COMPGA14 - Information Security Management

This database contains 2016-17 versions of the syllabuses. For current versions please see here.

Year MSc
Prerequisites None
Term 2
Taught By Paul Jennings (100%)
Aims The course will provide the student with an understanding of the principles of information security management that are commonly used in business. It will introduce the student to commonly used frameworks and methods and explore critically the suitability and appropriateness of these for addressing today's organisational security needs.
Learning Outcomes The successful participant will:
  • have an understanding of the key themes and principles of information security management and be able to apply these principles in designing solutions to managing security risks effectively;
  • understand how to apply the principles of information security management in a variety of contexts;
  • have an appreciation of the interrelationship between the various elements of information security management and its role in protecting organisations.


The course covers the principles of applied information security management and is suitable for those who are looking for an in-depth understanding of security management in medium to large organisations. The course comprises the following topics: governance and security policy, threat and vulnerability management, incident management, risk management, information leakage, crisis management and business continuity, legal and compliance, security awareness and security implementation considerations.

Under these broad headings, the following areas covered: ISO 27000 series and the Plan-Do-Check-Act model, assessment of threats and vulnerabilities, incident response, forensics and investigations, risk assessment and risk management frameworks, dealing with classified/ sensitive data, contingency planning, legal and regulatory drivers and issues, certification, common criteria, securiy awareness, education and training, and practical considerations when implementing the frameworks to address current and future threats.

Method of Instruction:

The module is delivered through a combination of lectures, classroom exercises and group discussion.


The module has the following assessments:

  • Unseen written examination (2.5 hours) (75%)
  • Coursework (25%)

To pass this course, students must:

  • Obtain a mark of at least 50% for the module overall.




Resources can be found on Moodle.