Certificate in Cyber & Information Risk

The Certificate in Cyber & Information Risk provides a practical foundation in understanding cyber and information risk from a business, governance and risk management perspective. It is designed for learners who need to understand how digital systems, information assets, data, users, third parties and cyber threats can affect organisational objectives.

Across six modules, learners explore why cyber risk is not only a technical issue, but a business risk that can affect operations, customers, reputation, compliance, resilience and decision-making. The course introduces cyber and information risk in clear, practical terms, helping learners understand how risks arise, how they are assessed, how controls and accountability work, and how organisations respond when incidents occur.

Learners begin by examining cyber risk through the Cyber Risk Context Model, linking business objectives, information assets, threats and impacts. They then explore how information assets, users, systems, third parties and business value are connected using the Information Asset Dependency Map. The course also explains how threats and vulnerabilities combine to create realistic cyber risk scenarios through the Threat–Vulnerability–Impact Model.

Later modules focus on cyber risk assessment, prioritisation, governance, controls, assurance, incident response, resilience and reporting. Learners will understand how organisations decide which cyber risks matter most, how accountability and controls support cyber governance, and how incidents are detected, responded to, recovered from and reviewed for improvement.

By the end of the course, learners will be able to explain cyber and information risk in business terms, identify important information assets and digital dependencies, recognise common cyber risk scenarios, support basic cyber risk assessment and prioritisation, and contribute to cyber risk reporting, escalation and incident learning.