Teaching Responsibility

LJMU Schools involved in Delivery:

LJMU Partner Taught

Learning Methods

Lecture
Seminar

Module Offerings

7539CYQR-APR-PAR
7539CYQR-JAN-PAR
7539CYQR-SEP-PAR

Aims

To develop a deep appreciation of information security problems To develop skills relating to security risk assessment and control analysis To develop an appreciation of the complexity of using standards such as ISO-27001 To gain experience in engaging in debates around legal, ethical and professional issues relating to information security.

Learning Outcomes

1.
Critically evaluate a complex information system in terms of its security
2.
Apply security risk assessment methods to a complex information system.
3.
Show critical awareness of the significant challenges involved in managing information security processes using standards
4.
Appreciate complex legal and ethical situations relating to information system security

Module Content

Outline Syllabus:Concepts in information management: information, management, processes, human factors, standards, compliance. Security fundamentals: threats, vulnerabilities, attacks, risk, models for security, defence, controls, and constraints (e.g. economic/business) on managing security. Understanding Information Security Management: risk assessment, policy, controls, personnel, education, monitoring and review, compliance, assurance. Risk Management and Risk Assessment Standards for ISM: ISO/27001 and PCI-DSS Digital forensics, incident response, business continuity. Legal constraints: data protection and privacy, intellectual property, computer misuse, surveillance, fraud. Professional issues: ethics, privacy, professional bodies, certification.
Additional Information:The term Information Security Management generally refers to the wide range of ongoing processes that information security practitioners engage in, although typically excludes development of solutions through software development. The module will develop analysis skills in understanding security threats, vulnerabilities, attacks and risks, as well as focussing is on management standards (such as PCI-DSS and ISO27001) and information governance, compliance, ethical and legal aspects of being an information security professional.

Assessments

Exam
Report