Cybersecurity Law

The phenomenal growth of the networked environment, the increase in the number of malicious cyberattacks and the heightened risk of cyberterrorism against critical information infrastructures (such as national power grid, transportation, health, banking and finance infrastructure) have made cybersecurity a critical national agenda. Cyberattacks harm national security and business interests and are considered as criminal acts in most jurisdictions. In dealing with cybersecurity attacks, understanding how the law and legal processes operate is a critical and unavoidable aspect. Beyond cybercrimes, broader cybersecurity concerns such as cyberattacks from nation states and non-state actors have emerged. With cyberterrorism and state sponsored cyberintelligence activities on the rise, cyberdefence has become a new strategic imperative. With traditional geopolitical risks increasingly layered with cybersecurity risks, international relationship management now requires new forms of cooperation between states in the new cyberworld. At the enterprise level, the establishment of a robust legal risk management framework and prosecution regime to fight cybercrime and cyberterrorism continues to be an essential building block. Enterprises, governments and other organizations needs to create a proactive and structured legal and regulatory risk management framework to better manage cybersecurity risks and ensure cybersecurity resilience.

This course will equip students with the knowledge and skills to deal with cybersecurity attacks from the legal, investigative, risk management and policy aspects. It will introduce the concepts and principles of computer crime laws and regulations, cyberterrorism and policy principles and practices to counter cyberthreats.


By the completion of this subject, the student should be able to understand:

    1. The nature of cybercrime, cyberterrorism and state-sponsored cyberattacks set against the international relation context;
    2. The basic principles of cybersecurity laws and how to identify legal risk issues in the design, development and management of information security systems;
    3. The process of investigation when a computer crime and cyberterrorist acts are suspected to have been committed including dealing with cross border legal and investigation issues and understanding criminal prosecution procedures.
    4. Key legal and regulatory risk management principles and strategies that organizations should adopt as part of their overall information security management policy including legal and regulatory compliance.
    5. How to create appropriate policy and legislative framework to manage the rise of cybercrime and cyberterrorism both locally as well internationally.