Core Module Information
Module title: Professional Practice Governance and Risk

SCQF level: 09:
SCQF credit value: 20.00
ECTS credit value: 10

Module code: SOC09702
Module leader: David Haynes
School School of Computing, Engineering and the Built Environment
Subject area group: Cyber Security and Systems Engineering


Description of module content:

The module supports students taking on an industry-based activity, where they apply their course knowledge to their employment activities. They will reflect on their experiences, and discuss the application of their course skills to their jobs. As part of this, some focus should be made on the issues around security governance and risk management.

To assist the students in their studies, the course utilises a taught component with particular focus on information security governance and risk management. This material addresses the issues that have arisen as a result of the pervasive nature of information technology. The material also covers the legal context: national and international, covering privacy and data protection, computer misuse, intellectual property rights, and legal liability. It discusses the standards context: ISO Standards (ISO27000 and ISO31000 in particular) and ISACA’s COBIT. It includes Professionalism, Ethical and moral considerations: corporate and individual ethics. Additionally it looks at Risk identification and modelling: threats, vulnerabilities and attacks. Finally, it considers Risk management and controls including incident handling and the relation to audit and assurance

The QAA benchmark statement for computing incorporates a wide range of activities including hardware, software, communication and, in more general terms, the application of those skills in practice. The specific range of computing-related cognitive abilities gained from this module will depend on the specifics of the project done by each student but in all cases will support “computing-related practical activities” as specified in the benchmark. In addition the student will enrich a range of “additional transferable skills” as required by their projects.

Learning Outcomes for module:

On completion of this module, students will be able to:
LO1: Appraise information security risk management theory and practice and role of risk stakeholders
LO2: Apply knowledge to system risk modelling and select appropriate approaches to risk treatment
LO3: Review and critically appraise relevant laws and relevant standards, their interrelationships and international trends in their development
LO4: Demonstrate understanding of the legal, ethical and professional obligations on computer professionals.
LO5: Critically evaluate professional and governance issues and resolving them using skills in analysis, synthesis and decision-making.

Full Details of Teaching and Assessment
2022/3, Trimester 1, PLACEMENT LEARN,
Occurrence: 001
Primary mode of delivery: PLACEMENT LEARN
Location of delivery: UK PARTNER
Member of staff responsible for delivering module: David Haynes
Module Organiser:

Learning, Teaching and Assessment (LTA) Approach:
This module provides an opportunity for students to extend their knowledge of ICT and
information systems with information security risk management. Students will learn how
to analyse, synthesise and solve complex unstructured business related IS/IT problems.
Teaching comprises a blend of lectures and tutorials that cover all Learning Outcomes.
Lectures will be recorded and uploaded for delivery in a distance learning mode.
Tutorials and online forums include conventional discussion-based sessions, real-world
case study analysis and evaluation of relevant academic and research material.
Tutorials make extensive use of group work and presentations, and online quizzes and
discussion are encouraged to support study planning.
Students, while undergoing work in their place of employment, will demonstrate their
course skills by applying those to project work undertaken, and documenting those in a
portfolio. This should also reflect on the risk and governance issues discussed in this
course, and how it applied to their work.

Formative Assessment:
Feedback from regular meetings with support tutors on the construction of their portfolio
as well as their ongoing employment-based activities. In terms of the taught aspect of
the module, Formative feedback will be provided throughout the module through
feedback on the self-assessment questions and case studies, both of which will have
outline solutions available. This will enable students to self-assess their understanding
and progress. Appropriate online feedback will be available automatically and
immediately after the assessment is completed. Reflective exercises throughout the
module will require students to apply the delivered concepts and theory to their own
experiences and circumstances and these reflections will be captured in an online
portfolio that students will be able to review and print. Ten end of unit progress tests offer
further formative feedback.

Summative Assessment:
The taught aspects of the course are directly assessed using both a coursework and a
class test. The coursework is a short case study addressing risk management, legal and professional issues (LO1,2,3,4).
Construction of a portfolio of the work undertaken during their year of apprenticeship at
their employers and a reflective summary (LO5).

Student Activity (Notional Equivalent Study Hours (NESH))
Mode of activityLearning & Teaching ActivityNESH (Study Hours)
Independent Learning Guided independent study 60
Face To Face Practical classes and workshops 18
Total Study Hours200
Expected Total Study Hours for Module200

Type of Assessment Weighting % LOs covered Week due Length in Hours/Words
Report 50 1, 2, 3, 4 34 , WORDS= 2500
Portfolio 50 5 40 , WORDS= 2500
Component 1 subtotal: 50
Component 2 subtotal: 50
Module subtotal: 100

Indicative References and Reading List - URL:
Contact your module leader