Designed to develop military and defence industry professionals who can lead in a defensive cyber environment, to effectively exploit the threats and opportunities of cyberspace at the organisational level. The course focuses on understanding and articulating the strategic and executive-level responses to serious present and emerging threats in the information domain.


  • Start dateSeptember
  • DurationMSc: 11 months full-time or up to three years part-time; PgDip: up to two years part-time; PgCert: up to two years part-time
  • DeliveryThe course is delivered via blended learning, with a mixture of residential and online teaching, and assessment is through coursework, group practicals, presentations and (MSc only) an individual dissertation.
  • QualificationMSc, PgDip, PgCert
  • Study typeFull-time / Part-time
  • CampusCranfield University at Shrivenham

Who is it for?

Students will be military personnel, civil servants and defence industry professionals who are one or more of the following:

  • Managers or leaders in a cyber environment who need to understand information risk and respond to cyber threats;
  • Procurement staff commissioning critical or sensitive projects;
  • Policy and planning staff interested in computer network and security operations;
  • Those charged with accreditation and assessment of security measures;
  • Those holding the positions of, or aspiring to be, Chief Information Officers (CIO) or Chief Information Security Officers (CISO).

Why this course?

The course will specifically focus on responses to serious, present, and emerging threats in the information domain. The course enables the student to gain an organisational view of cyber from a defence and security perspective, the domain, the drivers, and constraints. Whilst a technical understanding is of value, the course is designed to ensure that the bigger, contextual, aspects of cyber is understood thereby enabling decision making in relation to cyber to be undertaken within an organisation.

Informed by industry

The course has an external advisory panel that is selected and chaired by UK MOD.

Course details

The course is taught in a series of one-week residential courses at the Cranfield University at the Defence Academy, a military establishment in Shrivenham. 

It has two components: a taught component comprising twelve 10-credit modules (PgDip/MSc) (PgDip has six 10-credit modules); and (MSc only) an 80-credit research project assessed by dissertation.

Course delivery

The course is delivered via blended learning, with a mixture of residential and online teaching, and assessment is through coursework, group practicals, presentations and (MSc only) an individual dissertation.


Students taking the MSc must develop and demonstrate their expertise, independent learning abilities and critical appraisal skills by producing a clear and coherent research-based dissertation.


Keeping our courses up-to-date and current requires constant innovation and change. The modules we offer reflect the needs of business and industry and the research interests of our staff and, as a result, may change or be withdrawn due to research developments, legislation changes or for a variety of other reasons. Changes may also be designed to improve the student learning experience or to respond to feedback from students, external examiners, accreditation bodies and industrial advisory panels.

To give you a taster, we have listed the compulsory and elective (where applicable) modules which are currently affiliated with this course. All modules are indicative only, and may be subject to change for your year of entry.

Course modules

Compulsory modules
All the modules in the following list need to be taken as part of this course.

Foundations of Cyber

    • To evaluate the context of the course and the wider programme of study,
    • To review and update core vocabulary and concepts required as a foundation for other elements of the course,
    • To develop academic skills,
    • To examine the operational aspects of cyber, information assurance and security.
    • Course structure and the cyber professional,
    • Cyber overview,
    • Enabling technologies and core terminology overview,
    • Cyber strategy overview,
    • Research methods, learning and study skills.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Appraise key concepts and language of Cyber foundation knowledge, research and practice,
  • Critically evaluate published research,
  • Conduct independent research,
  • Write academically credible and professional documents.

Elective modules
One of the modules from the following list needs to be taken as part of this course

Understanding Risk


    The module develops an understanding of the importance of taking a risk-based approach to Cyber Security and Information Assurance.


    Mapping the Landscape

    • Definitions and terminology,
    • History of hacking,
    • Threat landscape.

    Cyber Security Risk Management in Practice

    • Basic principles,
    • Legislation and standards,
    • Risk management approaches,
    • Strategies for managing risk.


    • Quantifying risk in a complex environment,
    • Risk economics,
    • Social dimension of risk,
    • Risk communication.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Critically appraise a range of approaches for assessing risk in the complex cyber environment,
  • Evaluate the factors that influence effective risk management in organisations,
  • Critically assess the level of risk faced by an organisation.

Cyber Attack - Threats and Opportunities


    To develop a broad understanding of the security technologies available to support Information Assurance and security requirements and vulnerabilities corresponding to attack vectors.

