CC5052 - Risk, Crisis and Security Management (2024/25)
Module specification | Module approved to run in 2024/25 | ||||||||||||
Module title | Risk, Crisis and Security Management | ||||||||||||
Module level | Intermediate (05) | ||||||||||||
Credit rating for module | 15 | ||||||||||||
School | School of Computing and Digital Media | ||||||||||||
Total study hours | 150 | ||||||||||||
|
|||||||||||||
Assessment components |
|
||||||||||||
Running in 2024/25(Please note that module timeslots are subject to change) |
|
Module summary
This module is in particular for those who wish to specialise in understanding, developing, and the application of IT security systems and measures in IT environments. It focuses on various aspects of security management and deals mainly with risk assessment, risk management, and standards and procedures. It provides students with an appreciation of the benefits security management provides within an information systems domain. This includes the choice and application of appropriate risk assessment and risk management techniques, coupled with an understanding of security standards and procedures.
This module is aimed at providing students with the understanding of security risks associated with information assets and the security programs designed to protect them from security threats. This module will focus on the identification of security risks, the application of risk control and risk management measures, the appreciation of security technology, and critical understanding of security policies, standards and practices. The legal, ethical, and professional issues in security management are also covered in this module.
Prior learning requirements
Successful completion of level 4 or equivalent
Syllabus
• Introduction and background to technology, crime and security LO1
• Information assets and the issues with information security LO1,LO2
• Security measures designed to protect information assets LO1,LO2
• Identification of security threats and the design of risk control measures LO1,LO2,LO3
• Security risk assessment and implementation of risk control strategies LO1,LO2,LO3,LO4
• Information security standards and policies, for example; BS 7799 and BS ISO/IEC 17799:2000 LO5,LO6
• Protection mechanisms LO5
• Legal, ethical, and professional issues LO6,LO7
• Information security maintenance LO4
Balance of independent study and scheduled teaching activity
Students will develop theoretical understanding and practical skills based on weekly lectures, tutorials and supervised workshops. The workshops, in particular, are provided to support students in gaining practical experience in security management.
Appropriate blended learning approaches and technologies, such as, the University’s VLE and Internet Web sites, etc., will be used to facilitate and support student learning, in particular, to:
• Deliver content;
• Encourage active learning;
• Provide formative and summative assessments, and prompt feedback;
• Enhance student engagement and learning experience.
Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.
Learning outcomes
By the end of this module students should be able to:
LO1. understand the issues with information security and security risks;
LO2. identify the security risks and risk control strategies in a particular context;
LO3. appreciate the security controls for a particular security threat in a particular context;
LO4. evaluate various security technologies;
LO5.describe business continuity planning;
LO6.understand security policy, standard, and practices;
LO7.discuss issues related to legal, ethical, and professional issues in security management.
Bibliography
Where possible, the most current version of reading materials is used during the delivery of this module. Comprehensive reading lists are provided to students in their handbooks. Reading Lists will be updated annually.
Textbooks:
Core Text:
• Michael E. Whitman and Herbert J. Mattord (4th edition 2014), Management of Information Security, Delmar Learning, ISBN-13: 978-1285 062297 CENGAGE Learning
• Michael E. Whitman and Herbert J. Mattord (4th edition, 2012), Principles of Information Security, Delmar Learning, ISBN-13: 9781111138233 CENGAGE Learning.
Other Texts:
• Sari Greene (2006), Security Policies and Procedures: Principles and Practices, Prentice Hall, ISBN-10: 0131866915, ISBN-13: 9780131866911(Essential readings)
• Bryant R. editor (2008), Investigating Digital Crime, Wiley, ISBN 978-0-470-51601-0 (Supplementary)
Journals:
• The Computer Journal of the British Computer Society, ISSN 1460-2067 (Electronic); Publisher: Oxford: Oxford Journals, Oxford, UK : Oxford University Press.
Websites:
• Management of Information Security book website: https://books.google.co.uk/books/about/Management_of_Information_Security.html?id=_aIZDAAAQBAJ&redir_esc=y
Electronic Databases (available from the University Library)
• ACM Digital Library
• IEEE Xplore/IET Digital Library
Other
• Lynda.com