Module title: Security, Audit and Compliance


SCQF level: 10:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: CSI10607
Module leader: Peter Cruickshank
School School of Computing
Subject area group: Creative and Social Informatics
Prerequisites

N/A

2018/9, Trimester 3, FACE-TO-FACE,
Occurrence: 002
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MYANMAR
Partner:
Member of staff responsible for delivering module: Peter Cruickshank
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
The module will be introduced by an Edinburgh Napier lecturer who will deliver an initial 25 hours of lectures, practical work and
tutorials. The additional hours will be delivered by our partner Info Myanmar College (IMC). The module will run over 5
consecutive weeks with the later four weeks being delivered by IMC staff. Lectures are used to introduce underlying principles
and the tutorial work is used to broaden & develop deeper understanding of the subject area. This is mixed with studentcentred
work, such as research questions and online exercises, as well as group activities such as discussion groups, group
presentation exercises, and peer review.
The module makes extensive use of published research papers in the development of students’ understanding of the domain.
Advantage is taken of links to professional auditing organisations and the excellent reputation of the School in the field of
information security and organisational behaviour, particularly research being carried in conjunction with the beneficiaries of
effective compliance frameworks, such as the police and the financial services industry.
Tutorials and online forums include conventional discussion-based sessions (LOs1, 2, 4), real-world case study analysis (LOs
3, 4) and evaluation of relevant academic and research material (LOs 1-5). Tutorials make extensive use of group work and
presentations, and online quizzes and discussion will be encouraged to support students.
Embedding of employability/PDP/Scholarship skills
This module addresses employability at a high level. Students’ information literacy, employability and scholarship skills are also
enhanced by the development of critical reading and writing skills required.
The issues covered are central to the development of students as professionals both in terms of their personal development
and their path to professional accreditation. The module supported by ISACA training material (including real world case
studies) and the possibility of passing a professional exam (CISA or CISM) as a result can only enhance employability.

Formative Assessment:
Formative feedback will be provided throughout the module through feedback on the self-assessment questions and case
studies, both of which will have outline solutions available. This will enable students to self-assess their understanding and
progress. Appropriate online feedback will be available automatically and immediately after the assessment is completed.
Reflective exercises throughout the module will require students to apply the delivered concepts and theory to their own
experiences and circumstances and these reflections will be captured in an online portfolio that students will be able to review
and print. Ten end of unit progress tests offer further formative feedback.
Further formative assessment takes place during the tutorial sessions which run alongside the lectures, allowing group
discussion of the material. Use of distance learning tools to support learning will also be employed.
As the module is delivered in a block over 5 consecutive weeks, standard Academic Calendar weeks and trimesters are not
applicable for the tables below.


Summative Assessment:
Summative assessment will be provided throughout the module in the form of one component, with two elements. The first
element is a literature review of current research (LO 2,4,5; during week 3). The second assessment will be an assignment that
explicitly assesses an aspect of risk management (LO 1,3,4,5; at the end of week 5).
Sample assessments will be available together with model answers and marking schemes to facilitate self-assessment of your
knowledge and understanding, and identification of areas of weakness to aid preparation for the assessment. Summative
feedback is given as part of the marking process.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Tutorial 26
Independent Learning Guided independent study 150
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Essay 30 2,4,5 1 HOURS= 0, WORDS= 1000
Report 70 1,3,4,5 1 HOURS= 0, WORDS= 2500
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100
2019/0, Trimester 1, FACE-TO-FACE,
Occurrence: 001
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MYANMAR
Partner:
Member of staff responsible for delivering module: Peter Cruickshank
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
The module will be introduced by an Edinburgh Napier lecturer who will deliver an initial 25 hours of lectures, practical work and
tutorials. The additional hours will be delivered by our partner Info Myanmar College (IMC). The module will run over 5
consecutive weeks with the later four weeks being delivered by IMC staff. Lectures are used to introduce underlying principles
and the tutorial work is used to broaden & develop deeper understanding of the subject area. This is mixed with studentcentred
work, such as research questions and online exercises, as well as group activities such as discussion groups, group
presentation exercises, and peer review.
The module makes extensive use of published research papers in the development of students’ understanding of the domain.
Advantage is taken of links to professional auditing organisations and the excellent reputation of the School in the field of
information security and organisational behaviour, particularly research being carried in conjunction with the beneficiaries of
effective compliance frameworks, such as the police and the financial services industry.
Tutorials and online forums include conventional discussion-based sessions (LOs1, 2, 4), real-world case study analysis (LOs
3, 4) and evaluation of relevant academic and research material (LOs 1-5). Tutorials make extensive use of group work and
presentations, and online quizzes and discussion will be encouraged to support students.
Embedding of employability/PDP/Scholarship skills
This module addresses employability at a high level. Students’ information literacy, employability and scholarship skills are also
enhanced by the development of critical reading and writing skills required.
The issues covered are central to the development of students as professionals both in terms of their personal development
and their path to professional accreditation. The module supported by ISACA training material (including real world case
studies) and the possibility of passing a professional exam (CISA or CISM) as a result can only enhance employability.

Formative Assessment:
Formative feedback will be provided throughout the module through feedback on the self-assessment questions and case
studies, both of which will have outline solutions available. This will enable students to self-assess their understanding and
progress. Appropriate online feedback will be available automatically and immediately after the assessment is completed.
Reflective exercises throughout the module will require students to apply the delivered concepts and theory to their own
experiences and circumstances and these reflections will be captured in an online portfolio that students will be able to review
and print. Ten end of unit progress tests offer further formative feedback.
Further formative assessment takes place during the tutorial sessions which run alongside the lectures, allowing group
discussion of the material. Use of distance learning tools to support learning will also be employed.
As the module is delivered in a block over 5 consecutive weeks, standard Academic Calendar weeks and trimesters are not
applicable for the tables below.


