Cyber Security for Public Leadership Course | University of Oxford

Cyber Security for Public Leadership: Planning, Policy and Strategy

Make cyber security a keystone of your strategy

From protecting personal information to safeguarding systems against cyber attacks, the need to be cyber aware has become increasingly important in our technology-driven world. 

Cyber professionals stand on the front-line, but they are not the only ones who hold responsibility for looking after our data and technology. If you are a leader – whether it is within the public sector, in a private company providing public services or beyond – keeping your organisation and your customers safe from cyber criminals is now a vital aspect of your role. 

This non-technical online short course from the Blavatnik School of Government will teach you how to consider cyber security strategy and threat intelligence as an integral part of your operations, policies and planning. 

  • Type: Online short course
  • Length: 8 weeks (3-5 hours of study per week recommended)
  • Upcoming intakes: October 2022, February 2023, May 2023, July 2023
  • Next start date: 14 October 2022 (deadline: 13 October)
  • Fees: £1740 (inclusive of VAT)*
  • Award: Certificate of completion

STANDARD TEXT – This admin note won’t be visible on preview or live – Do not remove this text, instead update the below text block instead:

*Discounts available to alumni and those working in the public sector. Evidence required.

REGIONAL TEXT – This admin note won’t be visible on preview or live – Do not remove this text, instead update the below text block instead:

*Students in your region are eligible for financial support. At check out, use the code BSGFEESUPPORT to receive £640 off and pay £1100.**


If you are in a non-technical leadership role and need to understand cyber security in an operational and strategic context yet have a gap in your knowledge, this course is designed for you. 

You should consider this online distance learning course if: 

  • you are a leader or aspiring leader of a public sector department, function or within the civil service; 
  • you are a leader in a private organisation which provides public services; or 
  • you are a leader in any organisation that stores substantial amounts of personal or sensitive data. 

This course is not suitable for anyone with a technical background who deals with cyber security threats directly. 

There are no specific entry requirements. However, please be aware this course will take a certain level of commitment. Learners are expected to dedicate 3–5 hours a week to their studies, with all activities and tasks taking place online.


You will study eight modules over the course of eight weeks. It is a collaborative learning process, week-by-week, so you will have ample opportunity to discuss key policy topics with your peers and a course Facilitator.

Activities will include set readings, reflection exercises, multiple-choice questions and discussion forums. Your Facilitator will guide you through these activities and provide feedback at each stage. Not all tasks will be graded but you will need to participate in each to successfully complete the course and qualify for your certificate. 

The final assessment, completed in module eight, will be your main summative assignment. It will be marked by your Facilitator and will be worth 50% of your final grade. 

  • Module 0: Getting started 
  • Module 1: Cyber insecurity: The harms caused by malicious cyber activity 
  • Module 2: The basics of technology and its misuse 
  • Module 3: Who is hacking, and why? 
  • Module 4: Building the cyber defences of an organisation 
  • Module 5: A real-life cyber security incident response exercise 
  • Module 6: Public policy and cyber security 
  • Module 7: Cyber security in times of tension and crisis 
  • Module 8: Final assessment


Your learning material is provided by our expert faculty. Learn more about Professor Ciaran Martin and Dr Noran Fouad.

Ciaran Martin - university of Oxford

Professor Ciaran Martin


Faculty and researchers

Read bio

Dr Noran Fouad - university of Oxford

Dr Noran Fouad


Faculty and researchers

Read bio

Learning experience

In addition to learning from our world-leading academics, you will also benefit from a course Facilitator. Coming from a professional cyber security background, they will provide academic guidance throughout your learning journey, commenting on weekly discussions and offering feedback on all tasks and activities.

This online course will bring theory to life, using practical examples and activities that you can apply to your own role. These may include a combination of: 

  • interactive simulations; 
  • knowledge checks; 
  • case studies; 
  • discussion forums; and/or 
  • practical exercises.

Course outcomes

After taking this course, you will be better equipped to: 

  • identify appropriate cyber risks for your organisation; 
  • make well-informed decisions when procuring new technologies; 
  • accurately assess the levels of security risk facing your organisation; 
  • work with technology experts to develop and implement strategies to mitigate cyber threats; and 
  • respond effectively and efficiently to cyber security incidents.  

Upon completion of the course, you will receive a certificate that will support your career progression and enhance your resume. You will also have developed practical skills and solutions that you can take into your workplace, where they will have an immediate impact on your organisation.

About the course

Organisations are ever more dependent on technology to carry out their work, with systems and databases at risk of cyber attacks.

This eight-week course aims to help you build the skills you need to plan for and respond to potential threats – including phishing, malicious software, distributed denial of service (DDOS) and security breaches – in a more strategic way.  

