Teaching Responsibility
LJMU Schools involved in Delivery:
Computer Science and Mathematics
Learning Methods
Lecture
Tutorial
Module Offerings
5219COMP-SEP-CTY
Aims
To provide a detailed understanding of the main concepts of information security management.
To develop an appreciation of the process of information security management, including risk analysis, control analysis and post-event security.
To develop an awareness of the standards relating to information security management within enterprise environments, including legal and compliance issues.
Learning Outcomes
1.
Analyse security risks associated with a computer system using a standard methodology.
2.
Interpret legal, governance and compliance issues for information assurance.
3.
Identify success factors in information security management.
Module Content
Outline Syllabus:Concepts in Information Security; threats, vulnerabilities, attacks, models for discussing security, situational awareness, economic and business constraints, technology controls, human factors, ethics, 'cyber'.
Risk Assessment; understanding risk factors, methods for risk assessment, contemporary standards such as ISO, FAIR, and NIST.
Information Security Management: governance and compliance, 'Quality' and the need for audit, standards including PCI-DSS and ISO 27000.
Law: the UK legal system, cyber-crime and related laws including CMA, DPA, GDPR, RIPA. Security 'conflicts' relating to privacy, surveillance, control and free-speech.
Post-event Security: attacks, incident response, disaster recovery, forensics and the involvement of law enforcement.
Module Overview:
Information Security Management generally refers to the wide range of activities that information security practitioners engage in, although typically excludes the actual development of secure solutions through software development. In this module you will focus on security risk analysis, management and information governance, and compliance aspects of being an information security practitioner.
Information Security Management generally refers to the wide range of activities that information security practitioners engage in, although typically excludes the actual development of secure solutions through software development. In this module you will focus on security risk analysis, management and information governance, and compliance aspects of being an information security practitioner.
Additional Information:Information Security Management generally refers to the wide range of activities that information security practitioners engage in, although typically excludes the actual development of secure solutions through software development. In this module the focus is on the security risk analysis, management and information governance and compliance aspects of being an information security practitioner.