This module investigates the whole process of information security management and associated activities including the concepts used and practices prescribed by relevant standards, such as those defined by ISO/IEC. A holistic view of information security management is taken, including risk management, the formulation of security policies, business continuity and resilience. Selected socio-technical topics that are important for information security management will also be covered. These shall include AAA (authentication, authorisation and accountability), important legal aspects especially data protection and privacy laws, data protection impact assessment, usability analysis and management, wider human factors in cyber security such as social engineering attacks and the importance of a positive cyber security culture for encouraging secure behaviours of employees and users.
Total contact hours: 30
Private study hours: 120
Total study hours: 150
50% Coursework and 50% Examination
Sutton, D., "Information Risk Management: A practitioner's guide," 2014, BCS.
Burnap, P., "Risk Management & Governance," Version 1.1.1, 2021, https://www.cybok.org/media/downloads/Risk_Management_Governance_v1.1.1.pdf
Carolina, R., "Law & Regulation," Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Law_Regulation_v1.0.2.pdf
Troncoso C., "Privacy & Online Rights," Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Privacy_Online_Rights_v1.0.2.pdf
Sasse, M.A., and Rashid, A., Human Factors, Version 1.0.1, 2021, https://www.cybok.org/media/downloads/Human_Factors_v1.0.1.pdf
Debar, H., "Security Operations & Incident Management," Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Security_Operations_Incident_Management_v1.0.2.pdf
Gollmann, D., “Authentication, Authorisation & Accountability,” Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Authentication_Authorisation_Accountability_v1.0.2.pdf
See the library reading list for this module (Canterbury)
On successfully completing the module students will be able to:
1 Demonstrate systematic understanding and critical awareness of the importance of taking a systems-wide approach to maintaining cyber security, and the role of information security policies including those for security risk management.
2 Comprehensively understand the motivation, design, operation, and management of modern systems for security management, including awareness of relevant human factors especially usability issues.
3 Show appreciation of legal issues on security and data protection, and relevant security (management) standards.
4 Analyse and evaluate critically the security and data protection legal requirements of an organisation.
5 Demonstrate systematic understanding of appropriate processes, techniques, and tools for developing and managing security systems.
6 Understand the basis of business continuity planning and management, and cyber resilience.
University of Kent makes every effort to ensure that module information is accurate for the relevant academic session and to provide educational services as described. However, courses, services and other matters may be subject to change. Please read our full disclaimer.
