Cyber Security: GRC Part 2 - Risk Management and Compliance

Macquarie University via Coursera

Go to class Write review

Overview

Coursera Flash Sale

40% Off Coursera Plus for 3 Months!

Grab it

Cyber Security: GRC Part 2: Risk Management and Compliance | Govern, Guide, and Respond with Confidence In a world where digital threats are a boardroom issue, leadership in cybersecurity requires more than technical literacy—it demands strategic foresight, decisive governance, and resilient execution. This course is your executive playbook for navigating the complexities of modern cyber security management. Lead the Cyber Defence from the Front Developed by the Cyber Skills Academy at Macquarie University—ranked in the top 1% of universities globally and recognised as Australia’s leading cyber security school—this course has been co-designed with industry to empower senior professionals, managers, and rising cyber leaders with the frameworks, insights, and tools to lead with confidence in a dynamic threat environment. You’ll explore how to: • Craft and align a cybersecurity strategy to business goals, integrating frameworks like NIST, CIS, and ISO27001. • Establish effective cyber governance models including risk management structures and the Three Lines of Defence. • Assess and quantify organisational cyber risks using both qualitative and quantitative methodologies. • Make high-stakes decisions under pressure during real-time cyber incidents, leveraging playbooks, threat models, and resilience protocols. • Build a culture of trust, accountability, and proactive risk reduction across the enterprise. From Boardroom to Breach Response Whether you're guiding security policy, reporting to the board, or leading operational teams, this course provides the essential skills to bridge the gap between executive leadership and cyber security excellence. Build your capability as a trusted cyber leader. Lead with clarity. Respond with control. Govern with purpose.

Syllabus

Cybersecurity Strategy

Every strong security program begins with a clear strategy. In this foundational topic, learners will explore how to design, articulate, and assess an organisational cybersecurity strategy that aligns with broader business goals and effectively secures critical assets. This topic introduces core security principles, including the CIA Triad, Confidentiality, Integrity, and Availability as well as the risks, threats, and vulnerabilities shaping today's cyber landscape. Learners will gain an understanding of how to evaluate an organisation's threat environment, determine cyber risk tolerance, and benchmark maturity using internationally recognised frameworks such as NIST, ISO 27001, and CIS Controls. This module also addresses how to embed cybersecurity into enterprise strategy and culture, transforming it from a technical afterthought into a strategic enabler. Whether you're a current or aspiring cyber leader, this topic sets the stage for developing the mindset, language, and vision needed to lead with impact in a fast-evolving threat landscape. By the end of this topic, learners will be able to describe a tailored cybersecurity strategy, evaluate cyber maturity, and begin aligning security decisions with organisational priorities.

Preparing Your Organisation

Strong governance is the cornerstone of effective cyber security leadership. In this topic, learners will explore how cyber security must be governed at the highest levels of an organisation and why executive oversight, structural clarity, and shared accountability are essential in managing cyber risk at scale. This topic introduces learners to key governance models, including the Three Lines of Defence, and examines the responsibilities of senior management in shaping enterprise-wide cyber security programs. It unpacks how leaders must work across risk, compliance, IT, and operational teams to establish robust governance structures, clear reporting lines, and aligned responsibilities. Learners will also explore global governance frameworks such as the NIST Cybersecurity Framework (CSF), NIST SP 800-53, and the CIS Critical Security Controls, building practical familiarity with their categories, control objectives, and assessment tools. These frameworks provide the structure to define, implement, and evaluate cyber programs aligned with business priorities and risk appetite. By the end of this topic, learners will be able to demonstrate how governance frameworks support strategic oversight, guide risk management decisions, and ensure cyber security is embedded as a shared organisational responsibility, from the boardroom to the frontlines.

Cybersecurity Corporate Governance

Cybersecurity is ultimately about managing risk. In this topic, learners will develop the mindset and methods needed to lead cyber risk management efforts across an organisation, balancing security controls with operational needs and business priorities. Building on governance principles, this topic explores the core concepts of cyber risk, including threat modelling, asset classification, risk tolerance, and the evolving nature of digital threats. Learners will walk through structured risk assessment processes, learning how to identify vulnerabilities, assess likelihood and impact, and prioritise mitigation strategies. Through the lens of the Cyber Risk Process Hierarchy, participants will understand how risk management cascades from board-level policy through to day-to-day operational controls. The topic also reinforces the governance structures introduced in Topic 2, such as the Three Lines of Defence (3LOD) model, demonstrating how leadership, management, and assurance functions work together to reduce exposure. By the end of this topic, learners will be equipped to contribute meaningfully to cyber risk discussions, make informed decisions about risk trade-offs, and embed risk-informed thinking into cyber strategy and security programs.

Containment, Eradication and Recovery

In a world of escalating threats and limited resources, effective cybersecurity leadership demands more than intuition, it requires evidence-based decision-making. This topic equips learners with the skills to quantify cyber risks, allowing organisations to prioritise investments and remediation efforts with clarity and confidence. Learners will explore the importance of risk quantification and its role in demonstrating the value of cybersecurity to boards and business leaders. The topic introduces both qualitative and quantitative assessment models, offering a comparison of methods used to calculate risk likelihood, impact, and exposure in financial and operational terms. From risk management concepts to control selection and implementation, learners will evaluate how different frameworks, such as FAIR and NIST, can guide consistent and defensible risk measurement. They will also consider how risk maturity modelling supports continuous improvement and long-term strategy alignment. By the end of this topic, learners will be able to assess organisational risk posture, compare remediation options based on data, and communicate cyber risk in terms that resonate with stakeholders from executives to regulators.

Cybersecurity Attacks

In today’s volatile threat landscape, cyber attacks are not a matter of “if”, but “when.” For senior leaders, the true test of cyber resilience lies not just in technical defences, but in how they lead through disruption. This topic arms executive decision-makers with the strategic insights and response frameworks needed to manage cyber crises with confidence. Learners will explore the evolution of cyber attacks, examining real-world case studies and the shifting motivations of attackers, from criminal syndicates to nation-state actors. The topic delves into the cyber kill chain and the anatomy of common attacks, offering practical frameworks for analysis and response. Critically, this topic focuses on the role of senior management in both preparation and response. Learners will examine how leaders make time-critical decisions during incidents, set organisational tone, and coordinate communications with internal and external stakeholders. Through this lens, cyber resilience becomes a leadership responsibility, where risk management, strategic foresight, and trust-building intersect. By the end of the topic, learners will understand the strategic implications of attacks, develop leadership-aligned response strategies, and be ready to build a resilient organisational culture prepared for the next inevitable breach.