    • Cyber activity
      • Different types of malware, how they are used and combined within a malicious event,
      • Approaches for modelling the attacker TTPs,
      • Lifecycles for infrastructure supporting cyber attacks,
      • Complexities of attribution,
      • The Insider threat.
    • Attacks and vulnerabilities
      • The common approaches to reconnaissance prior to hostile cyber activity,
      • An exploration of the nascent vulnerabilities in network infrastructure, web applications and native code,
      • The attacks and exploits that target these vulnerabilities,
      • The approaches to understanding the business and mission effects from malicious activity.
    • Defensive TTPs
      • Common tools, techniques and procedures that can be used to improve an organisations defensive posture,
      • Approaches to cyber threat hunting.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Assess cyber operations from a variety of threat actors,
  • Evaluate the different cyber vulnerabilities and how they might impact an organisation,
  • Appraise the strengths and weaknesses of various security technologies and their suitability for protecting an organisation,
  • Develop a security strategy using appropriate technologies and techniques,
  • Prioritise cyber threats and vulnerabilities based on their potential business impact.

Social Technologies


    To develop an understanding of the impact of social media, from the perspective of security, intelligence and cyber influence.



    • What are social technologies and media,
    • Development and horizon scanning,
    • Social interaction, E-inclusion and the citizenship agenda & other uses of social media – education, scenario planning, simulation and design social technologies and security,
    • Impact on productivity and working practices & understanding generational differences.

    Social technologies and OSINT

    • Security awareness and policies,
    • Social networks and information exploitation,
    • Personas, identity, privacy and anonymity,
    • Information leakage,
    • Social technologies and intelligence,
    • Open source exploitation,
    • Challenges for situational awareness,
    • Operational security (OPSEC).

    Social technologies and influence

    • Social marketing,
    • Mobility and pervasiveness,
    • Persuasive technologies,
    • Terrorism and social media,
    • Social mobilisation,
    • Two-way communication and dialogue,
    • Second life and alternative worlds,
    • Data analytics & big data driving behavioural profiling,
    • Automated tools and techniques,
    • Influence and Information Operations.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Assess the societal impact of social media,
  • Appraise the security requirements concerning risk and social media,
  • Evaluate the threats and opportunities provided by social media in relation to state activities and military operations, business practice, influence, intelligence and information assurance.

Data-led Decision Support

    The aim of this module is to provide an understanding of the processes by which organisations and individuals can gain insight and actionable intelligence from data.
    • Machine Learning and Artificial Intelligence,
    • Data mining pipeline,
    • Big Data models for exploring data,
    • Data Science.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Assess and explain value of Artificial Intelligence solutions to an organisation,
  • Appraise current practices for decision support in organisations,
  • Contrast methods of analysing data to enable business intelligence,
  • Assess the appropriateness of big data for organisational decision-making.

Emerging Technology Monitoring

Module Leader
  • Ian Owens

    To enable you to identify and assess new and emerging technology to provide an on-going assessment of their relevance and potential to defence and security.

    • Generic methods and tools:
      • Horizon scanning,
      • Predictive methods,
      • Strategic assessment of new technologies,
      • Evaluation,
      • Maintaining personal awareness.
    • Emerging technologies: a selection of currently relevant technologies will be studied.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Appraise emerging technologies,
  • Evaluate emerging technology that are likely to impact on national security and defence in the next five years,
  • Contrast the methods available for identifying and managing the risks and benefits of the use of emerging technology,
  • Exploit emerging technologies in relevant working practices,
  • Compare and contrast emerging technologies appropriate to a particular scenario in order to assess potential business benefit.

Incident Management


    This module will enable you to gain an understanding of threat detection and management at the macro and micro levels. The module will develop both the knowledge of strategic Business Continuity Management and introduce practical approaches to identifying, triaging and responding to threats and attacks.


    Incident Identification

    • The role of the Security Operations Centre,
    • Intrusion detection methods and tools.

    Incident Containment

    • Intrusion management,
    • Intrusion analysis, monitoring and logging,
    • Evidence preservation.

    Incident Management

    • Backup management,
    • Disaster recovery techniques,
    • Business continuity management,
    • Stakeholder management.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Understand the construction of evidence preservation procedures,
  • Analyse, select and justify appropriate responses to detected intrusions,
  • Formulate the assumptions and requirements for developing a business continuity strategy,
  • Critically analyse, design and select appropriate technical solutions and processes for the identification, triage and response to cyber attacks and threats.

Cyber Law


    To equip you with the awareness and ability to critique different legal and ethical frameworks and factors that need to be considered when designing and delivering cyber operations against a range of adversarial actors or deploying cyber capabilities as part of a Full Spectrum Operation.


