INFORMATION SECURITY FOR BUSINESS AND GOVERNMENT - 2019/0

Module code: COMM050

Module Overview

The field of Information security has continued to grow rapidly in the past few years. Cyber-crime and terrorism activities have spurred on many new research fields and activities in information security, particularly for applications in the commerce, government and defence sectors. These have resulted in many innovative developments and solutions to address some of the problems and issues related to security for software and systems. Unfortunately new innovations and technologies have also brought along a new set of security concerns and problems, for example, such as security loopholes and attacks that are frequently associated with common operating systems, databases and networks.
This module will be presented by security experts from government and industry to provide the students with knowledge and their perspective on the latest innovation and technologies, as well as problems and concerns associated with information security. These lectures will cover security issues with business and government IT systems, developer concerns, common practices for information security and risk management, assurance and audit, legislation frameworks for data protection and privacy.

 

Module provider

Computer Science

Module Leader

CROSSAN Andrew (Computer Sci)

Number of Credits: 15

ECTS Credits: 7.5

Framework: FHEQ Level 7

Module cap (Maximum number of students): N/A

Overall student workload

Lecture Hours: 18

Tutorial Hours: 18

Module Availability

Semester 2

Prerequisites / Co-requisites

ISM - COMM037

Module content

The module content will be organised around industry themes. Indicative content includes:



  • Business IT security requirements and developer issues (incl. information security planning processes)


  • Information security management in business and government organisations (incl. ISO27001 guidelines, incident management and handling ISO27002 guidelines)


  • Information security risk assessment and management (incl. ISO27005 guidelines)


  • Information security planning, disaster recovery strategies, backup and logging


  • Information security assurance and audit practices in business and organisations (incl. ISO 27007 guidelines)


  • Information security certification frameworks (incl. ISO 15408 Common Criteria)


  • Data protection and privacy legislation (incl. regulations on the use and disseminations of information security technologies)


  • Intellectual property and copyright (incl. security and concerns in information sharing)


Assessment pattern

Assessment type Unit of assessment Weighting
Coursework COURSEWORK 1 40
Coursework COURSEWORK 2 60

Alternative Assessment

Individual coursework as alternative to coursework 1 (group) and coursework 2

Assessment Strategy

The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.

Thus, the summative assessment for this module consists of:

Coursework I (group) focussing on the creation of an artefact for a security topic from the expert lecturers and students wider research. This addresses LO1-4. This will also include delivery of a presentation to peers and an expert guest assessor on the same security topic as CW1. This addresses LO1-5

Coursework 2 (group) focussing on the creation of an artefact for a security topic from the expert lecturers and students wider research. This addresses LO1-4. This will also include delivery of a presentation to peers and an expert guest assessor on the same security topic as CW2. This addresses LO1-5

Formative assessment and feedback

Feedback indicating the strengths and weaknesses will be given on individual project reports, group submission and oral presentations.
 

Module aims

  • This module will provide the students with a comprehensive insight into the latest technological solutions, applications, problems and concerns related to information security. It will consist of a series of lectures presented by security experts from government and industry. These lectures will cover various security issues with business and government IT systems, system architecture, developer concerns, information assurance and risk management, and information sharing. By working on group projects students will obtain hands-on knowledge and experience from industrial experts on the latest technologies and applications, problems and concerns related to information security.

Learning outcomes

Attributes Developed
001 Contrast and evaluate the latest innovations and technologies in information security KC
002 Recognise the benefits, concerns and problems associated with computer and IT security systems KCT
003 Describe and design relevant functions within a security platform/system based on topics covered by industrial experts KPT
004 Gain awareness of relevant functions within a security platform / system and trends relating to these, based on topics covered by industrial experts KPT
005 Engage in and lead communications about security related topics with a range of stakeholders. CPT

Attributes Developed

C - Cognitive/analytical

K - Subject knowledge

T - Transferable skills

P - Professional/Practical skills

Methods of Teaching / Learning

The learning and teaching strategy is designed to:


  • Help students to understand the latest technological solutions, applications, problems and concerns related to information security

  • Enable students to critically judge and make informed decision about the adoption of security solutions and applications for business and government IT systems



The learning and teaching methods include:


  • Lectures and example classes involving experts from industry and government (10 weeks at 2h)

  • 10 hours of work on group project related to a selected security area from the expert lectures. The project documentation will comprise a presentation/report on a randomly selected theme from expert lectures with literature survey, in-depth interpretation and analysis, a group poster presentation, a group oral presentation and weekly summaries of lectures.



Students will be expected to distribute the remaining workload on self-study, preparation for lectures and submission of the project documentation.

 

Indicated Lecture Hours (which may also include seminars, tutorials, workshops and other contact time) are approximate and may include in-class tests where one or more of these are an assessment on the module. In-class tests are scheduled/organised separately to taught content and will be published on to student personal timetables, where they apply to taken modules, as soon as they are finalised by central administration. This will usually be after the initial publication of the teaching timetable for the relevant semester.

Reading list

https://readinglists.surrey.ac.uk
Upon accessing the reading list, please search for the module using the module code: COMM050

Programmes this module appears in

Programme Semester Classification Qualifying conditions
Criminology (Cybercrime and Cybersecurity) MSc 2 Core Each unit of assessment must be passed at 50% to pass the module
Information Systems MSc 2 Compulsory A weighted aggregate mark of 50% is required to pass the module
Information Security MSc 2 Optional A weighted aggregate mark of 50% is required to pass the module
Data Science MSc 2 Optional A weighted aggregate mark of 50% is required to pass the module

Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2019/0 academic year.