University of Surrey - Guildford
Registry
  
 

  
 
Registry > Module Catalogue
View Module List by A.O.U. and Level  Alphabetical Module Code List  Alphabetical Module Title List  Alphabetical Old Short Name List  View Menu 
2010/1 Module Catalogue
 Module Code: COMM037 Module Title: INFORMATION SECURITY MANAGEMENT
Module Provider: Computing Short Name: COMM037
Level: M Module Co-ordinator: SCHAATHUN H Dr (Computing)
Number of credits: 15 Number of ECTS credits: 7.5
 
Module Availability
Semester 1
Assessment Pattern
Unit(s) of Assessment
Weighting Towards Module Mark( %)

Written, unseen examination (2h). In the event that there are five or fewer students registered for the exam, it may be replaced by a 1/2h oral exam, based on the same themes, topics, and problems and assessing the same learning outcomes as the written exam.

60%

Individual Coursework Assignment, comprised of weekly exercises, which should be solved weekly and discussed in class, and a concluding essay to be completed at the end of the semester. The coursework is assessed as a single unit of assessment; detail TBA at the start of term.

40%

Qualifying Condition(s) 

An aggregate mark of at least 50%

Module Overview

Security is probably the greatest challenge for computer and information system in the near future. Many users have lost data due to viruses, both on home and business computers. Most of us have seen a range of emails massages attempting different kinds of fraud. Security holes can potentially affect all of us, from innocent home users to stake, even for the general public.

Security is a management problem at least as much as a technical one. Good security solutions build on a complete understanding of the values at stake, and the business processes and requirements. They include people as well as information systems and hardware, and good behaviour is as important secure software. Secure solutions can only be implemented with both good technical skills and a good understanding of cultures and people skills.

Vulnerabilities are everywhere. Some are obvious or well-known. Others are obscure and harder to spot. Security is not limited to secrecy and confidentiality, but also involves problems like integrity, availability, and effectiveness of information. This module aims at raising the awareness for the wide range of security issues, and build an understanding of how business and organisational requirements must underpin any security solution.
Prerequisites/Co-requisites
None
Module Aims
The aim of the module is to equip the students with knowledge and overview, as well as analytical skills, to assess security in large systems and organisations, and to incorporate security in every step of a systems lifecycle.
Learning Outcomes
At the end of the module, the students will
  • Be able to identify assets and threats, and assess risks.
  • Be able to communicate clearly and unambiguously about security problems and write policy and guidance documents which are useful to other people in an organisation.
  • Have an understanding of how to relate and adapt information systems in general and security solutions in particular to specific business processes and requirements to meet overall goals.
Be aware of the many security pitfalls at the various stages of a systems life cycle
Module Content
To be completed
  1. Foundations of Computer Security
    • Terminology
    • Threats and vulnerabilities
    • Integrity, confidentiality, and a availability
  2. Security Design and Objectives
    • Traditional perimeter defences
    • Security dilemmas
    • KISS-Keep it simple, stupid
  3. Managing Information Security
    • Information Security Management Systems (ISMS)
    • Information Security Life Cycle (ISLC)
    • Writing and Using Security Policies
  4. Understanding and Managing Risk
    • What is risk
    • Assessing risk: impact and probability
    • Risk and controls-cost/benefit analysis
  5. Agents, threats and vulnerabilities
  6. Controls and Security Measures
  7. Secure Software Development
    • Input checking
    • Broken abstractions
    • Memory management and buffer overflows
  8. Privilege Management
    • Identity 2.0
  9. The Future of Information Security
    • Security in the Clouds
    • Deperimeterisation
     10. The Governance Dilemma
Methods of Teaching/Learning
3-hr session every week for ten weeks. Each session will include both lecture on new material and guest lecture and/or discussion/workshop.
Selected Texts/Journals

Students should pay attention to module web pages for additional reading recommendations. In particular, we will recommend scientific and professional journal articles and standards documents during the semester.

Essential reading

[1] Bel G. Raggad. Information Security Management. Concepts and Practice. CRC Press, 2010.

Recommended reading

[2] IEEE security and privacy. Magazine. 6 issues per year.

[3] Charles P. Pfleeger and Shari Lawrence Pfleeger. Security in Computing. Prentice Hall, 4th edition, 2007.

[4] Whitman and Mattord. Principles of Information Security. Thomson Course Technology, 2nd edition, 2005.

Supplementary reading

[5] Matt Bishop. Computer Security. Addison-Wesley, 2003.

[6] Dieter Gollmann. Computer Security. Wiley, 2nd edition, 2006.

[7] B. Schneier. Secret and Lies: Digital Security in a Networked World. Wiley, 2000.
Last Updated
September 2010