Information Security Management - COMP8340

Looking for a different module?

Module delivery information

Location Term Level1 Credits (ECTS)2 Current Convenor3 2021 to 2022
Spring Term 7 15 (7.5) Shujun Li checkmark-circle


This module investigates the whole process of information security management and associated activities including the concepts used and practices prescribed by relevant standards, such as those defined by ISO/IEC. A holistic view of information security management is taken, including risk management, the formulation of security policies, business continuity and resilience.
Technical subjects include a description of the various security models, and showing how authorisation policies can be automatically enforced. The legal and data protection issues associated with information management are also addressed, as are the usability issues of security technologies.


Contact hours

Total contact hours: 42
Private study hours: 108
Total study hours: 150

Method of assessment

50% Coursework and 50% Examination

Group presentations (20%)
Final essay (30%)
Examination, 2 hours (50%)

Indicative reading

Taylor, A., Alexander, D., Finch, A. and Sutton, D., "Information Security Management Principles", 2019, 3rd edition, BCS.
Calder, A. and Watkins, S., "IT governance: an international guide to data security and ISO27001/ISO27002", 2019, 7th edition, Kogan Page.
Sutton, D., "Information Risk Management: A practitioner's guide," 2014, BCS.

See the library reading list for this module (Canterbury)

Learning outcomes

On successfully completing the module students will be able to:
1 Demonstrate systematic understanding of the importance of taking a systems-wide approach to maintaining cyber security, and the role of security risk management.
2 Comprehensively understand the motivation, design, operation and management of modern systems for security management, including awareness of relevant human
factors especially usability issues.
3 Show familiarity of legal issues on security and data protection, and relevant security (management) standards.
4 Analyse and evaluate critically the security and data protection requirements of an organisation.
5 Apply and critically modern security by design principles to develop solutions to real world secure systems problems.
6 Demonstrate awareness of appropriate processes, techniques and tools for developing and managing security systems.
7 Understand the basis of business continuity planning and management, and cyber resilience.


  1. Credit level 7. Undergraduate or postgraduate masters level module.
  2. ECTS credits are recognised throughout the EU and allow you to transfer credit easily from one university to another.
  3. The named convenor is the convenor for the current academic session.
Back to top

University of Kent makes every effort to ensure that module information is accurate for the relevant academic session and to provide educational services as described. However, courses, services and other matters may be subject to change. Please read our full disclaimer.