Module Details
| Module Code: |
CYBR9005 |
| Title: |
Information Security Architect
|
|
Long Title:
|
Information Security Architecture
|
| NFQ Level: |
Expert |
| Valid From: |
Semester 1 - 2023/24 ( September 2023 ) |
| Field of Study: |
4817 - Cyber Skills
|
| Module Description: |
In this module the student will learn about information security and its importance in protecting the confidentiality, integrity and availability of systems and information. The student will develop the skills to discern between the different security needs of various stakeholders, evaluate the robustness of security designs and design security controls to protect information assets. This module was developed under the CyberSkills HCI Pillar3 Project. Please refer to consortium agreement for ownership.
|
| Learning Outcomes |
| On successful completion of this module the learner will be able to: |
| # |
Learning Outcome Description |
| LO1 |
Discern between the different obligations and requirements that an organization need to consider to protect the confidentiality, integrity and availability of information. |
| LO2 |
Evaluate the engagement with information security at a governance level to achieve an organisation's sustainable protection of its information assets. |
| LO3 |
Assess and design security controls that should be considered as part of an overall Information Security Management (ISM) strategy. |
| LO4 |
Assess the role of Identity and Access Management (IAM) techniques as a method to control access to information assets. |
| Dependencies |
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named MTU module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
|
|
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
|
| No incompatible modules listed |
Co-requisite Modules
|
| No Co-requisite modules listed |
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
|
| No requirements listed |
| Indicative Content |
|
Information Security Principles
What is information security? Information Security models - Confidentiality, Integrity, Availability (CIA) triad, Parkerian Hexad. Attacks on information – Interception, Interruption, Modification, Fabrication. Active and passive attacks in information security. Use cases on some of the more well-known attacks on information for example. Adobe, Facebook, Twitter, Playstation, Canva, Linkedin, Adult Friend Finder. Information security models including Bell-La Padula Model, Biba Model, Brewer and Nash Model, Non-Interference Model, and McCumber model.
|
|
Information Security Requirements
Obligations to consider at a business, regulatory, customer level. Business obligations - business continuity, end user security, risk management, security awareness, data protection, governance etc. Regulatory concerns - Personal Information Protection and Electronic Documents Act (PIPEDA), General Data Protection Regulation (GDPR) etc.
|
|
Information Security Governance (ISG)
Chief Information Officer (CIO) role and responsibilities. How to engage top level management in information security decisions. Culture and impact on ISG. Awareness programmes. Compliance & Assessment. ISG as a method of ensuring responsibility, accountability, and risk controls. Goals of ISG. Characteristic of good ISG. ISO27001, COBIT, ISO 38500, PRINCE2, PDCA Cycle, NIST, Enterprise Information Security Architecture (EISA).
|
|
Information Security Management (ISM)
Features of ISM. Roles in ISM – top level management, information security organisation and other stakeholders. Information Security Policies. Risk Assessment and treatment. Implementation of controls. Monitor and review. Identity and Access Management (IAM)What is IAM. Role of IAM as part of compliance. Authentication – Single Sign in, multifactor authentication, sessions, and token management. Authorization – roles, rules, attributes etc, User management and repositories i.e. directory services. Access management. Active Directory. Biometric authentication. Open standards. Challenges and risks.
|
|
Module Content & Assessment
|
| Assessment Breakdown | % |
|---|
| Coursework | 100.00% |
Assessments
| No End of Module Formal Examination |
| Reassessment Requirement |
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.
|
The University reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lectures covering the theoretical concepts underpinning the learning outcomes. |
Every Week |
2.00 |
2 |
| Lab |
Contact |
Interactive labs leveraging a sophisticated virtualised environment. |
Every Week |
2.00 |
2 |
| Independent & Directed Learning (Non-contact) |
Non Contact |
Independent Learning: preparing project deliverable, reading resource material and self-directed study. |
Every Week |
3.00 |
3 |
| Total Hours |
7.00 |
| Total Weekly Learner Workload |
7.00 |
| Total Weekly Contact Hours |
4.00 |
| Workload: Part Time |
| Workload Type |
Contact Type |
Workload Description |
Frequency |
Average Weekly Learner Workload |
Hours |
| Lecture |
Contact |
Lectures covering the theoretical concepts underpinning the learning outcomes. |
Every Week |
2.00 |
2 |
| Lab |
Contact |
Interactive labs leveraging a sophisticated virtualised environment. |
Every Week |
2.00 |
2 |
| Independent & Directed Learning (Non-contact) |
Non Contact |
Independent Learning: preparing project deliverable, reading resource material and self-directed study. |
Every Week |
3.00 |
3 |
| Total Hours |
7.00 |
| Total Weekly Learner Workload |
7.00 |
| Total Weekly Contact Hours |
4.00 |
|
Module Resources
|
| Recommended Book Resources |
|---|
-
Whitman, Michael E; Mattord, Herbert J. (2018), Management of information security, 6th. Cengage Learning, [ISBN: 9781337405713].
| | Supplementary Book Resources |
|---|
-
Jason Andress, Mark Leary, and Mark Leary. (2016), Building a Practical Information Security Program, Elsevier Science & Technology Books, [ISBN: 9780128020883].
-
Chapple, Mike, et al.. (ISC)2 CISSP Certified Information Systems Security Professional Official Study Guide, 8th. John Wiley & Sons, [ISBN: 9781119475873].
| | Recommended Article/Paper Resources |
|---|
-
Cecilia (Qian) Feng, Tawei Wang. Does CIO risk appetite matter? Evidence
from information security breach
incidents, International Journal of Accounting
Information Systems, Volume 32, 2019, p.59-75, [ISSN: 1467-0895],
-
Sultan AlGhamdi, Khin Than Win, Elena
Vlahu-Gjorgievska,. (2020), Information security governance
challenges and critical success factors:
Systematic review, Computers & Security, Volume 99, 2020, [ISSN: 0167-4048],
| | Other Resources |
|---|
-
Website, CSO Online. (2021), The 15 biggest data breaches of the 21st
century,
|
|
