CC5052 - Risk, Crisis and Security Management (2017/18)
|Module specification||Module approved to run in 2017/18|
|Module title||Risk, Crisis and Security Management|
|Module level||Intermediate (05)|
|Credit rating for module||15|
|School||School of Computing and Digital Media|
|Total study hours||150|
|Running in 2017/18||
This module is in particular for those who wish to specialise in understanding, developing, and the application of IT security systems and measures in IT environments. It focuses on various aspects of security management and deals mainly with risk assessment, risk management, and standards and procedures. It provides students with an appreciation of the benefits security management provides within an information systems domain. This includes the choice and application of appropriate risk assessment and risk management techniques, coupled with an understanding of security standards and procedures.
Prior learning requirements
Successful completion of level 4 or equivalent
This module is aimed at providing students with the understanding of security risks associated with information assets and the security programs designed to protect them from security threats. This module will focus on the identification of security risks, the application of risk control and risk management measures, the appreciation of security technology, and critical understanding of security policies, standards and practices. The legal, ethical, and professional issues in security management are also covered in this module.
• Introduction and background to technology, crime and security
• Information assets and the issues with information security
• Security measures designed to protect information assets
• Identification of security threats and the design of risk control measures
• Security risk assessment and implementation of risk control strategies
• Information security standards and policies, for example; BS 7799 and BS ISO/IEC 17799:2000
• Protection mechanisms
• Legal, ethical, and professional issues
• Information security maintenance
Learning and teaching
Students will develop theoretical understanding and practical skills based on weekly lectures, tutorials and supervised workshops. The workshops, in particular, are provided to support students in gaining practical experience in security management.
Appropriate blended learning approaches and technologies, such as, the University’s VLE and Internet Web sites, etc., will be used to facilitate and support student learning, in particular, to:
• deliver content;
• encourage active learning;
• provide formative and summative assessments, and prompt feedback;
• enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
By the end of this module students should be able to:
LO1. understand the issues with information security and security risks;
LO2. identify the security risks and risk control strategies in a particular context;
LO3. appreciate the security controls for a particular security threat in a particular context;
LO4. evaluate various security technologies;
LO5.describe business continuity planning;
LO6.understand security policy, standard, and practices;
LO7.discuss issues related to legal, ethical, and professional issues in security management.
The learning outcomes of this module will be assessed in two components: an assignmentand a formative exam. The assignment is a technical report (1500 words) – online submission, which isan extended research paper [one of LO1-7], based on one section of the syllabus for the module. Students will have opportunities of informative feedback in workshops throughout the semester and in tutorials where appropriate.
The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling coursework. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.
The class test (1 hour) is used to assessstudents’ deeper understanding of the learning outcomes 1-7 [LO1-7].
The main learning resource is the complex of lecture notes, tutorial questions, workshop tasks, and other teaching materials available as a Web site accessed through university’s Web site.
The key texts:
1. Michael E. Whitman and Herbert J. Mattord (2009), Principles of Information Security, Delmar Learning, ISBN-13: 9780840031167 / ISBN-10: 0840031165
2. Michael E. Whitman and Herbert J. Mattord (2008), Management of Information Security, Delmar Learning, ISBN-13: 9781423901303 / ISBN-10: 1423901304
3. Sari Greene (2006), Security Policies and Procedures: Principles and Practices, Prentice Hall, ISBN-10: 0131866915, ISBN-13: 9780131866911
4. Bryant R. editor (2008), Investigating Digital Crime, Wiley, ISBN 978-0-470-51601-0