Teaching Responsibility
LJMU Schools involved in Delivery:
LJMU Partner Taught
Learning Methods
Lecture
Seminar
Module Offerings
7539CYQR-APR-PAR
7539CYQR-JAN-PAR
7539CYQR-SEP-PAR
Aims
To develop a deep appreciation of information security problems
To develop skills relating to security risk assessment and control analysis
To develop an appreciation of the complexity of using standards such as ISO-27001
To gain experience in engaging in debates around legal, ethical and professional issues relating to information security.
Learning Outcomes
1.
Critically evaluate a complex information system in terms of its security
2.
Apply security risk assessment methods to a complex information system.
3.
Show critical awareness of the significant challenges involved in managing information security processes using standards
4.
Appreciate complex legal and ethical situations relating to information system security
Module Content
Outline Syllabus:Concepts in information management: information, management, processes, human factors, standards, compliance.
Security fundamentals: threats, vulnerabilities, attacks, risk, models for security, defence, controls, and constraints (e.g. economic/business) on managing security.
Understanding Information Security Management: risk assessment, policy, controls, personnel, education, monitoring and review, compliance, assurance.
Risk Management and Risk Assessment
Standards for ISM: ISO/27001 and PCI-DSS
Digital forensics, incident response, business continuity.
Legal constraints: data protection and privacy, intellectual property, computer misuse, surveillance, fraud.
Professional issues: ethics, privacy, professional bodies, certification.
Additional Information:The term Information Security Management generally refers to the wide range of ongoing processes that information security practitioners engage in, although typically excludes development of solutions through software development. The module will develop analysis skills in understanding security threats, vulnerabilities, attacks and risks, as well as focussing is on management standards (such as PCI-DSS and ISO27001) and information governance, compliance, ethical and legal aspects of being an information security professional.
Assessments
Exam
Report