INFORMATION SECURITY FOR BUSINESS AND GOVERNMENT - 2017/8
Module code: COMM050
HO AT Prof (Computer Sci)
Number of Credits
FHEQ Level 7
Module cap (Maximum number of students)
Overall student workload
Lecture Hours: 24
Tutorial Hours: 12
|Assessment type||Unit of assessment||Weighting|
Individual coursework as alternative to coursework 1 (group)
Prerequisites / Co-requisites
The field of Information security has continued to grow rapidly in the past few years. Cyber-crime and terrorism activities have spurred on many new research fields and activities in information security, particularly for applications in the commerce, government and defence sectors. These have resulted in many innovative developments and solutions to address some of the problems and issues related to security for software and systems. Unfortunately new innovations and technologies have also brought along a new set of security concerns and problems, for example, such as security loopholes and attacks that are frequently associated with common operating systems, databases and networks.
This module will be presented by security experts from government and industry to provide the students with knowledge and their perspective on the latest innovation and technologies, as well as problems and concerns associated with information security. These lectures will cover security issues with business and government IT systems, developer concerns, common practices for information security and risk management, assurance and audit, legislation frameworks for data protection and privacy.
This module will provide the students with a comprehensive insight into the latest technological solutions, applications, problems and concerns related to information security. It will consist of a series of lectures presented by security experts from government and industry. These lectures will cover various security issues with business and government IT systems, system architecture, developer concerns, information assurance and risk management, and information sharing. By working on group projects students will obtain hands-on knowledge and experience from industrial experts on the latest technologies and applications, problems and concerns related to information security.
|Have a good knowledge of how to architect a real-time web application||KCPT|
|Contrast and evaluate the latest innovations and technologies in information security||KC|
|Recognise the benefits, concerns and problems associated with computer and IT security systems||KCT|
|Describe and design relevant functions within a security platform/system based on topics covered by industrial experts||KPT|
C - Cognitive/analytical
K - Subject knowledge
T - Transferable skills
P - Professional/Practical skills
Business IT security requirements and developer issues (incl. information security planning processes)
Information security management in business and government organisations (incl. ISO27001 guidelines, incident management and handling ISO27002 guidelines)
Information security risk assessment and management (incl. ISO27005 guidelines)
Information security planning, disaster recovery strategies, backup and logging
Information security assurance and audit practices in business and organisations (incl. ISO 27007 guidelines)
Information security certification frameworks (incl. ISO 15408 Common Criteria)
Data protection and privacy legislation (incl. regulations on the use and disseminations of information security technologies)
Intellectual property and copyright (incl. security and concerns in information sharing)
Methods of Teaching / Learning
The learning and teaching strategy is designed to:
Help students to understand the latest technological solutions, applications, problems and concerns related to information security
Enable students to critically judge and make informed decision about the adoption of security solutions and applications for business and government IT systems
The learning and teaching methods include:
Lectures and example classes involving experts from industry and government (10 weeks at 2h)
10 hours of work on a group project related to a selected security area from the expert lectures. The project documentation will comprise anindividual report (5000 words) on a randomly selected theme from expert lectures with literature survey, in-depth interpretation and analysis, a group poster presentation, a group oral presentation and weekly summaries of lectures.
Students will be expected to distribute the remaining workload on self-study, preparation for lectures and submission of the project documentation.
The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.
Thus, the summative assessment for this module consists of:
Coursework I (group) focusing on a creation of a poster and its oral presentation for a randomly selected security topic from the given expert lectures. This addresses LO2 and LO3.
Coursework II (individual) focusing on preparation on an individual project report
Coursework III (individual) focusing on preparation of weekly lecture summaries for three selected expert lectures. This addresses LO1 and LO2.
Coursework I (group) will be assessed jointly by the module convenor and the guest lecturers.
Formative assessment and feedback
Feedback indicating the strengths and weaknesses will be given on individual project reports, group poster and oral presentations.
Reading list for INFORMATION SECURITY FOR BUSINESS AND GOVERNMENT : http://aspire.surrey.ac.uk/modules/comm050
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2017/8 academic year.