    This module will consider the range of different legal regimes that need to be considered when planning or conducting offensive cyber operations. The module will look at the applicable legal framework for intelligence operations, military operations, information operations and propaganda. It will consider the obligations provided through customary international law, international humanitarian law and domestic legislation that need addressing when considering a cyber operation. The module will look at the implication of conducting cyber operations in a range of different contexts, considering cyber as part of a military campaign, prior to the declaration of war and against non-state actors. The applicability of the Laws of Armed Conflict will be explored when considering cyber operations. The applicable legal frameworks and issues will be considered from a range of different perspectives of those actors involved in dealing with cyber operations (both private and public sector). You will be introduced to a range of different concepts that could be considered when developing appropriate courses of action for cyber operations. The concepts include but are not limited to: sovereignty, right to self-defence, espionage, sabotage, subversion, intelligence, ius ad bellum, ius in bello, armed attack, threat or use of force, necessity, proportionality, distinction, targeting, perfidy, ruse and state responsibility. Finally, this module will allow you the opportunity to look at the various proposed legal frameworks for cyber operations and assess their suitability to support operational planners.

Intended learning outcomes

On successful completion of this module you will be able to:

  • Describe the range of legal and ethical issues to be considered when conducting an offensive cyber operation,
  • Summarise the legal frameworks to be considered when considering a cyber operation for intelligence, for military effect against a state adversary or against a non-state actor,
  • Appraise the legal and ethical considerations when conducting a cyber operation, whether as part of a military campaign or not,
  • Evaluate the longer-term consequences of adopting a particular course of action that causes tension against an existing domestic or international legal framework.

Information Operations


    This module equips you with a critical understanding of the opportunities and vulnerabilities faced when planning Information Operations as part of an integrated operation to enhance the overall impact achieved through military action or in planning a full spectrum response an adversary.


    This module approaches the domain of professional practice of Information Operations as the need to change the behaviour of target audiences through the coordination of multiple military and civilian capabilities including emerging cyber based activities.

    This module will be built on three core foundations:

    • That military actors cannot avoid communicating messages in some form by direct action or inaction,
    • That when seeking to change the behaviour of a target audience, there is an implicit need to understand that target audience from their own stakeholder perspectives,
    • In designing an Information Operation to modify the behaviour of a target audience the military planner should be aware of their own personal perspectives, assumptions and values around the target behaviours as well as the perspectives of their host organisation.

    These three foundations underpin the module’s recognition of the unique context of seeking behaviour modification in a military context. This context is addressed in the module content through coverage of the following areas:

    • Overview of the core concepts of Information Operations, military capabilities and different international approaches to this area of professional practice,
    • Individual and Group Target Audience Analysis,
    • Theories of behavioural and social change.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Elaborate the main elements and key management issues in the conduct of Information Operations,
  • Evaluate theories of behavioural and social change relevant to Information Operations,
  • Formulate the behaviour change effects sought through Information Operations,
  • Recommend alternate courses of action based on self evaluation, evaluation of the target audience, and the needs of the primary decision makers in the planning process,
  • Critically examine behavioural change techniques used in military and other domains, with respect to their implicit treatment of causation. Where ‘other domains may include; health education, marketing, offender rehabilitation, mine awareness campaigns, weapons amnesties, mass civilian evacuations, and crime prevention.

Cyber Deception


    To equip you with the awareness and ability to employ cyber deception in both active network defence and computer network exploitation.

    This module will address this important emerging discipline by moving beyond established practices of passive network defence such as firewalls and anti-virus patching. Consideration will be given to both the psychological and the technical aspects of exploiting deceptive assets on a network within a wider cyber deception campaign that leverages them. This module equips you with a critical understanding of the opportunities and vulnerabilities faced when considering the issues of managing deceptive activities to create active and proactive network defence capabilities. The module will emphasise the need for a systematic, human factors based approach to both technical and enterprise risk management in this area.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Distinguish the technical structures of information systems that facilitate successful cyber deception,
  • Determine the human factors associated with attacking and defending computer systems exploiting principles of cyber deception,
  • Formulate the technical basis for a successful cyber deception,
  • Evaluate the threats and opportunities necessary to conduct a risk assessment for the use of cyber deception,
  • Critically appraise the use of cyber deception in relation to concepts of Effects Based Operations and deterrence.

The Human Dimension

Module Leader
  • Antoinette Caird-Daley

    To understand the importance and contribution of human dimension when designing and implementing Cyber Defence and Information Assurance (CDIA) measures.


