Module title: Security, Audit and Compliance


SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSI10607
Module leader: Peter Cruickshank
School School of Computing
Subject area group: Creative and Social Informatics
Prerequisites

There are no pre-requisites for this module to be added


Description of module content:

12. Module Content
On this module you will examine the principles behind Information Security Management Systems, including the threats and compliance issues that face the owners and implementers of information systems. You will also learn about the roles of governance frameworks and the professions involved in information security including security managers, IS auditors and digital forensics experts.

Much of the module material addresses the impacts of the global nature of Information Technology, including the increasingly trans-national nature of the Internet and the societal and legal implications of this trend. The majority of the standards covered by the module are international, and the interaction of UK, European and US regulations are considered and contrasted.

To achieve the above objectives you will gain an in-depth knowledge of approaches to the management of information systems, taking into account the human, organisational and technical factors required to establish a secure system, starting from taking a risk-based approach to identifying, evaluating and prioritising weaknesses in an existing system.

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports.

Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Demonstrate an understanding of the roles and responsibilities of the professionals involved, including practical application of codes of practice/ethics.
LO2: Critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development.
LO3: Critically appraise the principles of information security management systems and the roles of risk management, controls and audit in supporting IS governance
LO4: Research, examine and evaluate relevant academic literature and real-world situations, identify issues and solutions and make recommendations to management
LO5: Demonstrate an ability to professionally present findings in a way that is appropriate for the intended audience

Indicative References and Reading List - URL:
Security Audit & Compliance - Myanmar