This module will give you an understanding and appreciation of the need for effective security management. You’ll study different approaches to management in practice, including key standardised approaches and the fundamental importance of a risk-based approach. After completing the module, you’ll also understand key components of practical cyber security management, including the impact of law and regulation, the importance of auditing, and the key role of people in achieving cyber security. You’ll also consider case studies of failures to help you understand the importance of effective security management.
Main topics of the module include:
- Cyber security management standards, in particular the ISO/IEC 27000 series
- The role of risk management in cyber security
- Incident management and response
- Business continuity and resilience
- The impact of law and regulation in cyber security management
- Audit, governance and compliance.
On successful completion of this module, you will be expected to be able to:
- contribute to the development of an Information Security Management System (ISMS), in line with the requirements of ISO/IEC 27001, and evaluate its suitability
- create security policies underlying an ISMS
- help generate a comprehensive risk assessment for an organisation, as a key component of the ISMS
- select, implement and coordinate security controls chosen in accordance with an established risk-based methodology
- design and document processes and procedures for the real-world implementation of an ISMS
- develop staff cyber security training and awareness programmes and materials.
- End of moudule examination (100%)