INFORMATION SECURITY FOR BUSINESS AND GOVERNMENT - 2021/2
Module code: COMM050
In light of the Covid-19 pandemic the University has revised its courses to incorporate the ‘Hybrid Learning Experience’ in a departure from previous academic years and previously published information. The University has changed the delivery (and in some cases the content) of its programmes. Further information on the general principles of hybrid learning can be found at: Hybrid learning experience | University of Surrey.
We have updated key module information regarding the pattern of assessment and overall student workload to inform student module choices. We are currently working on bringing remaining published information up to date to reflect current practice in time for the start of the academic year 2021/22.
This means that some information within the programme and module catalogue will be subject to change. Current students are invited to contact their Programme Leader or Academic Hive with any questions relating to the information available.
The field of Information security has continued to grow rapidly in the past few years. Cyber-crime and terrorism activities have spurred on many new research fields and activities in information security, particularly for applications in the commerce, government and defence sectors. These have resulted in many innovative developments and solutions to address some of the problems and issues related to security for software and systems. Unfortunately new innovations and technologies have also brought along a new set of security concerns and problems, for example, such as security loopholes and attacks that are frequently associated with common operating systems, databases and networks.
This module will be presented by security experts from government and industry to provide the students with knowledge and their perspective on the latest innovation and technologies, as well as problems and concerns associated with information security. These lectures will cover security issues with business and government IT systems, developer concerns, common practices for information security and risk management, assurance and audit, legislation frameworks for data protection and privacy.
CROSSAN Andrew (Computer Sci)
Number of Credits: 15
ECTS Credits: 7.5
Framework: FHEQ Level 7
JACs code: I200
Module cap (Maximum number of students): N/A
Overall student workload
Lecture Hours: 18
Tutorial Hours: 18
Prerequisites / Co-requisites
ISM - COMM037
The module content will be organised around industry themes. Indicative content includes:
Business IT security requirements and developer issues (incl. information security planning processes)
Information security management in business and government organisations (incl. ISO27001 guidelines, incident management and handling ISO27002 guidelines)
Information security risk assessment and management (incl. ISO27005 guidelines)
Information security planning, disaster recovery strategies, backup and logging
Information security assurance and audit practices in business and organisations (incl. ISO 27007 guidelines)
Information security certification frameworks (incl. ISO 15408 Common Criteria)
Data protection and privacy legislation (incl. regulations on the use and disseminations of information security technologies)
Intellectual property and copyright (incl. security and concerns in information sharing)
|Assessment type||Unit of assessment||Weighting|
Individual coursework as alternative to coursework 1 (group) and coursework 2
The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.
Thus, the summative assessment for this module consists of:
Coursework I (group) focussing on the creation of an artefact for a security topic from the expert lecturers and students wider research. This addresses LO1-4. This will also include delivery of a presentation to peers and an expert guest assessor on the same security topic as CW1. This addresses LO1-5
Coursework 2 (group) focussing on the creation of an artefact for a security topic from the expert lecturers and students wider research. This addresses LO1-4. This will also include delivery of a presentation to peers and an expert guest assessor on the same security topic as CW2. This addresses LO1-5
Formative assessment and feedback
Feedback indicating the strengths and weaknesses will be given on individual project reports, group submission and oral presentations.
- This module will provide the students with a comprehensive insight into the latest technological solutions, applications, problems and concerns related to information security. It will consist of a series of lectures presented by security experts from government and industry. These lectures will cover various security issues with business and government IT systems, system architecture, developer concerns, information assurance and risk management, and information sharing. By working on group projects students will obtain hands-on knowledge and experience from industrial experts on the latest technologies and applications, problems and concerns related to information security.
|001||Contrast and evaluate the latest innovations and technologies in information security||KC|
|002||Recognise the benefits, concerns and problems associated with computer and IT security systems||KCT|
|003||Describe and design relevant functions within a security platform/system based on topics covered by industrial experts||KPT|
|004||Gain awareness of relevant functions within a security platform / system and trends relating to these, based on topics covered by industrial experts||KPT|
|005||Engage in and lead communications about security related topics with a range of stakeholders.||CPT|
C - Cognitive/analytical
K - Subject knowledge
T - Transferable skills
P - Professional/Practical skills
Methods of Teaching / Learning
The learning and teaching strategy is designed to:
- Help students to understand the latest technological solutions, applications, problems and concerns related to information security
- Enable students to critically judge and make informed decision about the adoption of security solutions and applications for business and government IT systems
The learning and teaching methods include:
- Lectures and example classes involving experts from industry and government (10 weeks at 2h)
- 10 hours of work on group project related to a selected security area from the expert lectures. The project documentation will comprise a presentation/report on a randomly selected theme from expert lectures with literature survey, in-depth interpretation and analysis, a group poster presentation, a group oral presentation and weekly summaries of lectures.
Students will be expected to distribute the remaining workload on self-study, preparation for lectures and submission of the project documentation.
Indicated Lecture Hours (which may also include seminars, tutorials, workshops and other contact time) are approximate and may include in-class tests where one or more of these are an assessment on the module. In-class tests are scheduled/organised separately to taught content and will be published on to student personal timetables, where they apply to taken modules, as soon as they are finalised by central administration. This will usually be after the initial publication of the teaching timetable for the relevant semester.
Upon accessing the reading list, please search for the module using the module code: COMM050
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2021/2 academic year.