| Title: | Security Management and Law |
|---|
| Long Title: | Security Management and Law |
|---|
| Field of Study: |
Computer Science
|
| Valid From: |
Semester 1 - 2016/17 ( September 2016 ) |
| Module Delivered in |
no programmes
|
| Module Coordinator: |
Sean McSweeney |
| Module Author: |
NOREEN GUBBINS |
| Module Description: |
Security Management and Law is designed to give students an understanding of the legal and ethical issues pertaining to Information Technology and how an organisation can implement a security program to protect its information assets. |
| Learning Outcomes |
| On successful completion of this module the learner will be able to: |
| LO1 |
Critically analyse the laws impacting on Information Technology. |
| LO2 |
Critically analyse the relationship between law and ethics in Information Technology. |
| LO3 |
Evaluate the issues relating to intellectual property and software |
| LO4 |
Critcally analyse the components of an information security program and the role of security governance |
| LO5 |
Critically evaluate the importance of security policies and a security awareness program within an organisation |
| LO6 |
Identify the components of a security risk management framework and analyse how it helps an organisation identify and manage risk |
| LO7 |
Analyse the security advantages and challenges of Cloud Computing and the key security and privacy concerns when moving to a public cloud. |
| Pre-requisite learning |
Incompatible Modules
These are modules which have learning outcomes that are too similar to the learning outcomes of this module. You may not earn additional credit for the same learning and therefore you may not enrol in this module if you have successfully completed any modules in the incompatible list. |
| No incompatible modules listed |
Co-requisite Modules
|
| No Co-requisite modules listed |
Requirements
This is prior learning (or a practical skill) that is mandatory before enrolment in this module is allowed. You may not enrol on this module if you have not acquired the learning specified in this section.
|
| No requirements listed |
Co-requisites
|
| No Co Requisites listed |
Module Content & Assessment
| Indicative Content |
|
Law and Computing
The key sources of law relating to computing. European Union Law, Legislation and Judicial Precedent. The impact of the Constitution
|
|
Law and Ethics
The meaning of ‘Ethics’. The relationship between Law and Morality. Ethical issues in computing
|
|
Computer Crime
The development of offences related to computing in Irish and International Law. Comparison with other jurisdictions. The implementation of computer crime legislation. Possible reforms
|
|
Privacy and Data
General approach to personal privacy in Irish and International Law. Overview of the Data Protection legislation and assessment of the current regime
|
|
Intellectual Property and Computer Software
General rules of copyright. Application of Copyright to software. Remedies and enforcement. Evaluation of the current approach and comparison with other jurisdictions. patents, Trademarks, Service Marks
|
|
The Business Case for Information Security Management
The risk of poor Security Management; Security ROI; metrics
|
|
Information Security Management Governance
Security Governance Defined;
Policies, Procedures, Standards, Guidelines and Baselines;
Audit Frameworks for Compliance;
ITIL; Cobit; ISO 27001; ISF
|
|
Organisational Behaviour
Responsibilities of Information Security Officer;
Reporting Model;
Enterprise Security Oversight Committee;
Security Planning;
Personnel Security
|
|
Security Awareness, Training and Education
Why conduct formal security awareness training?
Awareness activies and methods
|
|
Risk Management
Risk Management Concept;
Risk Management Principles;
Risk Assessment; Incident Response; Change Management
|
|
Business Continuity Management
Business Impact Analysis; Business Continuity Planning
|
|
Payment Card Industry Data Security Standard
Requirements, Compliance, Validation, Wireless LANs
|
|
Cloud Computing
Cloud characteristics; cloud service models; cloud deployment models; security advantages; security challenges; balancing threat exposure and cost effectiveness; NIST guidelines
|
| Assessment Breakdown | % |
|---|
| Course Work | 100.00% |
| Course Work |
|---|
| Assessment Type |
Assessment Description |
Outcome addressed |
% of total |
Assessment Date |
| Essay |
An essay critically analysing an issues in security management |
4,5,6 |
15.0 |
Week 6 |
| Written Report |
A project plan to implement security manangement |
4,5,6 |
10.0 |
Week 9 |
| Written Report |
A critical report on a legal or ethical issue from the module. |
1,2,3,7 |
25.0 |
Week 11 |
| Project |
Project simulating a security managment framework |
1,2,3,4,5,6 |
50.0 |
Sem End |
| No End of Module Formal Examination |
| Reassessment Requirement |
Coursework Only
This module is reassessed solely on the basis of re-submitted coursework. There is no repeat written examination.
