module specification

CC7168 - IT Security Management (2017/18)

Module specification Module approved to run in 2017/18
Module title IT Security Management
Module level Masters (07)
Credit rating for module 20
School School of Computing and Digital Media
Total study hours 200
48 hours Scheduled learning & teaching activities
152 hours Guided independent study
Assessment components
Type Weighting Qualifying mark Description
Coursework 50%   research-based technical report (2500 words)
Unseen Examination 50%   two-hour unseen written examination
Running in 2017/18 No instances running in the year

Module summary

This module focuses on various aspects of IT Security Management and deals mainly with the protection of information assets in a business environment by concerted measures.

Prior learning requirements


Module aims

This module aims to provide students with an appreciation of the benefits IT Security Management provides within a business environment. This includes the choice and application of appropriate risk assessment and risk control techniques, the understanding of security standards & procedures, coupled with the application of IT security technology & security measures in a business setting.


• Information security overview: assessing why information security is required, for example; identifying information as a company asset;
• Security risk assessment: an overview of security risk assessment techniques, assessing, selecting and implementing security risk assessment techniques, development of a prioritised list of information security threats;
• Security risk management: assessing, selecting and implementing controls for particular security threats;
• IT security technologies and security mechanisms;
• IT security audit;
• Legal, Ethical, and Professional Issues;
• Security standards and procedures: reviewing relevant standards and procedures for information security.

Learning and teaching

Coursework 1 is a research-based technical report (2500 words) - online submission, which is the culmination of good literature review work carried out through using a wide mix of sources: lecture slides, textbooks, industrial standards and guidelines, research papers, and web resources. It’s aimed at developing students’ knowledge, confidence and problem solving strategies [LO4-6].

The seminar/tutorial materials, activities and informal feedback opportunities in the class and labs will be used to support student learning and provide the impetus for tackling coursework. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.

The formative exam will be used to assess students’ deeper understanding of the concepts [LO1-3].

Learning outcomes

The student should be able to:

LO1. appreciate why IT security management is essential in today’s business environment;
LO2. understand  the complexities of security management;
LO3. appreciate the issues related to information security standards and procedures;
LO4. have seen main stream companies attempt to solve their information security problems;
LO5. understand  the Legal, Ethical, and Professional Issues in IT Security Management;
LO6. evaluate critically the suitability of controls for a particular security threat in a particular context;

Assessment strategy

The assessment for this module is based on a coursework and a two-hour unseen written examination, which are described as follows:

  • Coursework (50%): a research-based technical report focused on one section of the syllabus for the module, which is predominantly linked to learning outcomes 4, 5 and 6.
  • Exam (50%): two-hour unseen written examination based on the theoretical contents delivered in lectures, semesters, and tutorials, which is mainly linked to learning outcomes 1,2 and 3
  • Timing of assessment:
        o The coursework component is submitted in week 11.
        o The exam is in week 13 or later arranged by the Examination Office.


• Essential Reading
1. Management of Information Security, 2/E, Michael Whitman, Herbert Mattord, ISBN 13: 978-1-4239-0130-3 © 2008, ISBN 10: 1-4239-0130-4 Publish date: March 27, 2007
2. Principles of Information Security, Michael Whitman, Herbert Mattord, ISBN 13: 978-0-619-21625-2 © 2005, ISBN 10: 0-619-21625-5,Publish date: November 23, 2004

• Recommended Reading
1. Security Policies and Procedures: Principles and Practices, 1/e Greene, ©2006, Prentice Hall, ISBN-10: 0131866915, ISBN-13: 9780131866911
2. Executive Guide to Information Security, The:Threats, Challenges, and Solutions, 1/e,Egan & Mather, ©2005, Addison-Wesley, ISBN-10: 0321304519, ISBN-13: 9780321304513
3. Mapping Security: The Corporate Security Sourcebook for Today’s Global Economy, 1/e, Patterson & Blue, ©2005, Addison-Wesley, ISBN-10: 0321304527, ISBN-13: 9780321304520
4. Enterprise Security: IT Security Solutions: Concepts, Practical, Experiences, Technologies, Walter Fumy (Editor), Jörg Sauerbrey (Editor), ISBN: 978-3-89578-267-1, December 2005, Wiley