module specification

This module is in particular for those who wish to specialise in understanding, developing, and the application of IT security systems and measures in IT environments. It focuses on various aspects of security management and deals mainly with risk assessment, risk management, and standards and procedures. It provides students with an appreciation of the benefits security management provides within an information systems domain. This includes the choice and application of appropriate risk assessment and risk management techniques, coupled with an understanding of security standards and procedures.
This module is aimed at providing students with the understanding of security risks associated with information assets and the security programs designed to protect them from security threats. This module will focus on the identification of security risks, the application of risk control and risk management measures, the appreciation of security technology, and critical understanding of security policies, standards and practices.  The legal, ethical, and professional issues in security management are also covered in this module.

Successful completion of level 4 or equivalent

• Introduction and background to technology, crime and security LO1
• Information assets and the issues with information security LO1,LO2
• Security measures designed to protect information assets LO1,LO2
• Identification of security threats and the design of risk control measures LO1,LO2,LO3
• Security risk assessment and implementation of risk control strategies LO1,LO2,LO3,LO4
• Information security standards and policies, for example; BS 7799 and BS ISO/IEC 17799:2000 LO5,LO6
• Protection mechanisms LO5
• Legal, ethical, and professional issues LO6,LO7
• Information security maintenance LO4

Students will develop theoretical understanding and practical skills based on weekly lectures, tutorials and supervised workshops.  The workshops, in particular, are provided to support students in gaining practical experience in security management.

Appropriate blended learning approaches and technologies, such as, the University’s VLE and Internet Web sites, etc., will be used to facilitate and support student learning, in particular, to:
• Deliver content;
• Encourage active learning;
• Provide formative and summative assessments, and prompt feedback; 
• Enhance student engagement and learning experience.

Students will be expected and encouraged to produce reflective commentaries on the learning activities and tasks that they carry out to complete their work.

By the end of this module students should be able to:
LO1. understand the issues with information security and security risks;
LO2. identify the security risks and risk control strategies in a particular context;
LO3. appreciate the security controls for a particular security threat in a particular context;
LO4. evaluate various security technologies;
LO5.describe business continuity planning;
LO6.understand security policy, standard, and practices;
LO7.discuss issues related to legal, ethical, and professional issues in security management.

The learning outcomes of this module will be assessed in two components: an assignmentand a formative exam. The assignment is a technical report (1500 words) – online submission, which is an extended research paper [one of LO1- LO7], based on one section of the syllabus for the module. Students will have opportunities of informative feedback in workshops throughout the semester and in tutorials where appropriate.

The workshop materials, activities and informal feedback opportunities in the class and workshops will be used to support student learning and provide the impetus for tackling coursework. Formative assessment and feedback opportunities will be provided to develop student understanding of the subject.

The class test (1 hour) is used to assess students’ deeper understanding of the learning outcomes 1-7 [LO1- LO7]. 
Consistent with University policy, formative and summative feedback will be provided at various points throughout the semester. The following is an indicative timeline for formative and summative feedback:

Week 11: Summative Coursework Deadline.
Week 14: Feedback on Summative Coursework.

Week 15: Class test

Where possible, the most current version of reading materials is used during the delivery of this module.  Comprehensive reading lists are provided to students in their handbooks.  Reading Lists will be updated annually.

Textbooks:

Core Text:
• Michael E. Whitman and Herbert J. Mattord (4th edition 2014), Management of Information Security, Delmar Learning, ISBN-13: 978-1285 062297 CENGAGE Learning
• Michael E. Whitman and Herbert J. Mattord (4th edition, 2012), Principles of Information Security, Delmar Learning, ISBN-13: 9781111138233 CENGAGE Learning. 
Other Texts:
• Sari Greene (2006), Security Policies and Procedures: Principles and Practices, Prentice Hall, ISBN-10: 0131866915, ISBN-13: 9780131866911(Essential readings)
• Bryant R. editor (2008), Investigating Digital Crime, Wiley, ISBN 978-0-470-51601-0 (Supplementary)

Journals:
• The Computer Journal of the British Computer Society, ISSN 1460-2067 (Electronic); Publisher: Oxford: Oxford Journals, Oxford, UK : Oxford University Press.
Websites:
• Management of Information Security book website: https://books.google.co.uk/books/about/Management_of_Information_Security.html?id=_aIZDAAAQBAJ&redir_esc=y
Electronic Databases (available from the University Library)
• ACM Digital Library
• IEEE Xplore/IET Digital Library
Other
• Lynda.com