MTU Courses - COMP8057 - Security Management

Module Details

Module Code:	COMP8057
Title:	Security Management
Long Title:	Security Management
NFQ Level:	Advanced
Valid From:	Semester 1 - 2020/21 ( September 2020 )

Duration:	1 Semester

Credits:	5

Field of Study:	4811 - Computer Science

Module Delivered in:	1 programme(s)

Module Description:	This module will consider the management of information security systems. It will take the view of the CISO (Chief Information Security Officer). It will address topics such as risk, compliance, security policies, disaster recovery, business continuity and security roles within an organisation. It will also have a practical element which will deal with some practical threats.

Learning Outcomes
On successful completion of this module the learner will be able to:
#	Learning Outcome Description
LO1	Evaluate the risk of poor security management and the value that good security management gives to an organisation.
LO2	Discuss organisational and management structures required to implement an information security system.
LO3	Analyse the main components in information security governance, regulatory requirements and privacy legislation.
LO4	Analyse the components of a security risk management framework.
LO5	Assess the effects of modern security threats.

Dependencies
Module Recommendations This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).

Incompatible Modules These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed

Indicative Content
The Business case for Information Security Management The risk of poor Security Management; Security ROI; metrics
Information Security Management Governance Management Process : Requirements; Architectural Design; Detailed Design; Implementation. Security Governance Defined : Responsibility; Strategy; Acquisition; Performance; Conformance and Human Behaviour. Policies, Procedures, Standards, Guidelines and Baselines; Audit Frameworks for Compliance; ITIL; Cobit; ISO 2700*; ISF, PCI-DSS, the GDPR, Case Studies
Organisational Structure Responsibilities of Information Security Officer; Reporting Model; Security Planning; Personnel Security, Case Studies
Risk Management Risk Management Concept; Risk Management Principles; Risk Assessment; Incident Response; Change Management, Case Studies
Business Continuity Analysis Business Impact Analysis; Business Continuity Planning; Disaster Recovery
Threats Modern day threats such as SQLi, OWASP Top 10. How exploitation works.

Assessment Breakdown	%
Module Content & Assessment
Coursework	40.00%
End of Module Formal Examination	60.00%

Assessments

Coursework

Assessment Type	Project	% of Total Mark	20
Timing	Week 6	Learning Outcomes	1,5
Assessment Description The student will research a security threat and associated mitigations, document the research and present their findings.

Assessment Type	Project	% of Total Mark	20
Timing	Week 10	Learning Outcomes	1,3,5
Assessment Description Analyse and locate security flaws that lead to threats and the development a security management policy for a company.

End of Module Formal Examination

Assessment Type	Formal Exam	% of Total Mark	60
Timing	End-of-Semester	Learning Outcomes	1,2,3,4
Assessment Description End of semester formal examination

Reassessment Requirement
Repeat examination Reassessment of this module will consist of a repeat examination. It is possible that there will also be a requirement to be reassessed in a coursework element.

The University reserves the right to alter the nature and timings of assessment

Module Workload

Workload: Full Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lecture delivering theory underpinning learning outcomes.	Every Week	2.00	2
Lab	Contact	Lab to support learning outcomes.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent Study.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Workload: Part Time
Workload Type	Contact Type	Workload Description	Frequency	Average Weekly Learner Workload	Hours
Lecture	Contact	Lecture delivering theory underpinning learning outcomes.	Every Week	2.00	2
Lab	Contact	Lab to support learning outcomes.	Every Week	2.00	2
Independent & Directed Learning (Non-contact)	Non Contact	Independent Study.	Every Week	3.00	3
Total Hours					7.00
Total Weekly Learner Workload					7.00
Total Weekly Contact Hours					4.00

Recommended Book Resources
Module Resources
Michael Whitman & Herbert Mattord. (2018), Management of Information Security, 6th. CENGAGE, [ISBN: 9781337405713].
Supplementary Book Resources
Sennewald & Baillie. (2015), Effective Security Management, 6th Edition, 6. Elsevier, [ISBN: 9780128027745]. Bruce Newsome. (2014), A Practical Introduction to Security and Risk Management, Sage, [ISBN: 9781452290270]. Harold F. Tipton, Micki Krause Nozaki. (2016), Information Security Management Handbook, Sixth Edition, Volume 6, 6. Auerbach, [ISBN: 9781138199750]. Alan Calder, Steve Watkins. (2015), IT Governance: An International Guide to Data Security and ISO27001/ISO27002, Kogan Page, [ISBN: 9780749474058]. Scott E. Donaldson, Stanley G. Siegel, Chris K. Williams. (2015), Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program Against Advanced Threats, Apress, [ISBN: 9781430260820]. David Alexander, Amanda Finch, David Sutton, Andy Taylor. (2013), Information Security Management Principles, 2. BCS, [ISBN: 9781780171753]. Michael E. Whitman, Herbert J. Mattord. (2017), Principles of Information Security, 6th Edition. Cengage Learning, [ISBN: 9781337102063].
This module does not have any article/paper resources
Other Resources
website, SANS Top 20 Critical Controls, https://www.sans.org/critical-security-c ontrols online PDF, ISACA. Information Security Governance, http://www.isaca.org/Knowledge-Center/Re search/Documents/Information-Security-Go venance-for-Board-of-Directors-and-Execu tive-Management_res_Eng_0510.pdf

Programme Code	Programme	Semester	Delivery
Module Delivered in
CR_KITMN_8	Bachelor of Science (Honours) in IT Management	8	Elective