Diploma in Cybersecurity & Information Risk Management

The Diploma in Cybersecurity & Information Risk Management provides a professional-level understanding of how cyber and information risks are identified, assessed, treated, monitored, assured and reported within an organisation. It is designed for learners who need to manage cyber risk as part of enterprise risk management, governance, resilience and business decision-making.

Across eight modules, learners explore cyber and information risk frameworks, digital assets, threat landscapes, scenario analysis, control design, third-party technology risk, assurance, incident management, resilience and executive reporting. The course is written for risk, governance, compliance, audit, technology and business professionals who need to understand cyber risk in practical management terms rather than purely technical terms.
Learners begin with the Cyber Risk Management Framework, which provides a unified approach to identifying, analysing, treating and monitoring cyber and information risks within ERM. They then examine the relationship between digital assets, architecture, threat actors, vulnerabilities and impacts using the Digital Asset–Threat Mapping Model. This helps learners understand what must be protected, why it matters, and how digital dependencies create organisational exposure.

The course then develops practical capability in cyber risk assessment and scenario analysis through the Cyber Scenario Analysis Model, supporting prioritisation without requiring deep mathematical modelling. Learners also explore control design and risk treatment using the Cyber Control Design Framework, aligning preventive, detective, response and recovery controls to specific risk scenarios.

Later modules address third-party and supply chain technology risk, cyber assurance, incident management, organisational resilience and executive reporting. Learners will examine how technology dependency risk extends beyond organisational boundaries, how assurance coverage can be assessed, how cyber incidents can generate resilience improvements, and how operational signals are translated into meaningful risk insights for leadership.
By the end of the course, learners will be able to support the design and operation of cyber and information risk management frameworks, assess cyber risk scenarios, align controls to risks, manage third-party technology risk, evaluate assurance coverage, contribute to incident learning and resilience improvement, and prepare cyber risk information for executive decision-making.