INFORMATION SECURITY MANAGEMENT

SHE Level 5
SCQF Credit Points 15.00
ECTS Credit Points 7.50
Module Code MMI125227
Module Leader Jacqueline Riley
School School of Computing, Engineering and Built Environment
Subject Cyber Security and Networks
Trimester
  • C (May start)

Pre-Requisite Knowledge

Awareness of technical origins of security risks and their mitigation.

Summary of Content

This module will examine strategic approaches that can be taken to manage organisational resilience. It will focus on areas critical to maintaining resilience on both a day to day operational basis and in the event of a crisis situation. Specifically it will cover information security management and risk management in relation to IT systems and data. All of the above will be set in the context of an organisation's cyber security strategy.

Syllabus

Risk Landscape, Risk Management methodologies and standards, Quantitative and qualitative analysis of risk. Business continuity and recovery planning. Security and information assurance, information security management systems. Privacy and its legal and regulatory requirements. Procedural controls. The ISO/IEC 27000 Series.

Learning Outcomes

On successful completion of this module a student should be able to:1. Appraise the key principles of Information Security and information security management systems.2. Compare and contrast risk management standards.3. Critically evaluate risk using qualitative and quantitative methods.4. Evaluate and develop an organisational cyber security strategy.5. Understand the components of an IT business continuity plan.

Teaching / Learning Strategy

Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The course material is introduced through lectures in the form of online presentations, which will cover the principles of the subject, will illustrate the relevance of it to the real-world and introduce a range of professional processes and practices. Work Based Education aims to maximise the direct and digitally mediated contact time with students by practicing teaching and learning strategies that use authentic work based scenarios and encourage action learning, enquiry based learning, problem based learning and peer learning. All these approaches aim to directly involve the students in the process of learning and to encourage sharing of learning between students. The module team will determine the level and accuracy of knowledge acquisition at key points in the delivery, inputting when necessary either directly or with the support of external experts who will add to the authenticity, the credibility and application of the education and learning in the workplace. The course material is introduced through lectures in the form of online presentations, which will cover the principles of the subject, will illustrate the relevance of it to the real-world and introduce a range of professional processes and practices. Students will engage with practical assignments and online tutorial material which may include instruction and peer-created content, and there will be seminars on campus which will allow students to discuss key concepts and issues with peers and with instructors. Students will be expected to undertake a significant level of independent study within the workplace, including practical activities, and links will be provided to appropriate external material such as podcasts, MOOCs, videos and literature to supplement the module content. Students will be encouraged to reflect upon the theoretical learning within the workplace and the application of newly learned concepts to the work environment, and this will form part of the module assessment. Students will receive feedback on their performance through the module through undertaking the practical assignments and tutorial exercises and participating in the seminars.

Indicative Reading

Engemann, K., Henderson, D. (2011) Business Continuity and Risk Management: Essentials of Organizational Resilience. Whitman, M., Mattord, H. (2011) Roadmap to Information Security: For IT and Infosec Managers NIST, 2017, Risk Management Framework for Information Systems and Organizations: NIST SP 800-37 Revision 2 Kohnke, A., Sigler, K., Shoemaker, D. (2017) Implementing Cybersecurity: A Guide to the National Institute of Standards and Technology Risk Management Framework (Internal Audit and IT Audit) Mooney, T. (2015) Information Security: A Practical Guide Whitman, M., Mattord, H. (2018) Management of Information Security Managing the Insider Threat - No Dark Corners. Published by CRC Press, Taylor and Francis Group, Boca Raton, FL Da Silva Lopes and Duguid, (2010) Woods, M. (2011) Risk Management in Organisations: An integrated case study approach, Routledge. Chapman, R. J. (2011) Simple Tools and Techniques for Enterprise Risk Management, John Wiley & Sons. Houston, J & Walters, S, (2013) Risk Analysis & Modelling, using Excel and @Risk,

Transferrable Skills

In addition to the attainment of learning outcomes students will develop personal transferrable skills in Self-management, report writing, case study analysis, problem solving and critical thinking.

Module Structure

Activity Total Hours
Assessment (FT) 26.00
Independent Learning (FT) 100.00
Seminars (FT) 24.00

Assessment Methods

Component Duration Weighting Threshold Description
Exam (School) 1.00 40.00 45% Class test
Coursework 1 n/a 60.00 45% Technical report (2000 words)