The module supports students taking on an industry-based activity, where they apply their course knowledge to their employment activities. They will reflect on their experiences, and discuss the application of their course skills to their jobs. As part of this, some focus should be made on the issues around security governance and risk management.To assist the students in their studies, the course utilises a taught component with particular focus on information security governance and risk management. This material addresses the issues that have arisen as a result of the pervasive nature of information technology. The material also covers the legal context: national and international, covering privacy and data protection, computer misuse, intellectual property rights, and legal liability. It discusses the standards context: ISO Standards (ISO27000 and ISO31000 in particular) and ISACA’s COBIT. It includes Professionalism, Ethical and moral considerations: corporate and individual ethics. Additionally it looks at Risk identification and modelling: threats, vulnerabilities and attacks. Finally, it considers Risk management and controls including incident handling and the relation to audit and assuranceThe QAA benchmark statement for computing incorporates a wide range of activities including hardware, software, communication and, in more general terms, the application of those skills in practice. The specific range of computing-related cognitive abilities gained from this module will depend on the specifics of the project done by each student but in all cases will support “computing-related practical activities” as specified in the benchmark. In addition the student will enrich a range of “additional transferable skills” as required by their projects.