Summative Assessment:
Summative assessment will be provided throughout the module in the form of one component, with two elements. The first
element is a literature review of current research (LO 2,4,5; during week 3). The second assessment will be an assignment that
explicitly assesses an aspect of risk management (LO 1,3,4,5; at the end of week 5).
Sample assessments will be available together with model answers and marking schemes to facilitate self-assessment of your
knowledge and understanding, and identification of areas of weakness to aid preparation for the assessment. Summative
feedback is given as part of the marking process.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Tutorial 26
Independent Learning Guided independent study 150
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Essay 30 2,4,5 1 HOURS= 0, WORDS= 1000
Report 70 1,3,4,5 1 HOURS= 0, WORDS= 2500
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100
2019/0, Trimester 1, FACE-TO-FACE,
Occurrence: 002
Primary mode of delivery: FACE-TO-FACE
Location of delivery: MYANMAR
Partner:
Member of staff responsible for delivering module: Peter Cruickshank
Module Organiser:


Learning, Teaching and Assessment (LTA) Approach:
The module will be introduced by an Edinburgh Napier lecturer who will deliver an initial 25 hours of lectures, practical work and
tutorials. The additional hours will be delivered by our partner Info Myanmar College (IMC). The module will run over 5
consecutive weeks with the later four weeks being delivered by IMC staff. Lectures are used to introduce underlying principles
and the tutorial work is used to broaden & develop deeper understanding of the subject area. This is mixed with studentcentred
work, such as research questions and online exercises, as well as group activities such as discussion groups, group
presentation exercises, and peer review.
The module makes extensive use of published research papers in the development of students’ understanding of the domain.
Advantage is taken of links to professional auditing organisations and the excellent reputation of the School in the field of
information security and organisational behaviour, particularly research being carried in conjunction with the beneficiaries of
effective compliance frameworks, such as the police and the financial services industry.
Tutorials and online forums include conventional discussion-based sessions (LOs1, 2, 4), real-world case study analysis (LOs
3, 4) and evaluation of relevant academic and research material (LOs 1-5). Tutorials make extensive use of group work and
presentations, and online quizzes and discussion will be encouraged to support students.
Embedding of employability/PDP/Scholarship skills
This module addresses employability at a high level. Students’ information literacy, employability and scholarship skills are also
enhanced by the development of critical reading and writing skills required.
The issues covered are central to the development of students as professionals both in terms of their personal development
and their path to professional accreditation. The module supported by ISACA training material (including real world case
studies) and the possibility of passing a professional exam (CISA or CISM) as a result can only enhance employability.

Formative Assessment:
Formative feedback will be provided throughout the module through feedback on the self-assessment questions and case
studies, both of which will have outline solutions available. This will enable students to self-assess their understanding and
progress. Appropriate online feedback will be available automatically and immediately after the assessment is completed.
Reflective exercises throughout the module will require students to apply the delivered concepts and theory to their own
experiences and circumstances and these reflections will be captured in an online portfolio that students will be able to review
and print. Ten end of unit progress tests offer further formative feedback.
Further formative assessment takes place during the tutorial sessions which run alongside the lectures, allowing group
discussion of the material. Use of distance learning tools to support learning will also be employed.
As the module is delivered in a block over 5 consecutive weeks, standard Academic Calendar weeks and trimesters are not
applicable for the tables below.


Summative Assessment:
Summative assessment will be provided throughout the module in the form of one component, with two elements. The first
element is a literature review of current research (LO 2,4,5; during week 3). The second assessment will be an assignment that
explicitly assesses an aspect of risk management (LO 1,3,4,5; at the end of week 5).
Sample assessments will be available together with model answers and marking schemes to facilitate self-assessment of your
knowledge and understanding, and identification of areas of weakness to aid preparation for the assessment. Summative
feedback is given as part of the marking process.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Tutorial 26
Independent Learning Guided independent study 150
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Essay 30 2,4,5 1 HOURS= 0, WORDS= 1000
Report 70 1,3,4,5 1 HOURS= 0, WORDS= 2500
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Description of module content:

12. Module Content
On this module you will examine the principles behind Information Security Management Systems, including the threats and compliance issues that face the owners and implementers of information systems. You will also learn about the roles of governance frameworks and the professions involved in information security including security managers, IS auditors and digital forensics experts.

Much of the module material addresses the impacts of the global nature of Information Technology, including the increasingly trans-national nature of the Internet and the societal and legal implications of this trend. The majority of the standards covered by the module are international, and the interaction of UK, European and US regulations are considered and contrasted.

To achieve the above objectives you will gain an in-depth knowledge of approaches to the management of information systems, taking into account the human, organisational and technical factors required to establish a secure system, starting from taking a risk-based approach to identifying, evaluating and prioritising weaknesses in an existing system.

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports.

Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Demonstrate an understanding of the roles and responsibilities of the professionals involved, including practical application of codes of practice/ethics.
LO2: Critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development.
LO3: Critically appraise the principles of information security management systems and the roles of risk management, controls and audit in supporting IS governance
LO4: Research, examine and evaluate relevant academic literature and real-world situations, identify issues and solutions and make recommendations to management
LO5: Demonstrate an ability to professionally present findings in a way that is appropriate for the intended audience

Indicative References and Reading List - URL:
Security Audit & Compliance - Myanmar