Be in the front line of defence against hackers. Learn what matters for your organisation and how to protect it. This module takes a practice-based approach based on an organisation you are familiar with. Gain foundational knowledge, understanding, analysis and synthesis needed to understand the development a practical information security management system (to ISO 27000 standards, particularly 27001 and 27002). You’ll also acquire personal development skills to keep abreast of important developments in this rapidly evolving field.
What you will study
The module has three blocks.
You’ll begin by learning about current requirements on, and incentives for, organisations to implement information security. Next, you’ll study the foundations of the subject, learning to identify and value information as an organisational asset. You’ll learn about international standards for security. And start to understand what it is to protect an organisation, through identifying the most valuable information to your organisation. You’ll learn about the value of, and how to value, information; what risk is; what it means to be at the top of the security tree in an organisation; and something cyber that you never knew about squirrels. Also, you’ll learn about library services and how to start your InfoSec research.
In this block, you’ll investigate in detail the risks faced by your organisation’s information, through a guided risk assessment. You’ll be able to distinguish a threat from a vulnerability and know what to do about both. You’ll be able to use a risk thermometer, and estimate and use your organisation’s risk appetite to get your risk analysis perfect for its context. The human aspect of InfoSec is one of the most important, and you’ll focus on the risk that your colleagues (and you) raise if you’re not careful. Also, you’ll learn how to dig deep into an academic paper on InfoSec, to get every drop of value.
In this block, you’ll learn how to protect the value that your organisation has in its information by solving the puzzle of what your organisation needs. We’ll go through many of the most important risk controls, understanding how each applies in your situation. And you’ll start to prepare your report on what precisely is needed. You’ll also prepare for the end-of-module assessment, where you can demonstrate what you’ve learned about InfoSec research.
This module has no formal entry requirements.
Talk to an advisor if you’re not sure you’re ready.
You’ll have access to a module website, which includes:
- a week-by-week study planner
- course-specific module materials
- audio and video content
- assignment details and submission section
- online tutorial access.
We’ll also provide a downloadable copy of the module book – IT Governance: An International Guide to Data Security and ISO27001/ISOO27002.
You’ll need broadband internet access and a desktop or laptop computer with an up-to-date version of Windows (10 or 11) or macOS (11 'Big Sur' or higher).
Any additional software will be provided or is generally freely available.
To join in spoken conversations in tutorials, we recommend a wired headset (headphones/earphones with a built-in microphone).
Our module websites comply with web standards, and any modern browser is suitable for most activities.
Our OU Study mobile app will operate on all current, supported versions of Android and iOS. It’s not available on Kindle.
It’s also possible to access some module materials on a mobile phone, tablet device or Chromebook. However, as you may be asked to install additional software or use certain applications, you’ll also require a desktop or laptop, as described above.