Core Module Information
Module title: Security Audit & Compliance

SCQF level: 11:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: INF11809
Module leader: Peter Cruickshank
School School of Computing, Engineering and the Built Environment
Subject area group: Applied Informatics


Description of module content:

The aim of the module is to let you develop a deep understanding of the framework that information security operates in, and to give you an opportunity to express this in the form of professional written reports. Topics covered include:
• Overview of relevant laws and regulations: national and international, covering Data Protection, computer misuse and other legal issues.
• The relation between governance models and frameworks including: ISACA’s COBIT and ISO Standards (ISO27000 in particular)
• Role of the professions; difference between audit, forensics and security management. Professional ethics and codes of practice
• Risk management, contingency and continuity planning
• Understanding and application of the COBIT domains

Learning Outcomes for module:

Upon completion of this module you will be able to
LO1: Demonstrate an understanding of the roles and responsibilities of the professionals involved, including practical application of codes of practice/ethics.
LO2: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development.
LO3: Critically appraise the principles of information security management systems and the roles of risk management, controls and audit in supporting IS governance
LO4: Demonstrate an understanding of the role of human and organisational factors in delivering information security
LO5: Research, examine and evaluate relevant academic literature and real-world situations, identify issues and solutions and make recommendations to management

Full Details of Teaching and Assessment
2022/3, Trimester 1, Online, Edinburgh Napier University
Occurrence: 001
Primary mode of delivery: Online
Location of delivery: WORLDWIDE
Partner: Edinburgh Napier University
Member of staff responsible for delivering module: Peter Cruickshank
Module Organiser:

Learning, Teaching and Assessment (LTA) Approach:
This module provides an opportunity for students to apply new knowledge within the context of their previous experience where students can apply their knowledge to new situations. Students will learn how to analyse, synthesise and solve complex unstructured business related IS/IT problems. Students will have the opportunity to develop their online communication skills with a range of international students, via weekly online forum, as well as develop the capacity for independent learning.

Students will be provided with responsive, engaging and interactive online learning materials which will include a general introduction to the module and how to study the module together with core academic theory relating to the topic. Students will also be directed to a variety of electronic sources including e-books, e-journals and other web based resources. A mix of reflective exercises, case studies and self-assessment questions (with diagnostic feedback) for each unit will engage students within the learning process. Online materials will encourage students to reflect upon their experience and learning and are encouraged to form into independent online discussion groups.

To support learning, students will have access to module specific materials which will comprise the following elements: a module introduction/overview, including learning outcomes and summary of key learning points for each unit; podcasts and/or videos which feature further key concepts where appropriate; recorded keynote lectures/guest speakers (as appropriate); case studies and outline solutions; two online discussions moderated by the online tutor; self-assessment questions (with automated feedback); reflective exercises; end of unit progress tests; links to core module academic
materials etc.

Formative Assessment:
Formative feedback will be provided throughout the module through feedback on the self-assessment questions and case studies, both of which will have outline solutions available. This will enable students to self-assess their understanding and progress. Appropriate online feedback will be available automatically and immediately after the assessment is completed. Reflective exercises throughout the module will require students to apply the delivered concepts and theory to their own experiences and circumstances and these reflections will be captured in an online portfolio that students will be able to review and print.

Summative Assessment:
Summative assessment will be provided throughout the module in the form of one component, with two elements. Firstly, ten end of unit progress tests (which also offers formative feedback) (10%), and the final assessment which contributes the remaining module marks (90%).
• The End of Unit progress tests will be set at the end of each of the ten units.
• The final module assessment will be a 4,000 word assignment that explores the an aspect of the information security in theory and practice. Sample assessments will be available together with model answers and marking schemes to facilitate self-assessment of your knowledge and understanding, and identification of areas of weakness to aid your preparation for the assessment. Summative feedback is given as part of the marking process.

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Online Guided independent study 4
Online Tutorial 5
Independent Learning Guided independent study 191
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Centrally Time Tabled Examination 10 1, 2, 3, 4 & 5 10 HOURS= 1, WORDS= 0
Report 90 3,4,5 14 HOURS= 0, WORDS= 3000
Component 1 subtotal: 100
Component 2 subtotal: 0
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader