MSc/Masters » Module Details

IY5501 Security Management

First term, core module for Technical Pathway and Secure Digital Business Pathway.

Module leader:

P.R. Wild.

Aims

This module will emphasise the need for good security management. Its aims are to identify the problems associated with security management and to show how various (major) organisations solve those problems.

Objectives

On completion of the module, the student will appreciate the complexities of security management, and will have seen how some companies attempt to solve these problems.

Outline of syllabus

There will be 11 sessions lasting about 3 hours. Most sessions will consist of a lecture given by an outside industrialist, including the opportunity for questions and answers on the topics discussed.

Examples of recently covered topics are:

  • Security: What, Why, How?
    Richard Walton (Visiting Professor to the ISG)
  • The Principles of Information Security and its Management
    John Austen (QCC)
  • Internal Control, Audit and Security
    Chris Potter (Pricewaterhouse Coopers)
  • Information Security, Governance and the Law
    Chris Sundt (Independent)
  • IS 27001 - Information Security Management for Business Benefit.
    Richard Mayall (Acuity Risk Management).
  • The Role of Risk Analysis and Management in Effectice InfoSec.
    Les Krause-Whiteing (Accenture)
  • Security Management - Systems, Models and Frameworks.
    Lizzie Coles-Kemp (RHUL).
  • Building a World-class Information Security Architecture.
    David Lacey (Consultant)
  • The Business of Trust
    Paul Dorey (BP)
  • Information Security Management in the Real World
    Graham Edwards (HBOS).
  • Business Continuity - the Wider Context of Information Security
    David Sutton (O2 UK)).

It is anticipated that future programmes will be similar. The current years programme is available here.

Method of examination

Two hour written examination.

Recommended text

  • Steve Purser, A Practical Guide to Managing Information Security, Artech House, 2004 (Library location: 001.6425PUR)
  • Gurpreet Dhillon, Principles of Information System Security: text and cases, Wiley, 2007 (Library location: 001.6425DHI)

Other references

  • Editors: Krause and Tipton, Handbook of Information Security Management, CRC Press, 2001.
  • Scott Barman, Writing Information Security Policies, New Riders, 2002.
  • Seymour Bosworth and M.E. Kabay (Eds), Computer Security Handbook, Fourth Edition, Wiley, 2002.
  • Harry B. DeMaio, B2B and Beyond, Wiley, 2001.
  • Gurpreet Dhillon, Managing Information Systems Security, MacMillan, 1997.
  • Donn B. Parker, Fighting Computer Crime, Wiley, 1998.