INFORMATION SECURITY MANAGEMENT - 2026/7
Module code: COM3017
Module Overview
Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails massages attempting different kinds of fraud. Vulnerabilities are everywhere. Some are obvious or well-known; others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. Moreover, security issues can potentially affect all of us, from innocent home users to companies and even governments.Security is not just a technical problem but needs to be embedded throughout an organisation to be effective. As such good security solutions build on a complete understanding of the values at stake, and the supporting business processes and requirements. This includes people as well as information systems and physical resources. Consequently, raising security awareness and embedding security within roles and policies is as important, if not more, as secure software. In short, secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills.
Module provider
Computer Science and Electronic Eng
Module Leader
DRAGAN Catalin (CS & EE)
Number of Credits: 15
ECTS Credits: 7.5
Framework: FHEQ Level 6
Module cap (Maximum number of students): N/A
Overall student workload
Workshop Hours: 30
Independent Learning Hours: 90
Guided Learning: 20
Captured Content: 10
Module Availability
Semester 1
Prerequisites / Co-requisites
None
Module content
The indicative content will be looking at:
- Introduction to Information Security: CIA triad (e.g., confidentiality, integrity, availability), business needs, Information Security components and characteristics, regulatory and legal requirements.
- Risk Management: risk identification (e.g., asset identification and valuation), business impact analysis, risk assessment (e.g., threats, vulnerabilities), risk treatment, risk appetite, residual risk.
- Incident Handling: incident response, business continuity plans management, disaster recovery, GRC incident management.
- Planning for Security: policies, standards, guidelines, methodologies, ISO 27000 series, NIST SP 800, SETA, design of security architecture (e.g., defence in depth, security by design).
Assessment pattern
| Assessment type | Unit of assessment | Weighting |
|---|---|---|
| School-timetabled exam/test | Class Test (1 hour) | 20 |
| Examination | Exam (2 hours) | 80 |
Alternative Assessment
N/A
Assessment Strategy
The assessment strategy is designed to provide students with the opportunity to demonstrate that they have achieved the module learning outcomes.
Thus, the summative assessment for this module consists of:
- one in-semester class test addressing L01 and L03
- one final examination addressing L02, L04, and L05
Formative assessment and feedback
Alongside the discussion and opportunity for Q&A in each seminar / workshop, there will be formative practice tests.
Module aims
- The module aims at raising the awareness for the wide range of security issues present in today's connected world and the managerial and organisational challenges a business must face when building a secure solution. It will equip the students with the analytical skills and knowledge to assess security in systems and organisations, and to incorporate appropriate levels of security.
Learning outcomes
| Attributes Developed | ||
| 001 | Identify and discuss the benefits of embedding security throughout an organisation | KCP |
| 002 | Be able to identify assets and threats, and assess risks | K |
| 003 | Have an understanding of how to relate and adapt information systems in general and security solutions in particular to specific business processes and requirements to meet overall goals | KCP |
| 004 | Be able to suggest and justify technical and non-technical solutions to security problems | KCPT |
| 005 | Be able to communicate clearly and unambiguously about security problems to other people in an organisation | PT |
Attributes Developed
C - Cognitive/analytical
K - Subject knowledge
T - Transferable skills
P - Professional/Practical skills
Methods of Teaching / Learning
The learning and teaching strategy is designed to help students achieve the learning outcomes of the module through
- lectures on core concepts,
- in-class discussions of case studies and news articles,
- in-class group exercises,
- individual directed study and background reading.
- workshops: interactive mix of lectures and seminars.
Indicated Lecture Hours (which may also include seminars, tutorials, workshops and other contact time) are approximate and may include in-class tests where one or more of these are an assessment on the module. In-class tests are scheduled/organised separately to taught content and will be published on to student personal timetables, where they apply to taken modules, as soon as they are finalised by central administration. This will usually be after the initial publication of the teaching timetable for the relevant semester.
Reading list
https://readinglists.surrey.ac.uk
Upon accessing the reading list, please search for the module using the module code: COM3017
Other information
Digital Capabilities
Computer Security is vital to all aspects of life and this module teaches both theory and practical skills to secure a system at the organisational level. It teaches students how to reason about and develop systems that are secure from the ground up. These skills are now fundamental to developing any large-scale computer system.
Employability
This module provides a standards-based approach to security that allows students to reason about assets and risks associated with these assets. Students are equipped with theory and practical problem-solving skills that allow them to work with and reason about security in computer and networked systems at the organisational level. Students will learn about securing business assets and assessing and managing risk in computer systems. These skills are highly valuable to employers.
Global and Cultural Skills
Computer Science is a global language and the tools and languages used on this module can be used internationally. This module allows students to develop skills that will allow them to reason about and develop secure applications with global reach and collaborate with their peers around the world. The global standards-based approach allows students to apply their skills internationally.
Resourcefulness and Resilience
This module involves practical problem-solving skills that teach a student how to reason about security in complex hardware and software systems taking a standards-based approach that is applicable to a wide range of everyday problems. Students are presented with realistic scenarios and work with their peers to identify assets and manage and mitigate risk.
Programmes this module appears in
| Programme | Semester | Classification | Qualifying conditions |
|---|---|---|---|
| Computer Science BSc (Hons) | 1 | Compulsory | A weighted aggregate mark of 40% is required to pass the module |
| Computing with Business Management BSc (Hons) | 1 | Compulsory | A weighted aggregate mark of 40% is required to pass the module |
| Computer Science MEng | 1 | Compulsory | A weighted aggregate mark of 40% is required to pass the module |
Please note that the information detailed within this record is accurate at the time of publishing and may be subject to change. This record contains information for the most up to date version of the programme / module for the 2026/7 academic year.