Skip links

SME Security Governance


This Problem-based Learning scenario has been created to enable students to explore the security governance , risk assessment, culture and Return on Investment issues that occur in SMEs.

On successful completion of the scenario, students will be able to:

  1. Articulate the major security risks and legal compliance issues for an SME.
  2. Explain approaches to justification of investment on Infosec controls, including ROSI (Return on Security Investment).
  3. Explain the key features of ISO27001 and risk assessment.
  4. Explain key features and requirements for an Information Security culture and suggest activities for developing it.
  5. Analyse and discuss the relevance of Cyber Essentials and BMIS to the scenario.
  6. Identify and outline key policies required and HR processes.
  7. Identify and justify technical controls for securing remote access and data governance.

This page provides the resources for students to be able to complete the scenario as members of a small team facilitated by a tutor. The resources consist of an introductory video together with documents detailing the PBL problem statement, tasks and links to other materials that learners are expected to use to complete the tasks.

A facilitator guide and CSKE Guide to PBL provide additional information for tutors. The materials are modular, and the source is available so that they can be customized to other contexts, for example as part of an online course.

Once you have logged in or registered, you can access the full PBL documentation, including:

  • The CSKE PBL Learning Guide,
  • An Interactive Scenario Guide,
  • The Senario and Learning Resouces, and
  • Links to additional resouces.
This website uses cookies to improve your web experience.