N/A

The module supports students taking on an industry-based activity, where they apply their course knowledge to their employment activities. They will reflect on their experiences, and discuss the application of their course skills to their jobs. As part of this, some focus should be made on the issues around security governance and risk management.

To assist the students in their studies, the course utilises a taught component with particular focus on information security governance and risk management. This material addresses the issues that have arisen as a result of the pervasive nature of information technology. The material also covers the legal context: national and international, covering privacy and data protection, computer misuse, intellectual property rights, and legal liability. It discusses the standards context: ISO Standards (ISO27000 and ISO31000 in particular) and ISACA’s COBIT. It includes Professionalism, Ethical and moral considerations: corporate and individual ethics. Additionally it looks at Risk identification and modelling: threats, vulnerabilities and attacks. Finally, it considers Risk management and controls including incident handling and the relation to audit and assurance

The QAA benchmark statement for computing incorporates a wide range of activities including hardware, software, communication and, in more general terms, the application of those skills in practice. The specific range of computing-related cognitive abilities gained from this module will depend on the specifics of the project done by each student but in all cases will support “computing-related practical activities” as specified in the benchmark. In addition the student will enrich a range of “additional transferable skills” as required by their projects.

On completion of this module, students will be able to:
LO1: Appraise information security risk management theory and practice and role of risk stakeholders
LO2: Apply knowledge to system risk modelling and select appropriate approaches to risk treatment
LO3: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development
LO4: Demonstrate understanding of the legal, ethical and professional obligations on computer professionals.
LO5: Critically evaluate professional and governance issues and resolving them using skills in analysis, synthesis and decision-making.