Description
Aims:
The module will provide the student with an understanding of the principles of information security management that are commonly used in business. It will introduce the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.
Intended learning outcomes:
On successful completion of the module, a student will be able to:
- Understand the key themes and principles of information security management and be able to apply these principles in designing solutions to managing security risks effectively.
- Understand how to apply the principles of information security management in a variety of contexts.
- AppreciateÌýthe interrelationship between the various elements of information security management and its role in protecting organisations.
Indicative content:
The following are indicative of the topics the module will typically cover:
The module covers the principles of applied information security management and is suitable for those who are looking for an in-depth understanding of security management in medium to large organisations.
The module comprises the following topics:
- Governance and security policy.
- Threat and vulnerability management.
- Incident management.
- Risk management.
- Information leakage.
- Crisis management and business continuity.
- Legal and compliance.
- Security awareness and security implementation considerations.
Under these broad headings, the following areas covered:
- ISO 27000 series and the Plan-Do-Check-Act model.
- Assessment of threats and vulnerabilities.
- Incident response.
- Forensics and investigations.
- Risk assessment and risk management frameworks.
- Dealing with classified/ sensitive data.
- Contingency planning.
- Legal and regulatory drivers and issues.
- Certification.
- Common criteria.
- Security awareness.
- Education and training.
- Practical considerations when implementing the frameworks to address current and future threats.
Requisites:
To be eligible to select this module as optional or elective, a student must: (1) be registered on a programme and year of study for which it is a formally available; and (2) have a basic understanding of IT (whereas prior security knowledge is preferable.)
Technical skills are not a requirement, but the module will cover concepts that may be considered ‘technical’ by students with no prior knowledge of IT or security.
Module deliveries for 2024/25 academic year
Last updated
This module description was last updated on 19th August 2024.
Ìý