WM267-15 Cyber Risks in Organisations
Introductory description
This module covers Information Security Management Principles and a wide area of Information security fundamentals. The course provides an in-depth understanding of principles for managing security operations and legal and regulatory compliance impact on information security management systems. The delegates will also be exposed to secure asset management and effective information security governance with specific applications and references in organisational contexts.
Module aims
This module provides students with the theoretical frameworks, foundations, and practical skills underpinning operational information security management and related areas. The module introduces students to the requirements and techniques for risk identification and assessment, and the elements of security management from a business operational and technological perspectives. It also provides students with the fundamentals of governance and compliance, threats, threat modelling, threat mitigations, the development of secure and resilient systems, and cybersecurity operations and management.
Outline syllabus
This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.
Information security principles
Managing Information risk
Information security frameworks
Procedural and people security controls
Technical security controls
Software development life cycles
Physical and environmental security
Disaster recovery and business continuity management
Other technical security aspects
Corporate Governance
Business continuity and disaster recovery
Applied Cryptography
Security and Privacy models
Systems & Network security Principles
Ethics code of conduct in cyber security
Learning outcomes
By the end of the module, students should be able to:
- Demonstrate the ability to design, implement and test information security processes in Information security management systems to increase their resilience and conformance with legal and regulatory functions
- Provide a systematic understanding of knowledge and awareness of information and systems and network security management processes
- Assess, analyse and synthesise tools, techniques and approaches to quantify threat landscapes and provide mitigation plans in a variety of organisational contexts.
- Systematically apply knowledge on how to design and implement information security policy programs fully aligned to legal and regulatory compliance frameworks
Indicative reading list
Alexander, D., Finch, A., Sutton, D., & Taylor, A. (2013). Information security management principles. Swindon, U.K: BCS Learning & Development Ltd.
Douglas Landoll. 2011. The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition (2nd. ed.). CRC Press, Inc., USA.
William Stallings. 2016. Cryptography and Network Security: Principles and Practice (7th. ed.). Prentice Hall Press, USA.
Subject specific skills
You will develop skills and actively be engaged in enquiry during the learning process in information security management frameworks, technologies and tools to real-world scenarios, evaluating and comparing their performance, and analysing the results
You will look at ethics, risk, governance, compliance, the law, and regulations in relation to business operations in terms of real-world cybersecurity scenarios, to gain an understanding of the underpinning concepts of information security management, and the techniques and systems used to operate them
You will further develop collaborative abilities through practical sessions and seminars as part of the task to cross-fertilise and discuss ideas about the technologies, challenges and opportunities in the domain of enquiry. Information sharing is highly recommended and promoted so as to present news ways of tackling with these security challenges and issues in our modern cyberspace
You will work creatively with new ideas and approaches. It will challenge your ability to intellectually, pragmatically and systematically determine the needs in terms of producing appropriate solutions to address aspects of operational information security management based on existing knowledge in the target discipline suitably balanced with your workplace duties and activities
Transferable skills
Team working
Leadership
Decision making
Communication skills
Study time
| Type | Required |
|---|---|
| Lectures | 18 sessions of 1 hour (12%) |
| Seminars | 5 sessions of 1 hour (3%) |
| Tutorials | 2 sessions of 1 hour (1%) |
| Practical classes | 5 sessions of 1 hour (3%) |
| Work-based learning | 32 sessions of (0%) |
| Other activity | 47 hours (31%) |
| Private study | 41 hours (27%) |
| Assessment | 32 hours (21%) |
| Total | 150 hours |
Private study description
N/A
Other activity description
Distance learning support using technology enhanced learning.
Typically Revision/consultancy is of 3 hours but its not scheduled in the timetable
Typically On-line support is of 4 hours but its not scheduled in the timetable
Costs
No further costs have been identified for this module.
You must pass all assessment components to pass the module.
Assessment group A
| Weighting | Study time | Eligible for self-certification | |
|---|---|---|---|
| Coursework 2 | 60% | 20 hours | Yes (extension) |
|
Threat Modelling and Attack surface exposure analysis: Students will engage with a case study to identify the threat landscape, quantify and measure threats and propose mitigation approaches using de-facto methodologies and approaches. |
|||
| Coursework 1 | 40% | 12 hours | Yes (extension) |
|
ISMS Roadmap Implementation with ISO27001: Students will work as consultants to provide an Information Security Management System (ISMS) Roadmap for the company to help it establish their ISMS and ensure it compliance with external security standardisation |
|||
Feedback on assessment
Feedback given as appropriate to the assessment type:
- verbal feedback given during seminar/tutorial sessions,
- written individual formative feedback on the assignment report and on the presentation,
- written cohort-level summative feedback on the exam.
Courses
This module is Core for:
- Year 2 of DWMS-H652 Undergraduate Digital and Technology Solutions (Data Analytics) (Degree Apprenticeship)
- Year 2 of DWMS-H653 Undergraduate Digital and Technology Solutions (Network Engineering) (Degree Apprenticeship)
- Year 2 of DWMS-H654 Undergraduate Digital and Technology Solutions (Software Engineering) (Degree Apprenticeship)