    Individual level

    • Human performance and error

    Organisational/stems level

    • Socio-technical context of use,
    • System weaknesses and latent errors,
    • Circumventing security.


    • Behaviour change,
    • Awareness and training for cyber security,
    • Designing security measures for and with the end user.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Apply appropriate theory to the identification, description and analysis of human performance and error in any given CDIA context,
  • Identify and examine, from the perspective of the human dimension, socio-technical system weaknesses and their likely impact on system security in any given CDIA context,
  • Critically evaluate, from the perspective of the human dimension, security policies and mechanisms such that they fit the task demands, needs and capabilities of the end user, and the organisation’s requirement for secure end-user behaviour, in any given CDIA context,
  • Compare and contrast different approaches to behaviour change and their likely outcomes in CDIA contexts,
  • Identify, select, and apply tools for engaging with stakeholders when designing security measures in any given CDIA context.

Critical Networks and Process Control

    This module will examine the management and technical considerations relating to critical networks and control systems focusing on interdependence and resilience.

    Critical national infrastructure

    • Definitions and approaches to classifying national infrastructure and critical national infrastructure,
    • The global, national and organisational view of national infrastructure,
    • Frameworks for identifying and managing cyber risk in critical national infrastructure.

    Cyber Physical Systems

    • Characteristics of cyber-physical systems and the inherent security and privacy concerns.

    SCADA and OT

    • The differences between OT and IT,
    • The technical and socio-technical elements to managing the cyber risk of SCADA systems.

    IoT and smart technologies

    • IoT devices and wider supporting ecosystems,
    • Frameworks to support the identification and management of cyber risk associated with the Internet of Things deployed in smart homes, smart cities and smart grids.

    Strategic effects

    • How critical networks are targeted to deliver strategic outcomes by malicious actors.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Critically evaluate theories of criticality and interdependence in the context of security planning,
  • Appraise the current state of best practice in network and security operations management in the security context,
  • Assess the factors that facilitate or prevent effective risk management of interdependent systems in the context of critical national,
  • Summarise the cyber risks associated with IoT devices and wider IoT ecosystems,
  • Using appropriate frameworks evaluate the extent to which cyber risks of essential functions are managed effectively within the context of national infrastructure.

Systems Thinking for Organisational Viability

    To provide the necessary skills and knowledge that enable professionals working in implementing information systems or critical cyber contexts to consider the wider context and adapt to continual change. It focuses on investigative methods, systems thinking and anticipating futures with a view to problem solving in a real-world context.
    • Adapting to change in complex environments,
    • Representing and navigating complexity,
    • Systems methods including Soft Systems Methodology, the Viable Systems Model and Critical Systems Heuristics,
    • Organisational dynamics and change,
    • Monitoring and adapting,
    • Anticipating future requirements,
    • Dealing with disruptive and novel technologies, events and emergent changes.
Intended learning outcomes

On successful completion of this module you will be able to:

  • Critically evaluate a range of approaches to understanding complex information system and cyber environments,
  • Critically assess approaches to innovation in contested and competitive problem spaces,
  • Appraise the techniques that can be used to design investigation, problem formulation and structuring, and interpretation of data,
  • Design and apply methods to investigate problems in organisational contexts leading to their review and resolution,
  • Analyse and scope a complex problem-space with a view to action and improvement.

Teaching team

You will be taught by Cranfield's leading experts with many years' industrial experience as well as external speakers from industry and defence. The Course Director is Ian Owens.

The teaching team includes:


The course is accredited by the Chartered Institute of Library and Information Professionals. (CILIP)

Your career

This qualification will take you on to become one of the next generation of managers who can understand and effectively manage and exploit the threats and opportunities of cyberspace at the organisational level. Crucially, it will also enable graduates to communicate cyber issues to senior management or executive board level.

The course is directly relevant to those wishing to improve their knowledge and skills as, or those aspiring to become, a CIO or CISO.

Cranfield Careers and Employability Service

Cranfield’s Career Service is dedicated to helping you meet your career aspirations. You will have access to career coaching and advice, CV development, interview practice, access to hundreds of available jobs via our Symplicity platform and opportunities to meet recruiting employers at our careers fairs. Our strong reputation and links with potential employers provide you with outstanding opportunities to secure interesting jobs and develop successful careers. Support continues after graduation and as a Cranfield alumnus, you have free life-long access to a range of career resources to help you continue your education and enhance your career.

How to apply

Click on the ‘Apply Now’ button to start your online application.

See our Application guide for information on our application process and entry requirements.