COMPGA14 - Information Security Management

This database contains the 2017-18 versions of syllabuses. Syllabuses from the 2016-17 session are available here.

Note: Whilst every effort is made to keep the syllabus and assessment records correct, the precise details must be checked with the lecturer(s).

Code COMPGA14
Year MSc
Prerequisites None
Term 2
Taught By Paul Jennings (100%)
Aims The course will provide the student with an understanding of the principles of information security management that are commonly used in business. It will introduce the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.
Learning Outcomes The successful participant will:
  • have an understanding of the key themes and principles of information security management and be able to apply these principles in designing solutions to managing security risks effectively;
  • understand how to apply the principles of information security management in a variety of contexts;
  • have an appreciation of the interrelationship between the various elements of information security management and its role in protecting organisations.

Content

The course covers the principles of applied information security management and is suitable for those who are looking for an in-depth understanding of security management in medium to large organisations. The course comprises the following topics: governance and security policy, threat and vulnerability management, incident management, risk management, information leakage, crisis management and business continuity, legal and compliance, security awareness and security implementation considerations.

Under these broad headings, the following areas covered: ISO 27000 series and the Plan-Do-Check-Act model, assessment of threats and vulnerabilities, incident response, forensics and investigations, risk assessment and risk management frameworks, dealing with classified/ sensitive data, contingency planning, legal and regulatory drivers and issues, certification, common criteria, securiy awareness, education and training, and practical considerations when implementing the frameworks to address current and future threats.

Method of Instruction

The module is delivered through a combination of lectures, classroom exercises and group discussion.

Assessment

The module has the following assessments:

  • Unseen written examination (2.5 hours) (75%)
  • Coursework (25%)

To pass this course, students must:

  • Obtain a mark of at least 50% for the module overall.

Resources

Reading list available via the UCL Library catalogue.