English   Danish

2025/2026  KAN-CDIBO1203U  Cyber Security, Regulation, and Policy in Digital Business

English Title
Cyber Security, Regulation, and Policy in Digital Business

Course information
Language English
Course ECTS 7.5 ECTS
Type Mandatory
Level Full Degree Master
Duration One Semester
Start time of the course Autumn, Spring
Timetable Course schedule will be posted at calendar.cbs.dk
Study board
Study Board for Digitalisation, Technology and Communication
Course coordinator
  • Jan Lemnitzer - Department of Digitalisation (DIGI)
Main academic disciplines
  • Globalisation and international business
  • Information technology
Teaching methods
  • Blended learning
Last updated on 12-05-2025

Relevant links
Learning objectives
At the end of the semester, students should be able to:
  • Reflect on the changing relationship between tech companies and the state, and the reasons why states increasingly seek to regulate new technologies
  • Understand and assess the difficulties related to the regulation of the risks posed by new technologies such as digital platforms, AI or Cloud computing as well as the political and economic power of those companies bringing them to the market
  • Reflect on the changing nature of the internet as a global forum
  • Reflect on the evolution of the cyber threat landscape and the ways in which this endangers the prosperity or survival of businesses
  • Conduct basic cyber risk analysis of organisations and their networks and compile cyber-security related documentation such as company cyber security policies and incident response plans
  • Evaluate the trade-offs and strategic decisions that must be made when establishing a businesses’ cyber security posture and risk appetite
  • Account for the regulatory, political and technological developments that set the framework for business cyber security
Examination
Cyber Security, Regulation, and Policy in Digital Business:
Exam ECTS 7,5
Examination form Written sit-in exam on CBS' computers
Individual or group exam Individual exam
Assignment type Written assignment
Duration 4 hours
Grading scale 7-point grading scale
Examiner(s) Internal examiner and external examiner
Exam period Summer and Winter
Aids Closed book: no aids
However, at all written sit-in exams the student has access to the basic IT application package (Microsoft Office365 (minus Excel), document camera and paper, 7-zip file manager, Adobe Reader DC, PDF24, Texlive, VLC player, Windows Media Player – ATTENTION no sound allowed), and the student is allowed to bring simple writing and drawing utensils (non-digital). PLEASE NOTE: Students are not allowed to communicate with others during the exam.
Make-up exam/re-exam
Same examination form as the ordinary exam
The number of registered candidates for the make-up examination/re-take examination may warrant that it most appropriately be held as an oral examination. The programme office will inform the students if the make-up examination/re-take examination instead is held as an oral examination including a second examiner or external examiner.
Description of the exam procedure

Students must answer questions relating to tech policy debates and cybersecurity risk management. They will be offered a choice of questions.
Course content, structure and pedagogical approach

The time when startups could disrupt existing structures with any technological vision they managed to obtain funding for, and when Big Tech companies could develop their global platforms as they pleased, is well and truly over.

 

Today’s business leaders need to understand the emergent security, regulatory and policy environments to guide their companies to prosperity in the middle of rapid change.This course will equip students with the knowledge and tools to analyze and confront the most pertinent questions in information- and cyber security and the most important political debates about the regulation of tech companies, from gatekeeper rules for the largest platforms to software security requirements affecting the smallest producers.

 

These range from questions about the management of data privacy, access to communications platforms, to the monitoring of content spreading there to the outright intrusion of these platforms to shape election campaigns; from the wholesale transfer of data into the cloud and how it can be kept secure and private there, to the regulation of cryptocurrencies. We will take a broad view to understand the ways in which the challenge of regulating complex innovations such as AI and reining in the power of huge global tech companies is pushing the existing political system to its limits.

 

The second part of the course will introduce students to the concepts and tools necessary to understand and assess the cybersecurity risks faced by companies, as well as to the security controls and procedures available to manage this risk. Students will learn how to craft and write company cybersecurity policies, incident response plans and other forms of documentation related to business cyber security and risk management.

 

In this way, the course provides the students with practice-oriented insights while offering reflections on current and future developments in the context of digital business cyber security, regulation, and policy, and the ways in which they will affect tech companies from the smallest to the largest.
 
Research-based teaching
CBS’ programmes and teaching are research-based. The following types of research-based knowledge and research-like activities are included in this course:
Research-based knowledge
  • Teacher’s own research
  • Models
  • Monitor and assess research developments in the field
Research-like activities
  • Analysis
  • Discussion, critical reflection, modelling
Description of the teaching methods
The course will use pre-recorded online lectures to introduce the subject matter and classroom discussions to explore it in more depth.
The seminars will rely on active learning methods such as simulations and role-play to facilitate a good discussion.
Feedback during the teaching period
After the written assignment, the teacher will provide collective feedback on issues students should bear in mind or work on until the exam.
Student workload
Lectures 24 hours
Workshops/Classes 24 hours
Reading/Preparation 100 hours
Assignment writing 58 hours
Expected literature

The literature will be shared via Canvas before the semester starts. Due to the fast-changing nature of the field, additions and changes may be made throughout the course – these will always be communicated via Canvas. Students are advised to check the syllabus on Canvas before they buy any material.

 

Sample literature:

Martin Moore, Damian Tambini (eds): Regulating Big Tech: Policy Responses to Digital Dominance (OUP 2021)

 

Recent EU legislation such as the Digital Markets Act, Digital Services Act, AI Act or the NIS 2 Directive

 

Sean Joyce, Friso Van der Oord, Principles for Board Governance of Cyber Risk, Harvard Law School Forum on Corporate Governance, 10 June 2021

 
Last updated on 12-05-2025