Understanding Cyber Risk: An Introduction



Overview

This one-day course introduces students to the key business challenges of cyber security and the risks organisations face from cyber threats. We begin by examining how to protect digital assets and the business practices that support strong cyber defence.

Using the ‘cyber kill chain’ framework, we unpack how cyber-attacks are structured - offering insight into how attacks unfold and what motivates threat actors. You’ll then learn how to model threats at both enterprise and application levels, applying Microsoft’s STRIDE methodology to identify and categorise risks across business systems.

We guide you through the process of prioritising security controls - translating technical defences into strategic decisions that reduce exposure and support business continuity. Finally, we explore the concept of attribution, examining how cyber threats are traced and the impact of this process on legal, reputational and policy responses.

By the end of the course, you’ll have a solid grounding of cyber security from a business perspective - equipping you to engage confidently with technical teams, assess organisational threats, and contribute to strategic decision-making. No prior technical experience is required - this course is open to professionals from both technical and non-technical backgrounds.

Programme details

Session 1: Cyber Security

This session investigates how cyber security is pursued within a rapidly evolving political and technical environment. We will examine the primary challenges to managing cyber security. Firstly, we will survey the threat landscape before continuing to study some of the attack methodologies malicious actors use. Finally, we will consider how individuals, businesses and nation-states can protect themselves.

Session 2: Anatomy of Hacking

This session dissects how attackers breach networks and achieve their objectives (e.g. disruption, data theft). We explore the 'Cyber Kill Chain', a conceptual model of the hacking process. Taking each step in turn, we detail the decisions hackers make to avoid detection and gain access to their targets. At the end of this session, you will have a conceptual understanding of the foundations of hacking.

Session 3: Threat Modelling

This session details how threat models are created to ensure security investment is prioritised. We will review the threat landscape and attacker methodologies before constructing an enterprise-level threat model to understand strategic threats to the business. Then, we explore application threat modelling using Microsoft's STRIDE framework. At the end of this session, you will understand the basic methodology for creating both strategic and application-level threat models.

Session 4: Attribution: Understanding Who is Attacking Us

This session explores the challenges of assigning cyber operations to their originators. We will examine what attribution is, why it is necessary, and how it is conducted. We will study attribution analysis frameworks, and how the process of public attribution occurs. Finally, we will explore how threat entities create false flags (deliberate misdirection tactics) to misdirect investigators, and even to frame third parties. At the end of this lecture, you will understand the politics and practicalities of attribution.

This course can be taken separately or as part of our Cyber Security for Business Discount Week (29 June - 3 July 2026).

Attending Your Course 

Further details will be emailed to you two weeks ahead of your course, this will include registration information and an overview of the course timetable.

Please get in touch if you have not received this information within five working days of the course start date. 

In the meantime, you may wish to plan your travel: Travel information

Certification

In order to be eligible for a certificate of attendance, you will need to attend the whole course. Participants who meet this criterion will be emailed after the end of the course with a link, and instructions on how to access their University of Oxford digital certificate. 

The certificate will show your name, the course title and the dates of the course you attended. You will be able to download your certificate, as well as share it on social media if you choose to do so. 

Fees

Description Costs
Standard course fee £745.00

Payment

Fees include course materials, tuition, refreshments and lunches. The price does not include accommodation.

All courses are VAT exempt.

Register immediately online 

Click the 'Book now' button on this webpage. Payment by credit or debit card is required.

Request an invoice

If you require an invoice for your company or organisation, please email us to request an online application form.  

Payment is then accepted online, by credit/debit card, or by bank transfer. 

Tutor

Dr Craig Jarvis

Dr Craig Jarvis is a recognised industry leader and academic in cybersecurity, with a distinguished career spanning technical, strategic and executive leadership roles.

He brings substantial industry experience, most notably serving as Chief Technology Officer at DXC Security - then the world’s largest provider of security services. In this role, he was joint second-in-command of a $1 billion annual revenue business comprising over 4,000 cybersecurity professionals and 16 security operations centres. His responsibilities encompassed enterprise leadership, technology strategy, and portfolio development.

During his tenure, Craig founded DXC Security Labs, leading innovation in cybersecurity research and development. He also established a strategic cyber threat intelligence function and launched a cyber-physical systems security division, which generated a $50 million sales pipeline within its first year.

Craig has worked across all major industry sectors. His engagements have included advising energy companies during nation-state breach responses, enhancing hospital resilience strategies, and supporting government agencies with cybersecurity transformation. Most of his time is now spent in financial services, where he advises major banks and private equity firms on cybersecurity strategy, architecture, and due diligence.

A long-standing expert in security operations, Craig spent many years in his early career as a forensic and threat intelligence analyst, leading breach investigations and countering advanced threat actors. He engineered systems to monitor malicious actors within compromised systems. 

In addition to his industry contributions, Craig is a researcher and academic. He lectures at leading institutions including the University of Oxford, University of Cambridge, Imperial College London, and Royal Holloway. He has delivered training to business executives and technical leaders from some of the world’s most prestigious organisations.

Craig holds a PhD in cybersecurity, as well as master’s degrees in international security, information security and digital forensics, and classical music. He studied at institutions including the University of Oxford, King’s College London, and Royal Holloway.

His forthcoming book, Cyber Terrorism: Extremism & Hacking, will be published in 2026. He is the author of CryptoWars: The Fight for Privacy in the Digital Age and has contributed to Next Generation Enterprise Security. His academic research has been published in respected peer-reviewed journals, including Intelligence and National Security.

As a member of the Offensive Cyber Working Group's College of Experts, Craig plays an active role in shaping research in offensive cybersecurity. He is also the founding chair of the Geopolitics-Cyber Community of London Experts (GeoCyclone), an organisation bringing together business leaders, academics, and policy makers to share knowledge on national security and digital technologies.

Craig is active on LinkedIn, often posting details of upcoming courses and ongoing research.

Application

If you would like to discuss your application or any part of the application process before applying, please click 'Ask a Question' at the top of this page. 

Accommodation

Although not included in the course fee, accommodation may be available at our on-site Rewley House Residential Centre. All bedrooms are en suite and decorated to a high standard, and come with tea- and coffee-making facilities, free Wi-Fi access and Freeview TV. Guests can take advantage of the excellent dining facilities and common room bar, where they may relax and network with others on the programme.

To check prices, availability and to book rooms please visit the Rewley House Residential Centre website. 

Enrolled students are entitled to discounted accommodation rates for the purpose of study, at Rewley House, and can contact the administration team for the promotional code to use for making online accommodation bookings via the website.

Terms & conditions for applicants and students

Information on financial support