module specification

Please note: This module is superseded by CC6004

C2009N Communication Networks

This module is designed to provide students with the understanding of the security risks associated with information assets and the security programs designed to protect them from security threats. This module will focus on the identification of security risks, the application of risk control and risk management measures, appreciation of security technology and critical understanding of security policies, standards and practices. The legal, ethical, and professional issues in security management are also covered in this module.

• Information assets and the issues with information security
• Security measures designed to protect information assets
• Identification of security threats and the design of risk control measures
• Security risk assessment and implementation of risk control strategies
• Information security standards and policies, for example; BS 7799 and BS ISO/IEC 17799:2000
• Protection mechanisms
• Legal, ethical, and professional issues
• Information security maintenance

This module will be delivered through a combination of lectures and workshops(2 hour lecture and 2 hour workshop). The lectures cover major topics and teaching materials including lecture slides, tutorial and workshop tasks, and coursework assignments are accessible on-line via the university WebLearn. Tutorials and workshops are the vehicle for students, as well as tutors, to present research and other inputs. Students are encouraged to debate, research, develop and demonstrate their knowledge and skills to others. Tutorial support will be provided where appropriate. It is recommended that learning hours for this module is 150 hours.

By the end of this module students will be able to:
LO1. understand the issues with information security;[A2]
LO2. identify the security risks and risk control strategies in a particular context; [A3]
LO3. appreciate the security controls for a particular security threat in a particular context; [A2]
LO4. evaluate various security technologies; [A3]
LO5. describe business continuity planning; [A2]
LO6. understand security policy, standard, and practices; [A2]
LO7. discuss issues related to legal, ethical, and professional issues in security management. [A2]

This module is focused on graduate attributes A2 and A3

The assessment for this module is divided in two components: a coursework and a two-hour unseen written examination.
Coursework (50%):
The course work is an extended research paper, based on one section of the syllabus for the module. Students will have opportunities of formative feedback in workshops throughout the semester and in tutorials where appropriate. The coursework component is submitted in week 12.
Two–hour unseen written examination (50%):
The examination is related to all sections of the syllabus for the module. The students will be supported by tutorials and the revision session for the examination.

Students pass on aggregate.

1. Bryant R. editor (2008), Investigating Digital Crime, Wiley, ISBN 978-0-470-51601-0

2. Michael E. Whitman and Herbert J. Mattord (2009), Principles of Information Security, Delmar Learning, ISBN-13: 9780840031167 / ISBN-10: 0840031165 (the main text book)

3. Michael E. Whitman and Herbert J. Mattord (2008), Management of Information Security, Delmar Learning, ISBN-13: 9781423901303 / ISBN-10: 1423901304

4. Sari Greene (2006), Security Policies and Procedures: Principles and Practices, Prentice Hall, ISBN-10: 0131866915, ISBN-13: 9780131866911