England

Please tell us where you live so that we can provide you with the most relevant information as you use this website.
If you are at a BFPO address please choose the country or region in which you would ordinarily be resident.
Accessibility statement
Be on the front line of defence against hackers. Learn what matters to your organisation and how to protect it. This module takes a practice-based approach based on an organisation you are familiar with. Gain foundational knowledge, understanding, analysis and synthesis needed to understand the development of a practical information security management system (to ISO 27000 standards, particularly 27001 and 27002). You’ll also acquire personal development skills to keep abreast of significant developments in this rapidly evolving field.
The module has three blocks.
Block 1
You’ll begin by learning about current requirements and incentives for organisations to implement information security. Next, you’ll study the foundations of the subject, learning to identify and value information as an organisational asset. You’ll learn about international standards for security. And start to understand what it is to protect an organisation, through identifying the most valuable information to your organisation. You’ll learn about the value of, and how to value, information; what risk is; what it means to be at the top of the security tree in an organisation; and something cyber that you never knew about squirrels. Also, you’ll learn about library services and how to start your InfoSec research.
Block 2
In this block, you’ll investigate the risks faced by your organisation’s information through a guided risk assessment. You’ll be able to distinguish a threat from a vulnerability and know what to do about both. You’ll be able to use a risk thermometer to estimate and use your organisation’s risk appetite to make your risk analysis perfect for its context. The human aspect of InfoSec is one of the most important, and you’ll focus on the risk that your colleagues (and you) raise if you’re not careful. Also, you’ll learn how to dig deep into an academic paper on InfoSec to get every drop of value.
Block 3
In this block, you’ll learn how to protect your organisation's value in its information by solving the puzzle of what your organisation needs. We’ll go through many of the most critical risk controls, understanding how each applies in your situation. And you’ll start to prepare your report on what precisely is needed. You’ll also prepare for the end-of-module assessment, where you can demonstrate what you’ve learned about InfoSec research.
This module has no formal entry requirements.
You’ll get help and support from an assigned tutor throughout your module.
They’ll help by:
Online tutorials run throughout the module. While they’re not compulsory, we strongly encourage you to participate. Where possible, we’ll make recordings available.
Course work includes:
You’ll have access to a module website, which includes:
Additionally, the website includes:
The OU strives to make all aspects of study accessible to everyone, and this Accessibility Statement outlines what studying TM311 involves. You should use this information to inform your study preparations and any discussions with us about how we can meet your needs.
To find out more about what kind of support and adjustments might be available, contact us or visit our Disability support website.
Information security (TM311) starts once a year – in October.
It will next start in October 2026.
We expect it to start for the last time in October 2028.
Back to previous page