#REQUEST.pageInfo.pagedescription#

Site Navigation

COMP9039 - Security Management and Law

banner1
Title:Security Management and Law
Long Title:Security Management and Law
Module Code:COMP9039
 
Credits: 10
NFQ Level:Expert
Field of Study: Computer Science
Valid From: Semester 1 - 2016/17 ( September 2016 )
Module Delivered in 2 programme(s)
Module Coordinator: TIM HORGAN
Module Author: NOREEN GUBBINS
Module Description: Security Management and Law is designed to give students an understanding of the legal and ethical issues pertaining to Information Technology and how an organisation can implement a security program to protect its information assets.
Learning Outcomes
On successful completion of this module the learner will be able to:
LO1 Critically analyse the laws impacting on Information Technology.
LO2 Critically analyse the relationship between law and ethics in Information Technology.
LO3 Evaluate the issues relating to intellectual property and software
LO4 Critcally analyse the components of an information security program and the role of security governance
LO5 Critically evaluate the importance of security policies and a security awareness program within an organisation
LO6 Identify the components of a security risk management framework and analyse how it helps an organisation identify and manage risk
LO7 Analyse the security advantages and challenges of Cloud Computing and the key security and privacy concerns when moving to a public cloud.
Pre-requisite learning
Module Recommendations
This is prior learning (or a practical skill) that is strongly recommended before enrolment in this module. You may enrol in this module if you have not acquired the recommended learning but you will have considerable difficulty in passing (i.e. achieving the learning outcomes of) the module. While the prior learning is expressed as named CIT module(s) it also allows for learning (in another module or modules) which is equivalent to the learning specified in the named module(s).
No recommendations listed
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list.
No incompatible modules listed
Co-requisite Modules
No Co-requisite modules listed
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
No requirements listed
Co-requisites
No Co Requisites listed
 

Module Content & Assessment

Indicative Content
Law and Computing
The key sources of law relating to computing. European Union Law, Legislation and Judicial Precedent. The impact of the Constitution
Law and Ethics
The meaning of ‘Ethics’. The relationship between Law and Morality. Ethical issues in computing
Computer Crime
The development of offences related to computing in Irish and International Law. Comparison with other jurisdictions. The implementation of computer crime legislation. Possible reforms
Privacy and Data
General approach to personal privacy in Irish and International Law. Overview of the Data Protection legislation and assessment of the current regime
Intellectual Property and Computer Software
General rules of copyright. Application of Copyright to software. Remedies and enforcement. Evaluation of the current approach and comparison with other jurisdictions. patents, Trademarks, Service Marks
The Business Case for Information Security Management
The risk of poor Security Management; Security ROI; metrics
Information Security Management Governance
Security Governance Defined; Policies, Procedures, Standards, Guidelines and Baselines; Audit Frameworks for Compliance; ITIL; Cobit; ISO 27001; ISF
Organisational Behaviour
Responsibilities of Information Security Officer; Reporting Model; Enterprise Security Oversight Committee; Security Planning; Personnel Security
Security Awareness, Training and Education
Why conduct formal security awareness training? Awareness activies and methods
Risk Management
Risk Management Concept; Risk Management Principles; Risk Assessment; Incident Response; Change Management
Business Continuity Management
Business Impact Analysis; Business Continuity Planning
Payment Card Industry Data Security Standard
Requirements, Compliance, Validation, Wireless LANs
Cloud Computing
Cloud characteristics; cloud service models; cloud deployment models; security advantages; security challenges; balancing threat exposure and cost effectiveness; NIST guidelines
Assessment Breakdown%
Course Work100.00%
Course Work
Assessment Type Assessment Description Outcome addressed % of total Assessment Date
Essay An essay critically analysing an issues in security management 4,5,6 15.0 Week 6
Written Report A project plan to implement security manangement 4,5,6 10.0 Week 9
Written Report A critical report on a legal or ethical issue from the module. 1,2,3,7 25.0 Week 11
Project Project simulating a security managment framework 1,2,3,4,5,6 50.0 Sem End
No End of Module Formal Examination
Reassessment Requirement
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.

The institute reserves the right to alter the nature and timings of assessment

 

Module Workload

Workload: Full Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lectures on IT Law and Security Management 4.0 Every Week 4.00
Tutorial Tutorial 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Study 8.0 Every Week 8.00
Total Hours 14.00
Total Weekly Learner Workload 14.00
Total Weekly Contact Hours 6.00
Workload: Part Time
Workload Type Workload Description Hours Frequency Average Weekly Learner Workload
Lecture Lectures on IT Law and Security Management 4.0 Every Week 4.00
Tutorial Tutorial 2.0 Every Week 2.00
Independent & Directed Learning (Non-contact) Study 8.0 Every Week 8.00
Total Hours 14.00
Total Weekly Learner Workload 14.00
Total Weekly Contact Hours 6.00
 

Module Resources

Recommended Book Resources
  • Michael E. Whitman, Herbert J. Mattord, 2010, Management of Information Security, 3 Ed. [ISBN: 978-1435488847]
Supplementary Book Resources
  • Isc2 Press 2007, Information Security Management Handbook [ISBN: 978-0849374951]
  • Harold F. Tipton and Micki Krause 2009, Information Security Management Handbook: v. [ISBN: 978-1420090925]
  • Gerard Blokdijk, Ivanka Menken 2008, IT Security Management Best Practice Handbook: Building, Running and Managing a IT Security Management Governance, Risk and Compliance Process - Ready ... Bringing ITIL and GRC Theory into Practice (Paperback), Emereo Pty Limited [ISBN: 978-1921523786]
  • Thomas J. Smedinghoff 2008, Information Security Law: The Emerging Standard for Corporate Compliance, IT Governance Publishing [ISBN: 978-1905356669]
  • Anthony Tarantino 2006, Manager's Guide to Compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB's A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies (Manager's Guide Series) (Hardcover), John Wiley & Sons [ISBN: 978-0471792574]
  • Alan Calder 2008, IT Governance: A Manager's Guide to Date Security and ISO 27001 / ISO 27002: A Manager's Guide to Data Security and ISO 27001/ISO 27002, Kogan Page Ltd; [ISBN: 978-0749452711]
  • Van Solms 2008, Information Security Governance, Springer [ISBN: 978-0387799834]
  • Alan Calder 2006, Implementing Information Security Based on ISO 27001/ISO 17799: A Management Guide, van Haren Publishing [ISBN: 978-9077212783]
  • Alan Calder 2006, Information Security Based on ISO 27001/ISO 17799: A Management Guide, van Haren Publishing [ISBN: 978-9077212707]
  • Alan Calder 2006, Information Security Risk Management for ISO27001/ISO17799 (Implementing ISO27001), IT Governance Publishing [ISBN: 978-1905356232]
  • Jill Slay, Andy Koronios 2006, IT Security and Risk Management, John Wiley & Sons [ISBN: 978-0470805749]
  • ITSM Library) 2008, IT Governance CobiT 4.1 - A Management Guide 3rd Edition, VAN HAREN PUBLISHING; [ISBN: 978-9087531164]
Recommended Article/Paper Resources
This module does not have any other resources
 

Module Delivered in

Programme Code Programme Semester Delivery
CR_KINSE_9 Master of Science in Information Security 2 Mandatory
CR_KINSY_9 Postgraduate Diploma in Science in Information Security 2 Mandatory

Cork Institute of Technology
Rossa Avenue, Bishopstown, Cork

Tel: 021-4326100     Fax: 021-4545343
Email: help@cit.edu.ie