English   Danish

2022/2023  KAN-CBUSV2033U  Business Cyber Security: Analyzing and responding to threats in a digital world (B)

English Title
Business Cyber Security: Analyzing and responding to threats in a digital world (B)

Course information

Language English
Course ECTS 7.5 ECTS
Type Elective
Level Full Degree Master
Duration One Semester
Start time of the course Autumn
Timetable Course schedule will be posted at calendar.cbs.dk
Min. participants 30
Max. participants 100
Study board
BUS Study Board for BSc/MSc in Business Administration and Information Systems, MSc
Course coordinator
  • Irfan Kanat - Department of Digitalisation
Main academic disciplines
  • Customer behaviour
  • Information technology
  • Organisation
Teaching methods
  • Blended learning
Last updated on 01-02-2022

Relevant links

Learning objectives
At the end of the semester, students should be able to:
  • Reflect on the evolution of threat landscape with regards to threat cycle
  • Evaluate the role of people, processes, and technology in cyber security
  • Account for organizational and inter organizational dynamics that shape cyber security policy
  • Recognize foundational technologies as they relate to cyber security
  • Assess the efficacy and efficiency of different controls against cyber risk
  • Formulate appropriate tactics and strategies in response to various threat scenarios
  • Apply the mandatory literature in support of proposed strategies
Course prerequisites
Prerequisites for registering for the exam (activities during the teaching period)
Number of compulsory activities which must be approved (see section 13 of the Programme Regulations): 3
Compulsory home assignments
Each student has to get 3 out of 5 activities approved in order to qualify for the final exam.

There are three group reports of max. 5 pages written in groups of 2-4 students.

The groups will be assigned randomly. The students will not be able to choose their partners in groups.

Oral presentations etc.
Two of the activities will be group presentations.

Retake of all activities:
There will not be any extra attempts provided to the students before the ordinary exam. If a student cannot participate in the compulsory activities due to documented illness, or if a student does not have the activities approved in spite of making a real attempt, then the student will be given one extra attempt before the re-exam: one home assignment (max.10 pages) which will cover 3 mandatory activities.
Business Cyber Security: Analyzing and responding to threats in a digital world:
Exam ECTS 7,5
Examination form Oral exam based on written product

In order to participate in the oral exam, the written product must be handed in before the oral exam; by the set deadline. The grade is based on an overall assessment of the written product and the individual oral performance, see also the rules about examination forms in the programme regulations.
Individual or group exam Oral group exam based on written group product
Number of people in the group 3-4
Size of written product Max. 10 pages
Assignment type Report
Written product to be submitted on specified date and time.
15 min. per student, including examiners' discussion of grade, and informing plus explaining the grade
Grading scale 7-point grading scale
Examiner(s) Internal examiner and second internal examiner
Exam period Winter
Make-up exam/re-exam
Same examination form as the ordinary exam
Description of the exam procedure

Hand in assignment based on prior assignments. The students work on the report during the semester.

Course content, structure and pedagogical approach

Digital transformation has been a vital resource for contemporary business. As with every blessing, digital transformation brings its own curse. As organizational data and resources are increasingly networked the businesses are being exposed to  breaches, leaks, and other incidents.


Business cyber security is concerned with safeguarding digital resources and information systems. This course introduces students to practical computer security, balancing social/organizational, technical and legal aspects of what is increasingly recognized as an indispensable part of managing information systems and technology infrastructures. The course provides a business and management-oriented view to data security, and students will be presented with a variety of insights into both public and private organizations, and different rationales for the ongoing engagement with data security.


Throughout the course, students will be introduced to different types of threats, attacks, their prevalence as well as the types of technical and organizational responses, ethical and juridical aspects of cyber security. The course is intended to expand the students’ vocabulary by focusing on both academic/theoretical concepts and to increase their professional ability to coordinate and communicate about the social, human as well as technical underpinnings of threats to data security.


The main learning activity will be class room teaching, case studies, as well as interactive workshops. 

Description of the teaching methods
Lectures, Workshops, Ungraded Quizzes
Feedback during the teaching period
For mandatory assignments, written feedback will be given to each group on CBS canvas. The instructor will also go over common problems in class for each assignment. Finally office hours can be used to obtain further oral feedback on specific questions.

For team presentations, the feedback will be provided orally.

For ungraded quizzes, oral feedback will be given collectively at the lectures based on student answers to quizzes.

The mandatory assignments form the basis of the final project, therefore students will receive feedback on what is expected at the final exam before the fact. For the final exam written feedback will be provided through eksamen.cbs.dk.
Student workload
Lectures 24 hours
Workshops 24 hours
Reading/preparation 86 hours
Project writing 72 hours
Expected literature

The literature can be changed before the semester starts. Students are advised to find the final literature on Canvas before buying any material.


High profile cases: Target, Equifax, Maersk, Norsk Hydro


NIST special publications: 800-37, 800-39, 800-53, 800-61 and so on


ENISA publications: Threat landscape report


Other industry reports: IBM, Verizon, Center for Cybersecurity.

Last updated on 01-02-2022