|
The institute reserves the right to alter the nature and timings of assessment
Module Workload
| Workload: Full Time |
| Workload Type |
Workload Description |
Hours |
Frequency |
Average Weekly Learner Workload |
| Lecture |
Lectures on IT Law and Security Management |
4.0 |
Every Week |
4.00 |
| Tutorial |
Tutorial |
2.0 |
Every Week |
2.00 |
| Independent & Directed Learning (Non-contact) |
Study |
8.0 |
Every Week |
8.00 |
| Total Hours |
14.00 |
| Total Weekly Learner Workload |
14.00 |
| Total Weekly Contact Hours |
6.00 |
| Workload: Part Time |
| Workload Type |
Workload Description |
Hours |
Frequency |
Average Weekly Learner Workload |
| Lecture |
Lectures on IT Law and Security Management |
4.0 |
Every Week |
4.00 |
| Tutorial |
Tutorial |
2.0 |
Every Week |
2.00 |
| Independent & Directed Learning (Non-contact) |
Study |
8.0 |
Every Week |
8.00 |
| Total Hours |
14.00 |
| Total Weekly Learner Workload |
14.00 |
| Total Weekly Contact Hours |
6.00 |
Module Resources
| Recommended Book Resources |
|---|
- Michael E. Whitman, Herbert J. Mattord, 2010, Management of Information Security, 3 Ed. [ISBN: 978-1435488847]
| | Supplementary Book Resources |
|---|
- Isc2 Press 2007, Information Security Management Handbook [ISBN: 978-0849374951]
- Harold F. Tipton and Micki Krause 2009, Information Security Management Handbook: v. [ISBN: 978-1420090925]
- Gerard Blokdijk, Ivanka Menken 2008, IT Security Management Best Practice Handbook: Building, Running and Managing a IT Security Management Governance, Risk and Compliance Process - Ready ... Bringing ITIL and GRC Theory into Practice (Paperback), Emereo Pty Limited [ISBN: 978-1921523786]
- Thomas J. Smedinghoff 2008, Information Security Law: The Emerging Standard for Corporate Compliance, IT Governance Publishing [ISBN: 978-1905356669]
- Anthony Tarantino 2006, Manager's Guide to Compliance: Sarbanes-Oxley, COSO, ERM, COBIT, IFRS, BASEL II, OMB's A-123, ASX 10, OECD Principles, Turnbull Guidance, Best Practices, and Case Studies (Manager's Guide Series) (Hardcover), John Wiley & Sons [ISBN: 978-0471792574]
- Alan Calder 2008, IT Governance: A Manager's Guide to Date Security and ISO 27001 / ISO 27002: A Manager's Guide to Data Security and ISO 27001/ISO 27002, Kogan Page Ltd; [ISBN: 978-0749452711]
- Van Solms 2008, Information Security Governance, Springer [ISBN: 978-0387799834]
- Alan Calder 2006, Implementing Information Security Based on ISO 27001/ISO 17799: A Management Guide, van Haren Publishing [ISBN: 978-9077212783]
- Alan Calder 2006, Information Security Based on ISO 27001/ISO 17799: A Management Guide, van Haren Publishing [ISBN: 978-9077212707]
- Alan Calder 2006, Information Security Risk Management for ISO27001/ISO17799 (Implementing ISO27001), IT Governance Publishing [ISBN: 978-1905356232]
- Jill Slay, Andy Koronios 2006, IT Security and Risk Management, John Wiley & Sons [ISBN: 978-0470805749]
- ITSM Library) 2008, IT Governance CobiT 4.1 - A Management Guide 3rd Edition, VAN HAREN PUBLISHING; [ISBN: 978-9087531164]
| | Recommended Article/Paper Resources |
|---|
- National Institute of Standards and Technology.
- SANS Institute
| | This module does not have any other resources |
|---|
|
