mon 24.03.2025 time 13:00 - 16:15 (3 h 15 min) |
Tietoturvallisuuden hallinta ja johtaminen MS00CR14-3002 |
EDU_3029
Lovisa muunto byod
|
|
Tue 25.03.2025 time 13:00 - 16:15 (3 h 15 min) |
Tietoturvallisuuden hallinta ja johtaminen MS00CR14-3002 |
EDU_3029
Lovisa muunto byod
|
|
Tue 22.04.2025 time 13:00 - 16:15 (3 h 15 min) |
Tietoturvallisuuden hallinta ja johtaminen MS00CR14-3002 |
EDU_3029
Lovisa muunto byod
|
|
Wed 23.04.2025 time 09:00 - 16:15 (7 h 15 min) |
Tietoturvallisuuden hallinta ja johtaminen MS00CR14-3002 |
EDU_3029
Lovisa muunto byod
|
Evaluation scale
H-5
Content scheduling
TOPICS
• Fundamentals of Information and Cyber Security Management
• Risk Management as a Part of Leadership
• Supply Chain and Contract Management
• Information and Cyber Security Management and Governance System (ISMS)
• Leadership Situational Awareness
• Training as a Component of Management and Governance
LEARNING OBJECTIVES
Students will be able to:
• Comprehend the basics of information and cyber security management
• Recognize management's responsibility for information and cyber security
• Identify the significance of information and cyber security for organizational business operations
• Evaluate the organization's competency level in information and cyber security and design and implement training programs
• Understand processes, management tools, and personnel and supply chain-related aspects of information and cyber security management
• Effectively assess risks in the cyber operational environment
• Appreciate the importance of situational awareness in crisis management
• Comprehend the content and significance of an Information and Cyber Security Management and Governance System (ISMS) for the organization
• Design and implement an ISMS and tailor it to the organization's specific needs
• Understand the importance of supply chain and contract management for the organization's information and cyber security
• Plan business preparedness and understand its alignment with the organization's strategy and business processes
• Recognize the importance of crisis management plans, crisis communication, and leadership training
SUMMARY
This course provides students with a comprehensive understanding of information and cyber security management and leadership, covering topics such as risk management, preparedness, continuity management, recovery, supply chain and contract management, and the implementation of an Information and Cyber Security Management and Governance System (ISMS). Students will also understand the importance of situational awareness in crisis management and will be equipped to plan and implement effective strategies. By the end of the course, students will have the skills to design and implement an ISMS, evaluate risks, develop preparedness plans, and comprehend the significance of these practices in maintaining a secure organizational environment.
Objective
Students will be able to:
• Comprehend the basics of information and cyber security management
• Recognize management's responsibility for information and cyber security
• Identify the significance of information and cyber security for organizational business operations
• Evaluate the organization's competency level in information and cyber security and design and implement training programs
• Understand processes, management tools, and personnel and supply chain-related aspects of information and cyber security management
• Effectively assess risks in the cyber operational environment
• Appreciate the importance of situational awareness in crisis management
• Comprehend the content and significance of an Information and Cyber Security Management and Governance System (ISMS) for the organization
• Design and implement an ISMS and tailor it to the organization's specific needs
• Understand the importance of supply chain and contract management for the organization's information and cyber security
• Plan business preparedness and understand its alignment with the organization's strategy and business processes
• Recognize the importance of crisis management plans, crisis communication, and leadership training
SUMMARY
This course provides students with a comprehensive understanding of information and cyber security management and leadership, covering topics such as risk management, preparedness, continuity management, recovery, supply chain, and contract management, and the implementation of an Information and Cyber Security Management and Governance System (ISMS). Students will also understand the importance of situational awareness in crisis management and will be equipped to plan and implement effective strategies. By the end of the course, students will have the skills to design and implement an ISMS, evaluate risks, develop preparedness plans, and comprehend the significance of these practices in maintaining a secure organizational environment.
Content
• Fundamentals of Information and Cyber Security Management
• Risk Management as a Part of Leadership
• Preparedness, Continuity Management, and Recovery
• Supply Chain and Contract Management
• Information and Cyber Security Management and Governance System (ISMS)
• Leadership Situational Awareness
• Training as a Component of Management and Governance
Materials
The learning environment used is the It’s Learning platform provided by Turku University of Applied Sciences. All course materials and remote assignments are distributed through the platform. Any peer assessments will also be conducted within the system
Teaching methods
Luennot ja lähipäivät
Kirjalliset etätehtävät
Itsenäinen ja ryhmätyöskentely
Pedagogic approaches and sustainable development
The pedagogical model and practices are based on problem-based learning, collaborative learning, and cooperation with the working life. Assigning remote tasks to the students' own employer organization benefits both the employer and the student. Peer learning during in-person sessions, through sharing experiences and discussions, is an essential part of the content of the on-site days. The course may also feature guest lecturers, providing students with the opportunity to ask questions to industry experts and deepen their own learning.
Student workload
Between the on-site sessions, students work independently on the given remote assignments related to the course topics. As a rule, all remote assignments are to be submitted.
Evaluation methods and criteria
The course performance is assessed through individual and group tasks completed between in-person sessions. These tasks are in the form of essays or other types of peer-reviewed deliverables, related to the methods and maturity level of the student's own organization, where possible. The tasks focus on information and cybersecurity management, risk management, and information security management systems. A key aspect of the tasks is critically analyzing the organization's current state and evaluating potential areas for development.
The goal of peer assessments is to provide students with an understanding of how information and cybersecurity are addressed at different levels in organizations and to offer ideas for improving their own organization. Peer reviews focus on constructive and analytical feedback. Participation in in-person sessions is recommended, but there is no mandatory attendance. However, attending the in-person session provides better preparation for succeeding in the remote tasks. If a student is absent from an in-person session, an alternative assignment can be given.
Failed (0)
The student has not participated in on-site teaching or group work. The required written assignments are incomplete, and/or the student's skills are seriously lacking.
Assessment criteria, satisfactory (1-2)
The student has participated poorly in on-site teaching and group assignments. Based on the assessed written outputs, the student has difficulty understanding the management and leadership of information security and cybersecurity.
Assessment criteria, good (3-4)
The student has actively participated in on-site teaching, group assignments, and discussions. The student is able to apply their learning to their own job role or work environment. They are capable of comprehensively and critically evaluating what they have learned through the assignments from the perspective of business and their own organization.
Assessment criteria, excellent (5)
The student's thinking is independent and broad. The student is able to understand information and cybersecurity management as part of business and strategy. The student has produced commendable written work, demonstrating the ability to apply what they have learned to the needs of different organizations. The student shows diverse and creative thinking, as well as a comprehensive understanding of the significance of information and cybersecurity management for the organization's operations.
Further information
The It’s Learning platform used by Turku University of Applied Sciences serves as the communication channel for the course.