TThis module investigates the whole process of information security management and associated activities including the concepts used and practices prescribed by relevant standards, such as those defined by ISO/IEC. A holistic view of information security management is taken, including risk management, the formulation of security policies, business continuity and resilience.
Selected socio-technical topics that are important for information security management will also be covered. These shall include AAA (authentication, authorisation and accountability), important legal aspects especially data protection and privacy laws, data protection impact assessment, usability analysis and management, wider human factors in cyber security such as social engineering attacks and the importance of a positive cyber security culture for encouraging secure behaviours of employees and users.
Total contact hours: 30
Private study hours: 120
Total study hours: 150
Course work -50%
Examination - 50%
Taylor, A., Alexander, D., Finch, A. and Sutton, D., "Information Security Management Principles," 2019, 3rd edition, BCS.
Calder, A. and Watkins, S., “IT governance: an international guide to data security and ISO27001/ISO27002,” 2019, 7th edition, Kogan Page.
Sutton, D., “Information Risk Management: A practitioner's guide,” 2014, BCS.
Burnap, P., “Risk Management & Governance,” Version 1.1.1, 2021, https://www.cybok.org/media/downloads/Risk_Management_Governance_v1.1.1.pdf
Carolina, R., “Law & Regulation,” Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Law_Regulation_v1.0.2.pdf
Troncoso C., “Privacy & Online Rights,” Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Privacy_Online_Rights_v1.0.2.pdf
Sasse, M.A., and Rashid, A., Human Factors, Version 1.0.1, 2021, https://www.cybok.org/media/downloads/Human_Factors_v1.0.1.pdf
Debar, H., “Security Operations & Incident Management,” Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Security_Operations_Incident_Management_v1.0.2.pdf
Gollmann, D., “Authentication, Authorisation & Accountability,” Version 1.0.2, 2021, https://www.cybok.org/media/downloads/Authentication_Authorisation_Accountability_v1.0.2.pdf
Further readings (especially those on selected socio-technical topics) are provided with each lecture.
On successfully completing the module students will be able to:
1. Demonstrate systematic understanding of the importance of taking a systems-wide approach to maintaining cyber security, and the role of information security policies including those for security risk management.
2. Conceptually understand the motivation, design, operation, and management of modern systems for security management, including awareness of relevant human factors especially usability issues.
3. Show familiarity of legal issues on security and data protection, and relevant security (management) standards.
4. Demonstrate ability to analyse and evaluate the security and data protection legal requirements of an organisation.
5. Conceptually understand of how to deploy appropriate processes, techniques, and tools for developing and managing security systems.
6. Conceptually understand the basis of business continuity planning and management, and cyber resilience.
University of Kent makes every effort to ensure that module information is accurate for the relevant academic session and to provide educational services as described. However, courses, services and other matters may be subject to change. Please read our full disclaimer.
