Core Module Information
Module title: Professional Practice Governance and Risk

SCQF level: 09:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SOC09702
Module leader: David Haynes
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering
Prerequisites

N/A

Description of module content:

The module supports students taking on an industry-based activity, where they apply their course knowledge to their employment activities. They will reflect on their experiences, and discuss the application of their course skills to their jobs. As part of this, some focus should be made on the issues around security governance and risk management.

To assist the students in their studies, the course utilises a taught component with particular focus on information security governance and risk management. This material addresses the issues that have arisen as a result of the pervasive nature of information technology. The material also covers the legal context: national and international, covering privacy and data protection, computer misuse, intellectual property rights, and legal liability. It discusses the standards context: ISO Standards (ISO27000 and ISO31000 in particular) and ISACA’s COBIT. It includes Professionalism, Ethical and moral considerations: corporate and individual ethics. Additionally it looks at Risk identification and modelling: threats, vulnerabilities and attacks. Finally, it considers Risk management and controls including incident handling and the relation to audit and assurance

The QAA benchmark statement for computing incorporates a wide range of activities including hardware, software, communication and, in more general terms, the application of those skills in practice. The specific range of computing-related cognitive abilities gained from this module will depend on the specifics of the project done by each student but in all cases will support “computing-related practical activities” as specified in the benchmark. In addition the student will enrich a range of “additional transferable skills” as required by their projects.

Learning Outcomes for module:

On completion of this module, students will be able to:
LO1: Appraise information security risk management theory and practice and role of risk stakeholders
LO2: Apply knowledge to system risk modelling and select appropriate approaches to risk treatment
LO3: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development
LO4: Demonstrate understanding of the legal, ethical and professional obligations on computer professionals.
LO5: Critically evaluate professional and governance issues and resolving them using skills in analysis, synthesis and decision-making.

Full Details of Teaching and Assessment
2023/4, Trimester 1, PLACEMENT LEARN,
VIEW FULL DETAILS
Occurrence: 001
Primary mode of delivery: PLACEMENT LEARN
Location of delivery: UK PARTNER
Partner:
Member of staff responsible for delivering module: David Haynes
Module Organiser:


Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Other PLACEMENT 122
Independent Learning Guided independent study 60
Face To Face Practical classes and workshops 18
Total Study Hours200
Expected Total Study Hours for Module200


Assessment
Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Report 50 1, 2, 3, 4 34 , WORDS= 2500
Portfolio 50 5 40 , WORDS= 2500
Component 1 subtotal: 50
Component 2 subtotal: 50
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader