INFORMATION SECURITY MANAGEMENT - 2022/3
Module code: COM3017
In light of the Covid-19 pandemic the University has revised its courses to incorporate the ‘Hybrid Learning Experience’ in a departure from previous academic years and previously published information. The University has changed the delivery (and in some cases the content) of its programmes. Further information on the general principles of hybrid learning can be found at: Hybrid learning experience | University of Surrey.
We have updated key module information regarding the pattern of assessment and overall student workload to inform student module choices. We are currently working on bringing remaining published information up to date to reflect current practice in time for the start of the academic year 2021/22.
This means that some information within the programme and module catalogue will be subject to change. Current students are invited to contact their Programme Leader or Academic Hive with any questions relating to the information available.
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails massages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments.
Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills.
This module aims at raising the awareness for the wide range of security issues present in today’s connected world and the managerial and organisational challenges a business must face when building a secure solution.
FORTESCUE Paul (Computer Sci)
Number of Credits: 15
ECTS Credits: 7.5
Framework: FHEQ Level 6
JACs code: I260
Module cap (Maximum number of students): N/A
Overall student workload
Independent Learning Hours: 125
Seminar Hours: 10
Captured Content: 15
Prerequisites / Co-requisites
- Introduction to Information Security
- The business need for security:
- Confidentiality, availability, integrity et al
- Components of an information system
- Regulatory environment
- System and security development lifecycles
- Risk Management
- Risk Management terminology: Agents, threats, vulnerabilities, etc
- Risk Identification, assessment (quantitative and qualitative)
- Risk appetite and residual risk
- Selecting a risk control strategy
- Planning for Security
- Methodologies for Information Security Evaluation and Assurance
- ISO 27000, Common Criteria, NIST
- Security education and training
- Continuity strategies
- The role of cryptography in security
- Cryptographic algorithms and their application
- Cryptographic tools, PKI, digital signatures
- Examples of secure protocols
- Security technologies:
- Firewalls and VPNs
- Intrusion detection, scanning and analysis tools
- Physical security controls
- Implementing Information Security
- Information security project management
- Technical aspects & Non-technical aspects
- Security operations
|Assessment type||Unit of assessment||Weighting|
|GRADED ONLINE QUIZ WEEK 7 (1HR IN 4 4HR WINDOW)||20|
|GRADED ONLINE QUIZ WEEK 11 (1HR IN 4 4HR WINDOW)||20|
|ONLINE (OPEN BOOK) EXAM WITHIN 4HR WINDOW||60|
The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.
Thus, the summative assessment for this module consists of:
- two in class tests designed to assess students recall and understanding of the module subject matter
- a final unseen examination, designed to be 'Open Book' and to assess students' ability to apply the taught material to a scenario.
The tests will take place around week 7 and week 11 of the semester
Formative assessment and feedback
Alongside the discussion and opportunity for Q&A in each seminar / workshop, there will be practice test, similar in style and substance to the summative tests provided each week.
- The aim of the module is to equip the students with the analytical skills and knowledge to assess security in systems and organisations, and to incorporate appropriate levels of security in the various steps of a systems lifecycle.
|001||Identify and discuss the benefits of embedding security throughout an organisation||KCP|
|002||Be able to identify assets and threats, and assess risks||K|
|003||Have an understanding of how to relate and adapt information systems in general and security solutions in particular to specific business processes and requirements to meet overall goals||KCP|
|004||Be able to suggest and justify technical and non-technical solutions to security problems||KCPT|
|005||Be able to communicate clearly and unambiguously about security problems to other people in an organisation||PT|
C - Cognitive/analytical
K - Subject knowledge
T - Transferable skills
P - Professional/Practical skills
Methods of Teaching / Learning
The learning and teaching strategy is designed to help students achieve the learning outcomes of the module through
- in-class discussions of case studies and news articles
- in-class group exercises
- individual directed study and background reading
The learning and teaching methods include:
- Lectures (11 weeks at 1-1.5hrs)
- Tutorial, workshop or lab sessions (5 weeks at 2h)
- Online formative tests to give feedback on understanding and progress
Indicated Lecture Hours (which may also include seminars, tutorials, workshops and other contact time) are approximate and may include in-class tests where one or more of these are an assessment on the module. In-class tests are scheduled/organised separately to taught content and will be published on to student personal timetables, where they apply to taken modules, as soon as they are finalised by central administration. This will usually be after the initial publication of the teaching timetable for the relevant semester.
Upon accessing the reading list, please search for the module using the module code: COM3017
Programmes this module appears in
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2022/3 academic year.