"In today’s high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their systems of internal control" (Nigel Turnbull, from the foreword of the book IT Governance: A Manager’s Guide to Data Security BS 7799/ISO 17799).
Taking a practice-based approach based on an organisation you are familiar with, this module provides the foundational knowledge, understanding, analysis, and synthesis that you need to develop a practical information security management system to the standard set by the ISO 27000 family of standards (particularly 27001 and 27002). You will also acquire the personal development skills needed to keep abreast of important developments in a rapidly developing field.
The module is structured into three blocks, each covering four strands of activities: organisation, personal, research and practitioner written to support and extend the module ebook.
Block 1: introduction to information security
You will begin by learning about the current requirements and the incentives for organisations to implement information security. Next, you will study the foundations of the subject, learning to identify and value information as an organisational asset. Protecting information assets is the subject of the British standards, around which this module is based. This block outlines the processes required to satisfy the requirements of these standards.
Block 2: Information security risk assessment
This block places in context the issues involved in information security risk assessment, as required by the standard. You will examine the risks in all relevant aspects of an organisation's operations, including human factors, ecommerce, web services and systems development. You will learn how to conduct a systematic risk assessment that leads to a prioritised list of information security risks for an organisation, and the requirements for their treatment.
The block concludes with an assignment in which you will conduct a risk assessment for your chosen organisation, based on the information in the British standards and the module ebook.
Block 3: Information security risk management
In this block, you will complete your study of developing a fit-for-purpose information security management system through managing information security risks. You will learn how to be systematic in choosing controls that treat specific risks, and how to produce the documentation required by the relevant British standards. You’ll fully explore the technologies underpinning the standard's controls, and complete the block by considering the topic of planning for when things go wrong.
The other strands cover professionalism, home information security, information security research, and exploring the leading edge of information security.
This module extensively uses videos, podcasts, blogs, and other web resources to support your learning. At the end of the module, you will be required to carry out some independent research into an issue in information security management, analysing and evaluating the results of your research for presentation in the end-of-module assessment.
The module is based on the current version of the Information Security standard against which an Information Security Management System would be assessed.
By studying this module, you will learn how to craft a fit-for-purpose Information Security Management System for a familiar organisation. As such, you will interact with other people in your organisation, which may help raise your profile.
You’ll get help and support from an assigned tutor throughout your module.
They’ll help by:
Course work includes:
This module is only presented online - there are no printed materials.
All the study materials will be available from the module website, including: details of how to download and install Nessus software; three blocks of core texts; the continuous assessment; the end-of-module assessment; and exercises and podcasts to support the teaching.
In addition, you will have access to download your copy of the module ebook - IT Governance: An International Guide to Data Security and ISO27001/ISO27002.
You can study this module on its own or use the credits you gain towards an Open University qualification.
M811 is a compulsory module in our:
M811 is an option module in our:
Sometimes you cannot count a module towards a qualification if you have already counted another module with similar content. To verify any excluded combinations with this module, check with an adviser before registering.
Information security (M811) starts once a year – in November.
It will next start in November 2026.
We expect it to start for the last time in November 2028.
As a student of The Open University, you should be aware of the content of the academic regulations, which are available on our Student Policies and Regulations website.
You are expected to hold a bachelor's degree (or equivalent) in computing or a related discipline, or have at least three years of relevant industry experience.
The study material is online, so you’ll spend considerable time using a computer and the internet.
Some components might not be fully accessible using a screen reader. Mathematical and scientific materials can be particularly difficult to read in this way.
Written transcripts of audio components and figure descriptions are available.
If you’re using printed materials as part of reasonable adjustments to support your studies, note that printed versions of online materials are unavailable for this module.
To find out more about what kind of support and adjustments might be available, contact us or visit our disability support pages.
| Start | End | Register by | England fee |
|---|
| 01 Nov 2026 | 30 Apr 2027 | 08 Oct 2026 | Not yet available* |
| *This start date is open for pre-booking, which means you can reserve your place ahead of the fees being confirmed. We’ll publish updated 2026/27 fees and funding information on the 25th of March. |
There may be extra costs on top of the tuition fee, such as set books, a computer and internet access.
If your income is not more than £25,000 or you receive a qualifying benefit, you might be eligible for help with some of these costs after your module has started.
There may be extra costs on top of the tuition fee, such as set books, a computer and internet access.
If you study this module as part of an eligible qualification, you can apply for a postgraduate loan to support your study costs. To find out more, see Postgraduate loans in England.
If you study this module as part of an eligible qualification, you can apply for a postgraduate loan to help with your tuition fees. To find out more, see Postgraduate tuition fee loans in Northern Ireland.
If you study this module as part of an eligible qualification, you can apply for a postgraduate loan to help with your tuition fees. To find out more, see Postgraduate loans in Scotland.
If you study this module as part of an eligible qualification, you can apply for a postgraduate loan to support your study costs. To find out more, see Postgraduate loans in Wales.
The Open University Student Budget Accounts Ltd (OUSBA) offers a convenient 'pay as you go' option to pay your OU fees, which is a secure, quick and easy way to pay. Please note that The Open University works exclusively with OUSBA and is not able to offer you credit facilities from any other provider. All credit is subject to status and proof that you can afford the repayments.
You pay the OU through OUSBA in one of the following ways:
Joint loan applications
If you feel you would be unable to obtain an OUSBA loan on your own due to credit history or affordability issues, OUSBA offers the option to apply for a joint loan application with a third party. For example, your husband, wife, partner, parent, sibling or friend. In such cases, OUSBA will be required to carry out additional affordability checks separately and/or collectively for both joint applicants who will be jointly and severally liable for loan repayments.
As additional affordability checks are required when processing joint loan applications, unfortunately, an instant decision cannot be given. On average, the processing time for a joint loan application is five working days from receipt of the required documentation.
Read more about Open University Student Budget Accounts (OUSBA).
Studying with The Open University can boost your employability. OU courses are recognised and respected by employers for their excellence and the commitment they take to complete. They also value the skills that students learn and can apply in the workplace.
Over 30,000 employers have used the OU to develop staff so far. If the module you’ve chosen is geared towards your job or developing your career, you could approach your employer to see if they will sponsor you by paying some or all of the fees.
You can pay part or all of your tuition fees upfront with a debit or credit card when you register for each module.
We accept American Express, Mastercard, Visa and Visa Electron.
We know that sometimes you may want to combine payment options. For example, you may wish to pay part of your tuition fee with a debit card and pay the remainder in instalments through an Open University Student Budget Account (OUSBA).
We know that sometimes you may want to combine payment options. For example, you may get support from your employer to pay part of your tuition fee and pay the remainder by credit or debit card.
For more information about combining payment options, contact an adviser.
Please note: your permanent address/domicile will affect your fee status and, therefore, the fees you are charged and any financial support available to you. The fee information provided here is valid for modules starting before 31 July 2026. Fees typically increase annually. For further information about the University's fee policy, visit our Fee Rules.
