Unit(s) of Assessment	Weighting Towards Module Mark( %)
2 hour unseen examination	50%
Phase 1            Deadline: Week 2        Form Groups     Phase 2           Deadline: Week 4      Individual Report   Key Elements of Risk Management Frameworks   Identify and document the key aspects of 2 different formal high-level risk management frameworks, selected from the list provided.  For the two frameworks you have selected, in addition to identifying and documenting the scope of normal use, key attributes and elements, you are expected to conduct a literature review in order to establish the current usage trends of the two frameworks, paying particular attention to finding and discussing recent publications on the frameworks concerned.   Addresses the following learning outcomes:   ·         Understand the different types of information threats and vulnerabilities that an information system may experience, and how they may impact businesses.   ·         Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.	10%
Phase 3           Deadline: Week 6         Individual Report        Major Information Asset Incident Research   Identify and research 2 major incidents directly impacting information assets.   In this case, incidents refer to an activity or activities that resulted in significant business impact to the organisation concerned, that was caused by the failure to properly manage one or more of the COBIT Information Criteria. You should each research and document the critical aspects of the incidents paying particular attention to the; actors involved, the impact of the incident on the organisation concerned, and the threats, vulnerabilities, and control or process failures involved in the incident. Where possible it will also valuable to document the corrective actions taken by the organisation subsequent to the incident. While it is acceptable for individuals within the group to select the same incident to research, great care should be taken, in such situations, to avoid copying / plagiarism. Hint: Selection of well-publicised incidents will make this an easier task.   Addresses the following learning outcomes:   ·         Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.	10%
Phase 4           Deadline: Week 11    Group Report   Evaluate risk management elements (30%)   Critically evaluate the relative merits of elements of the risk management frameworks previously identified, as they relate to a specific incident.    Create an Information Risk Glossary and Concept Map, and then critically evaluate the relative merits of different elements of the risk management frameworks previously identified, as they relate to a specific incident.  Identify the different elements involved in the risk management frameworks that you individually documented in Phase 2. (Choice of the depth of decomposition will be key to how well you are able to accomplish this phase, too high a level (limited detail) and the resultant evaluation will be hard to accomplish, versus too detailed and you will not have time to complete the assignment.) Each group will be expected to determine how the work is divided for this phase; you are expected to demonstrate the contribution of each group member to the work.     Select one of the incidents documented by the members of your group, and then critically compare the various elements implications to this incident. This aspect of critical evaluation can be shared across the group.  Identify the 3 primary elements that would have been most critical to managing the information assets involved. Additionally recommend the appropriate controls that would be most critical to avoiding or mitigating the incident. State the reasons for your conclusions.     To address the following learning outcomes:   ·       Evaluate the information risks an information system may bring to a business and communicate the potential business impact of those risks.   ·       Select appropriate controls and/or mitigations to maximise the business value of an information asset, while ensuring the risk is kept to an appropriate level.	30%
Qualifying Condition(s)    A weighted aggregate mark of 40% is required to pass the module.

In a world where Collaboration is increasingly the norm, Information Assets are increasingly critical to the creation and protection of business value.  Information Systems are used to store and disseminate these information assets within and between organisations.  This module will explore the role of information professionals within organisations of Information Asset Management (IAM).  Opening with the framing and history of IAM.  The module will use key industry resources, including but not limited to ISO 27005, ITIL, COBIT, VALIT, NIST 800, FAIR.  In particular, the module will use knowledge of business information systems to approach the analysis of business risk and planning of information risk management, realised through a real-life case study.  The results will be developed and presented in groups, and will detail a proposed solution, including policy development, benefit and risk analysis and comparison of control and mitigation options.

This module will focus on the importance of managing information assets to maximise value and mange risk to an appropriate level in the real world.  It will explore the various agencies, roles, policies, processes and technologies involved, while highlighting the importance of the role Information Professionals, and others, need to play in managing information assets. To assist in  this external guest speakers will be used from different areas of government and industry.

Revised version uploaded 11 feb 2011 jg