Information Security Management - COMP8340

Looking for a different module?

Module delivery information

Location Term Level1 Credits (ECTS)2 Current Convenor3 2024 to 2025
Spring Term 7 15 (7.5) Shujun Li checkmark-circle


This module investigates the whole process of information security management and associated activities including the concepts used and practices prescribed by relevant standards, such as those defined by ISO/IEC. A holistic view of information security management is taken, including risk management, the formulation of security policies, business continuity and resilience. Selected socio-technical topics that are important for information security management will also be covered. These shall include AAA (authentication, authorisation and accountability), important legal aspects especially data protection and privacy laws, data protection impact assessment, usability analysis and management, wider human factors in cyber security such as social engineering attacks and the importance of a positive cyber security culture for encouraging secure behaviours of employees and users.


Contact hours

Total contact hours: 30
Private study hours: 120
Total study hours: 150

Method of assessment

50% Coursework and 50% Examination

Indicative reading

Sutton, D., "Information Risk Management: A practitioner's guide," 2014, BCS.

Burnap, P., "Risk Management & Governance," Version 1.1.1, 2021,

Carolina, R., "Law & Regulation," Version 1.0.2, 2021,

Troncoso C., "Privacy & Online Rights," Version 1.0.2, 2021,
Sasse, M.A., and Rashid, A., Human Factors, Version 1.0.1, 2021,

Debar, H., "Security Operations & Incident Management," Version 1.0.2, 2021,

Gollmann, D., “Authentication, Authorisation & Accountability,” Version 1.0.2, 2021,

See the library reading list for this module (Canterbury)

Learning outcomes

On successfully completing the module students will be able to:
1 Demonstrate systematic understanding and critical awareness of the importance of taking a systems-wide approach to maintaining cyber security, and the role of information security policies including those for security risk management.
2 Comprehensively understand the motivation, design, operation, and management of modern systems for security management, including awareness of relevant human factors especially usability issues.
3 Show appreciation of legal issues on security and data protection, and relevant security (management) standards.
4 Analyse and evaluate critically the security and data protection legal requirements of an organisation.
5 Demonstrate systematic understanding of appropriate processes, techniques, and tools for developing and managing security systems.
6 Understand the basis of business continuity planning and management, and cyber resilience.


  1. Credit level 7. Undergraduate or postgraduate masters level module.
  2. ECTS credits are recognised throughout the EU and allow you to transfer credit easily from one university to another.
  3. The named convenor is the convenor for the current academic session.
Back to top

University of Kent makes every effort to ensure that module information is accurate for the relevant academic session and to provide educational services as described. However, courses, services and other matters may be subject to change. Please read our full disclaimer.