Pembroke College Cambridge
Search
Pembroke Lanyard

Cyber Resilient Organisations

Capstone Project Title

Designing a cyber resilient organisation: strategies and best practices

Capstone Project Brief

Cyber threats loom large over businesses and governments alike, making the need for comprehensive cybersecurity strategies that span the business even more critical. This Capstone Project offers a deep dive into the world of cyber resilience from a holistic perspective at the intersection of management theory, technology, and security. With the guidance of your supervisor, you will explore how to weave cybersecurity into the very fabric of an organisation by developing a comprehensive strategy to enhance cyber resilience based on current best practices. This approach to cyber resilience ensures that resilience and risk maturity are integral to the entire organisational and management ethos by extending beyond technical measures and emphasising behavioural change, regular training, and the importance of leadership culture in championing cybersecurity as a fundamental aspect of every business operation.

Key Learning Objectives:

  • Understanding cyber resilience: Grasp the fundamental concepts of cyber resilience, distinguishing it from traditional cybersecurity.
  • Holistic approach to cybersecurity: Learn how to integrate cybersecurity into every aspect of an organisation, from the executive to the operational level.
  • Risk management and maturity: Explore methods to assess, manage and mature an organisation's risk posture.
  • Best practices in cyber resilience: Study and analyse best practices from leading organisations and how they have successfully embedded cyber resilience.
  • Leadership and culture change: Understand the role of leadership in driving a culture of cybersecurity awareness and practices across the organisation.

Methodology and Approach:

  • Examine some cases to investigate the balance between overly bureaucratic versus truly resilient organisations. 
  • Investigate typical cyber-attack scenarios to frame an understanding of materiality and scope.
  • Consider benchmarking, tabletops and other similar exercises to test the balance of resilience in typical business context.
  • Assess stakeholder engagement and culture change initiatives understanding accountability awareness and some behavioural aspects.
  • Apply high level observations on appropriate design of adaptive and layered technology architecture to support the right balance of investment and risk trade-off.

The specific research focus of your Capstone Project will be determined and confirmed with guidance from your supervisor at the outset to tailor it to you, your background and interests as far as possible within the framework described.

Intended Audience

This Capstone Project is open to students from all disciplines but may be of particular interest to students aspiring to the following areas:

  • For future business leaders: Equip yourself with the knowledge to lead organisations in an increasingly digital and threat-prone world.
  • For aspiring cybersecurity or computer science professionals: Gain insights into the strategic, organisational aspect of cybersecurity – beyond just the technical.
  • For would-be policy-makers, managers and strategists: Understand the broader implications of the practical application of cybersecurity within organisational strategy.

Previous Knowledge and Prerequisites

This Capstone Project is designed not only for those with a background in cybersecurity or computer science but for anyone interested in understanding how to protect and strengthen organisations in the digital age. It is structured to build your understanding from the ground up, explaining concepts in a way that is accessible to everyone. A working knowledge of computers and the internet would be advantageous.

General Prerequisites:

  • Interest in organisational risk, cybersecurity and strategy: A keen interest in learning about risk management, and organisational strategy contextualised by the core subject area of cybersecurity is more important than technical expertise.
  • Basic understanding of business management or IT concepts: While not mandatory, some familiarity with basic business or IT concepts can be beneficial. This could be from your studies, work experience or general interest. These might include an understanding of the following concepts: 
    - Business resilience and business continuity planning.
    - Risk and risk management.
    - Some basic cybersecurity principles such as the Confidentiality, Integrity and Availability triad, including awareness of common cyber threats such as phishing, social engineering and malware. 
    - Some IT knowledge such as the distinction between cloud computing and traditional in-house computing, as well as awareness of cloud service models (private, public, hybrid). 
  • Access to publicly available information from specialist threat intelligence, specialist news, academic and research sites. A non-exhaustive list of such sites might include: 
    - Virus Total-Analyses files and URLs for and malicious content detected by antivirus engines and website scanners
    - Alien Vault open threat exchange – A crowd-sourced platform where security researchers and practitioners share threat data
    - Crowdstrike intelligence insights into adversary tactics, techniques, and procedures (TTP’s)
    - Recorded future real-time threat intelligence with insights into emerging threats
    - Dark Reading – a wide range of topics but including vulnerability and threat analysis and security research.

Transferable Knowledge and Skills

The Capstone Project is intended to develop skills and knowledge that are not only relevant in the field of cybersecurity but are also highly transferable to other areas of business, technology, behavioural sciences and management. The aim is to prepare you for leadership roles and enhance your capability to tackle complex challenges in a digitally driven world.

  • Risk management skills: Gain insight into risk management strategies and their implementation.
  • Strategic planning and decision-making skills: Make informed decisions based on cybersecurity trends and data, and balance the application of risk and cybersecurity strategy with overall business objectives. 
  • Technical knowledge: Gain a broad understanding of cybersecurity technologies and practices, as well as the impact of latest trends.
  • Communication skills: Develop the ability to communicate complex concepts to non-technical stakeholders.
  • Problem-solving abilities: Enhance analytical thinking to solve complex cybersecurity challenges with solution-oriented approaches.
  • Legal and ethical understanding: Gain insights into the legal, regulatory, compliance and ethical considerations associated with cybersecurity within organisations.  
  • Project management skills: Enhance skills to manage a project effectively.
  • Collaboration and teamwork: Learn about the need to work collaboratively across various departments coordinating with different stakeholders for complex initiatives such as cybersecurity.
  • Organisational behaviour, and culture: Acquire insights into organisational dynamics and teamwork in legitimate environments, particularly the impact of organisational culture on cybersecurity practices.
  • Human factors in cybersecurity: Analyse how human behaviour impacts cybersecurity resilience and explore strategies to improve cybersecurity awareness and practices among non-technical users.

Assessment

Capstone Project Report (expected to be between 6,000-8,000 words) – 100% of the final mark.
 

Join the conversation