INFORMATION SECURITY MANAGEMENT - 2017/8

Module code: COMM037

Module provider

Computer Science

Module Leader

WILLIAMS DM Dr (Computer Sci)

Number of Credits

15

ECT Credits

7.5

Framework

FHEQ Level 7

JACs code

P110

Module cap (Maximum number of students)

N/A

Module Availability

Semester 1

Overall student workload

Independent Study Hours: 120

Lecture Hours: 38

Assessment pattern

Assessment type Unit of assessment Weighting
Coursework COURSEWORK 40
Examination 2 HOUR UNSEEN EXAMINATION 60

Alternative Assessment

N/A

Prerequisites / Co-requisites

None

Module overview

Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails messages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments.

Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills.

This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the technical and organisational challenges a business must face when building a secure solution.

Module aims

The aim of the module is to equip the students with the analytical skills and knowledge to assess security in large systems and organisations, and to incorporate appropriate levels of security in the various steps of a systems lifecycle.

Learning outcomes

Attributes Developed
Identify and discuss the benefits of embedding security throughout an organisation KCP
Be able to identify assets and threats, and assess risks K
Have an understanding of how to relate and adapt information systems in general and security solutions in particular to specific business processes and requirements to meet overall goals KCP
Be able to suggest and justify technical and non-technical solutions to security problems KCPT
Be able to communicate clearly and unambiguously about security problems  to other people in an organisation PT

Attributes Developed

C - Cognitive/analytical

K - Subject knowledge

T - Transferable skills

P - Professional/Practical skills

Module content

Indicative content includes:


Introduction to Information Security

The business need for security:
Confidentiality, availability, integrity et al
Components of an information system: Software, hardware, data, people, procedures
System and security development lifecycles


Risk Management

Risk Management terminology: Agents, threats, vulnerabilities, etc
Risk Identification, assessment (quantitative and qualitative)
Risk appetite and residual risk
Selecting a risk control strategy


Planning for Security

Methodologies for Information Security Evaluation and Assurance
ISO 27000, Common Criteria
Security education and training
Continuity strategies


The role of cryptography in security

Cryptographic algorithms and their application
Cryptographic tools, PKI, digital signatures
Examples of secure protocols


Practical Information Security Management

Formal security modelling and analysis
Penetration testing approaches and tools


Security technologies:

Firewalls and VPNs
Intrusion detection, scanning and analysis tools
Physical security controls


Implementing Information Security

Information security project management
Technical aspects
Non-technical aspects



Methods of Teaching / Learning

The learning and teaching strategy is designed to help students achieve the learning outcomes of the module through

• in-class discussions of case studies and news articles

• in-class group exercises

• individual assignment

• practical lab sessions

 

The learning and teaching methods include:

• Lectures (11 weeks at 1h)

• Tutorial, workshop or lab sessions (11 weeks at 2h)

 

Assessment Strategy

The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.

 

Thus, the summative assessment for this module consists of:

• An individual report analysing different ISM standards. This addresses LO1, 2, 3, 4

• An exam testing all LOs.

The individual coursework is due around week 9. The exam takes place at the end of the semester during the exam period.

 

Formative assessment and feedback

No formative assessment is provided but feedback is given during the class discussions, lab sessions and workshops and as part of the feedback provided for the summative assessments, e.g., lectures will conclude with an activity sheet and feedback will be provided on answers provided.

 

Reading list

Reading list for INFORMATION SECURITY MANAGEMENT : http://aspire.surrey.ac.uk/modules/comm037

Programmes this module appears in

Programme Semester Classification Qualifying conditions
Information and Process Systems Engineering MSc 1 Compulsory A weighted aggregate mark of 50% is required to pass the module
Information Security MSc 1 Compulsory A weighted aggregate mark of 50% is required to pass the module
Information Systems MSc 1 Optional A weighted aggregate mark of 50% is required to pass the module
Criminology and Social Research (Cybercrime and Cybersecurity) MSc 1 Core Each unit of assessment must be passed at 50% to pass the module

Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2017/8 academic year.