Academic Handbook Course Descriptors and Programme Specifications
LISYS62116A Enterprise Security Management Course Descriptor
Course code | LISYS62116A | Discipline | Computer Science |
UK Credit | 15 | US Credit | N/A |
FHEQ level | 6 | Date approved | October 2023 |
Compulsory/ Optional |
Compulsory for Cyber Security Specialist Specialism | ||
Pre-requisites | None | ||
Co-requisites | None |
Course Summary
The effective management of enterprise IT security is dependent upon a range of technological, physical, and human factors, from governance to policy, through to staff expertise and training. Establishing responsibility and decision-making authority for the security service provider paves the way for the effective policies and strategies that underpin implementation plans. This course examines a systematic approach to audit, analysis, risk, cost, and timeline planning for the most effective deployment of security service resources. The course will cover approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause.
It also considers the wider implementation environment including, organisational and environmental constraints, stakeholders and the managerial skills required to ensure the effectiveness of security management.
The course aims to offer learners an understanding of the foundational governance and policies for successful security service implementation. It covers organisational considerations, strategic decision-making, and project management for security management, encompassing incident response, stakeholder engagement, and management. Furthermore, learners will develop the capability to evaluate, prioritise, and address security risks systematically, while also gaining skills in planning the implementation of security services.
Learning Outcomes
On successful completion of the course, learners will be able to:
Knowledge and Understanding
K1c | Critically evaluate security governance, policy, strategy and organisational and environmental constraints. |
K2c | Perform audit, security risk analysis, security service project management and incident response and management. |
K3c | Critically analyse management and interpersonal skills required to successfully manage IT security, including considerations around accessibility and inclusion. |
Subject Specific Skills
S1c | Inform security strategy and policy decision making and promote a security culture. |
S2c | Be aware of organisational constraints, conduct business security risk analysis and audit, identify, and prioritise areas of risk, vulnerability and weakness. |
S3c | Apply specialist knowledge to develop an IT security road map and risk register with identified priorities, budget, and timeline. |
Transferable and Professional Skills
T1c(i) | Apply analytical and critical thinking skills to complex business and technological problems. |
T1c(ii) | Display an advanced level of technical proficiency in written English and competence in applying scholarly terminology, so as to be able to apply skills in critical evaluation, analysis and judgement effectively in a diverse range of contexts. |
T2c | Evaluate business needs and maximise the impact of resources. |
T3c | Apply negotiation skills and complete tasks to an identified timeline in accordance with stakeholder requirements. |
Teaching and Learning
This is an e-learning course, taught throughout the year.
Teaching and learning strategies for this course will include:
- Online learning
- Online discussion groups
- Online assessment
Course information and supplementary materials will be available on the College’s Virtual Learning Environment (VLE).
Learners are required to attend and participate in all the formal and timetabled sessions for this course. Learners are also expected to manage their self-directed learning and independent study in support of the course.
The course learning and teaching hours will be structured as follows:
- Off-the-job learning and teaching (6 days x 7 hours) = 42 hours
- On-the-job learning (12 days x 7 hours) = 84 hours (e.g. 2 days per week for 6 weeks)
- Private study (4 hours per week) = 24 hours
Total = 150 hours
Workplace assignments (see below) will be completed as part of on-the-job learning.
Assessment
Learners will be formatively assessed during the course by means of set assignments. These will not count towards the final degree but will provide students with developmental feedback.
Summative
Assessment will be in two forms:
AE | Assessment Type | Weighting | Online submission | Duration | Length |
1 | Set Exercises | 60% | Yes | Requiring on average 20 – 30 hours to complete | – |
2 | Written Assignment (workplace case study) | 40% | Yes | – | 1500 words |
Feedback
Learners will receive formal feedback in a variety of ways: written (via email or VLE correspondence) and indirectly through online discussion groups. Learners will also attend a formal meeting with their Academic Mentor (and for apprentices, including their Line Manager). These bi or tri-partite reviews will monitor and evaluate the learner’s progress.
Feedback is provided on summative assessed assignments and through generic internal examiners’ reports, both of which are posted on the VLE.
Indicative Reading
Note: Comprehensive and current reading lists for courses are produced annually in the Course Guide or other documentation provided to learners; the indicative reading list provided below is used as part of the approval/modification process only.
Books
- Blum, D. (2020) Rational Cybersecurity for Business: The Security Leaders’ Guide to Business Alignment: Apress.
- Brumfield, C. and Haugli, B. (2021), Cybersecurity Risk Management: Wiley.
- Taylor, A., Alexander, D., French, A., and Sutton, D. (2008) Information Security Management Principles: British Informatics Society Limited.
Journals
Learners are encouraged to read material from relevant journals on Enterprise Security Management as directed by their course leader.
Electronic Resources
Learners are encouraged to consult relevant websites on Enterprise Security Management.
Indicative Topics
Learners will study the following topics:
- Implementing Security Services
- Security Governance and Policy
- Cyber Risk Assessments and Audit
Version History
Title: LISYS62116A Enterprise Security Management
Approved by: Academic Board Location: Academic Handbook/BSc (Hons) Digital & Technology Solutions |
|||||
Version number | Date approved | Date published | Owner | Proposed next review date | Modification (As per AQF4) & category number |
3.0 | October 2023 | October 2023 | Dr. Alexandros Koliousis | October 2028 | Category 1: Corrections/clarifications to documents which do not change approved content.
Category 3: Changes to Learning Outcomes |
2.0 | October 2022 | January 2023 | Dr Yu-Chun Pan | September 2027 | Category 3: Changes to Learning Outcomes |
1.0 | September 2022 | September 2022 | Dr Yu-Chun Pan | September 2027 |