Introductory description

This module covers Information Security Management Principles and a wide area of Information security fundamentals. The course provides an in-depth understanding of principles for managing security operations and legal and regulatory compliance impact on information security management systems. The delegates will also be exposed to secure asset management and effective information security governance with specific applications and references in organisational contexts.

Module web page

Module aims

Outline syllabus

This is an indicative module outline only to give an indication of the sort of topics that may be covered. Actual sessions held may differ.

Information security principles
Managing Information risk
Information security frameworks
Procedural and people security controls
Technical security controls
Software development life cycles
Physical and environmental security
Disaster recovery and business continuity management
Other technical security aspects
Corporate Governance
Business continuity and disaster recovery
Applied Cryptography
Security and Privacy models
Systems & Network security Principles
Ethics code of conduct in cyber security

Learning outcomes

By the end of the module, students should be able to:

• Demonstrate how to design security processes in information security management systems to increase their resilience and conformance with legal and regulatory functions. [CITP 2.1.5]
• Demonstrate awareness and knowledge of information and systems and network security management processes. [CITP 2.1.1, 2.1.2]
• Assess and analyse tools, techniques, and approaches to quantify threat landscapes and provide mitigation plans in a variety of organisational contexts. [CITP 2.1.7] [AHEP4 C9]
• Design and implement information security policy programs fully aligned with legal and regulatory compliance frameworks. [CITP 2.1.13]

Indicative reading list

Alexander, D., Finch, A., Sutton, D., & Taylor, A. (2020). Information security management principles. Third Edition. Swindon, U.K: BCS Learning & Development Ltd.
Douglas Landoll. 2011. The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments, Second Edition (2nd. ed.). CRC Press, Inc., USA.
William Stallings. 2016. Cryptography and Network Security: Principles and Practice (7th. ed.). Prentice Hall Press, USA.

Subject specific skills

This module covers the following Skills based on the latest published DTS DA standard (ST0119):

• Identify risks, determine mitigation strategies and opportunities for improvement in a digital and technology solutions project (S2).
• Apply relevant security and resilience techniques to a digital and technology solution. For example, risk assessments, and mitigation strategies (S9).
• Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation (S41)
• Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends (S42)
• Use appropriate cyber security technology, tools and techniques in relation to the risks identified (S44)
• Lead the design and build of systems in accordance with a security case to address organisational challenges (S47)

Also, Students will be able to:

• Develop skills and actively be engaged in information security management frameworks, technologies and tools for real-world scenarios.
• Develop an understanding of ethics, risk, governance, and legal aspects of cyber security in practical scenarios.
• Develop collaborative abilities through practical sessions and seminars to share insights and innovative solutions for cyber security challenges.
• Develop creative problem-solving skills in information security management, blending theoretical knowledge with practical application.

Transferable skills

Team working
Leadership
Decision making
Communication skills