Cybersecurity management

As part of the Academic Centre of Excellence in Cybersecurity Excellence (ACCSE) at the University of Melbourne, we retain a research focus in Cybersecurity Management. Cybersecurity Management is an organisation’s strategic-level capability to protect information resources and competitive advantage in a complex and evolving threat landscape. Today’s highly dynamic and fast-paced business environment shapes the way in which enterprises use their assets such as digital processes, information and IT systems to gain competitive advantage. These assets are increasingly exposed to security threats, both external and internal, such as theft, fraud, sabotage, embezzlement, and industrial espionage. Cybersecurity management mitigates the risk exposure of organisations using a range of managerial, legal, technological, process and social controls.

Within this theme, our research focuses on the following research pillars:

Incident response and crisis management

Incident response and crisis management looks at how organisations can adapt their defensive posture to the changing threat landscape, by developing situation awareness and by learning from past experiences.

Sample projects

  • ARC Discovery Project 2016: “Organisational Learning from Incident Response” (Atif Ahmad, Sean Maynard, Humza Naseer)
  • Security Analytics for Situation Awareness (Humza Naseer, Sandeep, Graeme Shanks, Atif Ahmad, Sean Maynard)
  • Tomorrow’s Cyber Security Response Function (Atif Ahmad, Sean Maynard)

Secure information and knowledge management

Secure information and knowledge management looks at how to protect information and knowledge assets in the organisational habitat such as Intellectual Property and Trade Secrets.

Sample projects

  • Leakage of Intellectual Property and Trade Secrets in Organisations (Atif Ahmad, Rachelle Bosua, Sean Maynard, Subramaniam, Carlos Serna, Heidi Tscherning)
  • Data Privacy and Consumer Behaviours (Suelette Dreyfus, Shanton Chang)
  • Information Leakage through Social Media and BYOD (Carlos Serna, Shanton Chang, Atif Ahmad, Sean Maynard)
  • Information and Knowledge Asset Identification for Security (Wally Smith, Atif Ahmad)
  • Sensitivity Classification of Information and Knowledge (Atif Ahmad, Sean Maynard)

Security strategy and risk

Security strategy and risk looks at new paradigms of risk and strategy as well as the role and influence of decision makers in order to address the escalating challenge posed by sophisticated threats such as Advanced Persistent Threat (APT).

Sample projects

  • Prevention and Response paradigms in Information Security (Atif Ahmad, Sean Maynard, Abid Shah Bukhari)
  • Security Analytics for Risk Management (Humza Naseer, Graeme Shanks, Atif Ahmad, Sean Maynard)
  • Contingency-based Strategy Models in Information Security (Craig Horne, Sean Maynard, Atif Ahmad)
  • Security Governance Models (Chee Kong Wong, Stephanie James, Sean Maynard, Atif Ahmad)
  • Influence of Risk Perception of the Senior Executive on Strategy-as-Practice (Anitya Nijhara, Monica Whitty, Sean Maynard, Atif Ahmad)

Security policy, training, and behaviour

 Security policy, training, and behaviour looks broadly at the quality and effectiveness of formal and informal security controls in organisations, as well as means of setting up standards of accountability and responsibility for security in organisations.

Sample projects

  • Cyber Security training for the Senior Executive (Atif Ahmad, Sean Maynard)
  • Security Management Practices in Organisations (Moneer Al Shaikh, Sean Maynard, Shanton Chang, Atif Ahmad)
  • Quality Assessment of Strategic Information Security Policy (Sean Maynard, Atif Ahmad)
  • Security Management Behaviours (Sean Maynard, Monica Whitty, Shanton Chang, Atif Ahmad)



Honorary staff


Graduate researchers

Abid Shah Bukhari

Anitya Nijhara

Chee Kong Wong

Ritu Ramanathan

Sandeep Godbole

Subramaniam Ramasubramanian