Through a mixture of activities, including simulation exercises and the analysis of real-world case studies, you will explore how and why cyber attacks happen, common types of malicious practice, who may be responsible for them and the sorts of harm they can cause. You will also examine cyber security as an operational risk and how to manage it, covering both technical and human-related factors.

Watch the short video (under 2 minutes) below for an overview of the course.


In this initial module, you will meet your learning community.

Find out how and why malicious cyber activity causes harm and what sort of harm public sector organisations are likely to encounter.

You will:

  • analyse a real-life case study;
  • reflect on experiences of your own organisation; and
  • discuss what you would change to reduce risk in the future.

Build a basic understanding of how technology works and how it is misused.

You will:

  • understand the basics of how technology functions;
  • examine how malicious cyber operators misuse technology;
  • complete a research activity that includes gathering information on the types of hacking tools available; and
  • reflect on how the topic of this module will impact your role as a leader or manager.

This module will allow you to understand how computer hackers think and work.

You will:

  • analyse an interview with an ethical hacker;
  • investigate the national risk of nation state hackers; and
  • reflect on who would be likely to attack your organisation and question why they would do that.

Examine how to build an effective cyber security operational strategy for a public authority.

You will:

  • analyse a recent public authority case;
  • build the cyber security strategy of a new public authority, using a real organisation as a base; and
  • reflect on the challenges facing organisations when planning to mitigate the risks of cyber harm.

Learn to respond effectively to a cyber security incident through a simulation exercise.

You will:

  • explore what happens when your organisation has just been hacked;
  • step into the shoes of a senior executive to complete a three-part simulated cyber security incident; and
  • reflect on how the activities in this module have better prepared you, should a similar event happen in your organisation.

Gain a greater awareness of the political and geopolitical environment in which cyber security and technology policy operates.

You will:

  • explore the ways that the government is encouraging competition whilst also ensuring regulation and enforcement, using the UK as an example;
  • understand the regulation of technology for security; and
  • research policies that enable a chosen country to regulate and enforce against cyber security risk.

Build on the previous module with a better understanding of how to manage cyber risks within the political and geopolitical environment.

You will:

  • understand how tensions and risks in cyber space increase at times of geopolitical crisis such as war;
  • reflect on the key takeaways that could inform your future practice, including making strategy decisions; and
  • examine a real-world case study and reflect on the decisions made.

In the final module, you will prepare a critical incident review.

You will:

  • identify the risks and harms of cyber security;
  • capture the lessons learned throughout the other modules; and
  • make recommendations for the future national policy framework.


Ciaran Martin - university of Oxford

Professor Ciaran Martin


Ciaran Martin is Professor of Practice in the Management of Public Organisations. Before joining the Blavatnik School of Government, Ciaran was the founding Chief Executive of the National Cyber Security Centre (NCSC), part of GCHQ. He has had a 23-year career in the UK civil service, during which he held senior roles within the Cabinet Office, including Constitutional Director (2011–2014) and Director of Security and Intelligence at the Cabinet Office (2008–2011).

Ciaran led a fundamental change in the UK’s approach to cyber security, successfully advocating for a wholesale change of path towards a more interventionist posture. This approach was adopted by the UK government in the 2015 National Security Strategy, leading to the creation of the NCSC in 2016. For the British public, this approach gave them clear and prompt advice on responding to cyber incidents, and it provided companies with the ability to defend themselves from cyber attacks more effectively. The NCSC model has since been studied widely and adopted in countries like Canada and Australia.

Ciaran’s work led him to be appointed CB in the 2020 New Year’s Honour’s list.

Dr Noran Fouad - university of Oxford

Dr Noran Fouad


Dr Noran Fouad is a Postdoctoral Research Associate at the Blavatnik School of Government. She is conducting public policy research on cybersecurity governance and working with faculty on designing and teaching executive education programmes and postgraduate courses on digital governance and cybersecurity.

Noran completed her PhD in international relations at the University of Sussex, in which she examined the socio-political construction of cyber security discourses and practices in the USA (2003-16) through an analysis of the peculiarities and agency of digital information. Her previous research has spanned across topics such as cyber security, internet governance, digital activism, and Middle East politics.

Noran was also an Assistant Lecturer of Political Science at Cairo University, Egypt, as well as an Academic Assistant and Executive Editor of two academic journals published by the university’s Faculty of Economics and Political Science.

Interested in learning more? Complete the form and a member of our team will be in touch. We’ll also send you email updates and remind you of key dates.

Find out more

Calls may be recorded for quality and training purposes. 

**Applies to countries in Africa, Brazil, India, Malaysia, Thailand, Indonesia, Philippines, Vietnam, Cambodia and Myanmar.

Recent blog articles

Woman used for Cyber Security course in blue jacket smiling at the camera

How our cyber security course will empower you to become a more effective public leader

Is cyber security strategy important for me? We can’t live without technology. A statement that embodies 21st-century life, from the [...]