GOVERNANCE AND RISK MANAGEMENT

SHE Level 3
SCQF Credit Points 20.00
ECTS Credit Points 10.00
Module Code M3I125246
Module Leader David Hendry
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • C (May start)

Pre-Requisite Knowledge

Awareness of technical origins of security risks and their mitigation.

Summary of Content

This module will focus on the combination of business and technology-related challenges, the requirements to meet regulatory compliance obligations as well as risk assessment and management. Students will be able to demonstrate an understanding of governance and the collection of practices related to supporting, defining and directing the security efforts of an organisation. Students will also be able to demonstrate an understanding and apply risk assessment and management concepts. On completion of this module students will be able to develop strategies and approaches for mitigating risk and create a security case to reduce and mitigate risk. The percentage of Work Based Learning for this module, as represented by the proportion of the Activity Types which take place off campus, is 79%. The percentage of Work Based Assessment for this module is 50%.

Syllabus

Security governance principles The legal, regulatory and compliance environment. The role of assurance in management of the secure enterprise Documented security policy, standards, procedures and guidelines Business continuity requirements Personnel security policies Security management standards and policies Risk modelling and analysis Risk assessment & management

Learning Outcomes

On successful completion of this module a student should be able to:1 Discuss and understand the scope and defining features of the legal, regulatory and compliance environment within information systems.2 Understand legal and regulatory issues that pertain to information security in a global context.3 Develop and implement documented security policy, standards, procedures and guidelines4 Understand the role of assurance in management of the secure enterprise5 Understand security management standards and policies.6 Critically evaluate risk assessment methodologies and undertake a risk assessment7 Understand the principles of information security risk management and develop cyber and information security risk management strategies and controls.

Teaching / Learning Strategy

Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The Learning and Teaching Strategy is informed by the University's Strategy for Learning. The course material will be introduced through online presentations as well as guided reading material made available on GCULearn. These are supported by practical exercises, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and tutors. Students will be expected to undertake a significant level of independent study within the workplace, including practical activities, and links will be provided to appropriate external material such as articles, podcasts and videos to supplement the module content. Students will be encouraged to reflect upon the theoretical learning within the workplace and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance throughout the module through undertaking the practical assignments and tutorial exercises and participating in the seminars.

Indicative Reading

Gordon, Adam. (2015) Official (ISC) Guide to the CISSP CBK (Certified Information Systems Security Professional). 4 th Edition. Omar Santos, Joseph Muniz, Stefano De Crescenzo. (2017) CCNA Cyber Ops SECFND #210-250 Official Cert Guide. Cisco Press Cisco Networking Academy Engemann, K., Henderson, D. (2011) Business Continuity and Risk Management: Essentials of Organizational Resilience. Whitman, M., Mattord, H. (2011) Roadmap to Information Security: For IT and Infosec Managers NIST, 2017, Risk Management Framework for Information Systems and Organizations: NIST SP 800-37 Revision 2 Kohnke, A., Sigler, K., Shoemaker, D. (2017) Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework (Internal Audit and IT Audit) Mooney, T. (2015) Information Security: A Practical Guide Whitman, M., Mattord, H. (2018) Management of Information Security Managing the Insider Threat - No Dark Corners. Published by CRC Press, Taylor and Francis Group, Boca Raton, FL Da Silva Lopes and Duguid, (2010) Woods, M. (2011) Risk Management in Organisations: An integrated case study approach, Routledge. Chapman, R. J. (2011) Simple Tools and Techniques for Enterprise Risk Management, John Wiley & Sons. Houston, J & Walters, S, (2013) Risk Analysis & Modelling, using Excel and @Risk,

Transferrable Skills

In addition to the attainment of learning outcomes students will develop personal transferrable skills in Self-management, report writing, case study analysis, problem solving and critical thinking.

Module Structure

Activity Total Hours
Tutorials (FT) 12.00
Lectures (FT) 12.00
Practicals (FT) 12.00
Assessment (FT) 18.00
Seminars (FT) 12.00
Independent Learning (FT) 134.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (Exams Office) 2.00 50.00 35% Written, unseen exam
Coursework 1 n/a 50.00 35% Case Study (3000 words)