Core Module Information
Module title: Security Audit & Compliance

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: INF11109
Module leader: Peter Cruickshank
School School of Computing, Engineering and the Built Environment
Subject area group: Applied Informatics


Description of module content:

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports. Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning
• Understanding and application of the COBIT domains

Learning Outcomes for module:

LO1: Demonstrate an understanding of the roles and responsibilities of the professionals involved, including practical application of codes of practice/ethics.
LO2: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development.
LO3: Critically appraise the principles of information security management systems and the roles of risk management, controls and audit in supporting IS governance
LO4: Research, examine and evaluate relevant academic literature and real-world situations, identify issues and solutions and make recommendations to management
LO5: Demonstrate an ability to professionally present findings in a way that is appropriate for the intended audience

Full Details of Teaching and Assessment
2022/3, Trimester 1, Face-to-Face, Edinburgh Napier University
Occurrence: 001
Primary mode of delivery: Face-to-Face
Location of delivery: MERCHISTON
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Peter Cruickshank
Module Organiser:

Learning, Teaching and Assessment (LTA) Approach:
Teaching comprises a blend of lectures and tutorials that cover all Learning Outcomes. The lecture programme is enhanced by input from guest speakers. Lectures will be recorded and uploaded for delivery to distance learning students.

Tutorials and online forums include conventional discussion-based sessions (LOs1, 2, 4, 5), real-world case study analysis (LOs 3, 4, 5) and evaluation of relevant academic and research material (all). Tutorials make extensive use of group work and presentations , and online quizzes and discussion will be encouraged to support distance learning students.

Formative Assessment:
Formative feedback will be provided throughout the module through feedback on the self-assessment questions and case studies, both of which will have outline solutions available. This will enable students to self-assess their understanding and progress. Appropriate online feedback will be available automatically and immediately after the assessment is completed. Reflective exercises throughout the module will require students to apply the delivered concepts and theory to their own experiences and circumstances and these reflections will be captured in an online portfolio that students will be able to review and print. Ten end of unit progress tests offer further formative feedback.

Further formative assessment takes place during the tutorial sessions which run alongside the lectures, allowing group discussion of the self-study material.

All students are provided with an opportunity to submit draft versions of their courseworks for formative feedback.

Summative Assessment:
Summative assessment will be provided throughout the module in the form of one component, with two elements. The first element is a literature review of current research in a topic covered in the first 5 Units of the module. The second assessment will be an assignment that allows the student to select and explore an aspect of information security in theory and practice. Sample assessments will be available together with model answers and marking schemes to facilitate self-assessment of your knowledge and understanding, and identification of areas of weakness to aid preparation for the assessment. Summative feedback is given as part of the marking process.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Face To Face Lecture 24
Face To Face Tutorial 26
Independent Learning Tutorial 150
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Essay 40 2,4,5 7 HOURS= 0, WORDS= 2500
Report 60 1,3,4,5 14 HOURS= 0, WORDS= 3000
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Security Audit & Compliance