Module Database Search
| MODULE DESCRIPTOR | |||
|---|---|---|---|
| Module Title | |||
| Information Risk & Security Management | |||
| Reference | CM3144 | Version | 1 |
| Created | November 2023 | SCQF Level | SCQF 9 |
| Approved | April 2024 | SCQF Points | 15 |
| Amended | ECTS Points | 7.5 | |
| Aims of Module | |||
|---|---|---|---|
| This module aims to provide students with a thorough comprehension of information risk and security management, empowering them to identify, assess, and manage information security risks effectively within an organizational context. | |||
| Learning Outcomes for Module | |
|---|---|
| On completion of this module, students are expected to be able to: | |
| 1 | Demonstrate a comprehensive understanding of various information security risks within organizational settings. |
| 2 | Assess the information security risks for a given scenario. |
| 3 | Demonstrate a comprehensive understanding of information security management principles. |
| 4 | Formulate a cybersecurity program aligned with organisational objectives and relevant regulations. |
| Indicative Module Content |
|---|
| Risk Definition; Risk Perception Factors; Human Factors and Risk Communication; Security Culture; Information Security Standards; Enacting Security Policy; Component vs. Systems Perspectives; Elements of Risk (e.g., Vulnerability, Threat, Likelihood, Impact); Risk Assessment and Management Methods (e.g., NIST Guidelines, ISO/IEC 27005, Octave Allegro, STRIDE, Attack Trees); Governance Models; Legal and Regulatory Frameworks (e.g. GDPR, Computer Misuse Act, ISO27001, HIPAA,PCI DSS); Audit and Compliance; Information Security Governance and Planning; Information Assurance; Planning for Risk Assessment; Managing Risks and Threats; Information Security Policy Principles; Information Security Policy Implementation; Physical and Environmental Security; Technical Security Controls; Information Sharing; Business Continuity; Incident Response and Recovery Planning (e.g., ISO/IEC 27035, NCSC Guidance); Risk Assessment and Management in Cyber-Physical Systems (OT, ICS, CNI, SCADA, NIS); Security Metrics. |
| Module Delivery |
|---|
| Key concepts are introduced and illustrated through lectures and directed reading. The understanding of students is tested and further enhanced through lab sessions. |
| Indicative Student Workload | Full Time | Part Time |
|---|---|---|
| Contact Hours | 30 | N/A |
| Non-Contact Hours | 120 | N/A |
| Placement/Work-Based Learning Experience [Notional] Hours | N/A | N/A |
| TOTAL | 150 | N/A |
| Actual Placement hours for professional, statutory or regulatory body |
| ASSESSMENT PLAN | |||||
|---|---|---|---|---|---|
| If a major/minor model is used and box is ticked, % weightings below are indicative only. | |||||
| Component 1 | |||||
| Type: | Coursework | Weighting: | 100% | Outcomes Assessed: | 1, 2, 3, 4 |
| Description: | Coursework consisting of both practical and theoretical elements covering all module learning outcomes. | ||||
| MODULE PERFORMANCE DESCRIPTOR | |
|---|---|
| Explanatory Text | |
| The calculation of the overall grade for this module is based on 100% weighting of Component 1. An overall minimum grade of D is required to pass this module | |
| Module Grade | Minimum Requirements to achieve Module Grade: |
| A | The student needs to achieve an A in Component 1 |
| B | The student needs to achieve a B in Component 1 |
| C | The student needs to achieve a C in Component 1 |
| D | The student needs to achieve a D in Component 1 |
| E | The student needs to achieve an E in Component 1 |
| F | The student needs to achieve an F in Component 1 |
| NS | Non-submission of work by published deadline or non-attendance for examination |
| Module Requirements | |
|---|---|
| Prerequisites for Module | None. |
| Corequisites for module | None. |
| Precluded Modules | None. |
| INDICATIVE BIBLIOGRAPHY | |
|---|---|
| 1 | Broad, J. (2022). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Apress. |
| 2 | Priyadarshini, I., & Cotton, C. (2022). Cybersecurity: Ethics, Legal, Risks, and Policies. CRC Press. |
| 3 | Hodson, C. J. (2019). Cyber risk management: Prioritize threats, identify vulnerabilities and apply controls. Kogan Page Publishers. |
| 4 | Hubbard, D. W., & Seiersen, R. (2023). How to measure anything in cybersecurity risk. John Wiley & Sons. |
| 5 | Landoll, D. (2021). The security risk assessment handbook: A complete guide for performing security risk assessments. CRC Press. |
| 6 | Sutton D., (2021). Information Risk Management: A practitioner's guide. BCS |
| 7 | Gregory, P., (2018). CISM Certified Information Security Manager All-in-One Exam Guide (CERTIFICATION & CAREER - OMG). McGraw Hill. |