England.  Change location

Information security

Qualification dates
Start End

Be on the front line of defence against hackers. Learn what matters to your organisation and how to protect it. This module takes a practice-based approach based on an organisation you are familiar with. Gain foundational knowledge, understanding, analysis and synthesis needed to understand the development of a practical information security management system (to ISO 27000 standards, particularly 27001 and 27002). You’ll also acquire personal development skills to keep abreast of significant developments in this rapidly evolving field.

What you will study

The module has three blocks.

Block 1
You’ll begin by learning about current requirements on, and incentives for, organisations to implement information security. Next, you’ll study the foundations of the subject, learning to identify and value information as an organisational asset. You’ll learn about international standards for security. And start to understand what it is to protect an organisation, through identifying the most valuable information to your organisation. You’ll learn about the value of, and how to value, information; what risk is; what it means to be at the top of the security tree in an organisation; and something cyber that you never knew about squirrels. Also, you’ll learn about library services and how to start your InfoSec research.

Block 2
In this block, you’ll investigate in detail the risks faced by your organisation’s information, through a guided risk assessment. You’ll be able to distinguish a threat from a vulnerability and know what to do about both. You’ll be able to use a risk thermometer, and estimate and use your organisation’s risk appetite to get your risk analysis perfect for its context. The human aspect of InfoSec is one of the most important, and you’ll focus on the risk that your colleagues (and you) raise if you’re not careful. Also, you’ll learn how to dig deep into an academic paper on InfoSec, to get every drop of value.

Block 3
In this block, you’ll learn how to protect the value that your organisation has in its information by solving the puzzle of what your organisation needs. We’ll go through many of the most important risk controls, understanding how each applies in your situation. And you’ll start to prepare your report on what precisely is needed. You’ll also prepare for the end-of-module assessment, where you can demonstrate what you’ve learned about InfoSec research.

Entry requirements

This module has no formal entry requirements.

Talk to an advisor if you’re not sure you’re ready.

What's included

You’ll have access to a module website, which includes:

  • a week-by-week study planner
  • course-specific module materials
  • audio and video content
  • assignment details and submission section
  • online tutorial access.

We’ll also provide a downloadable copy of the module book – IT Governance: An International Guide to Data Security and ISO27001/ISOO27002.

Computing requirements

You’ll need broadband internet access and a desktop or laptop computer with an up-to-date version of Windows (10 or 11) or macOS Ventura or higher.

Any additional software will be provided or is generally freely available.

To join in spoken conversations in tutorials, we recommend a wired headset (headphones/earphones with a built-in microphone).

Our module websites comply with web standards, and any modern browser is suitable for most activities.

Our OU Study mobile app will operate on all current, supported versions of Android and iOS. It’s not available on Kindle.

It’s also possible to access some module materials on a mobile phone, tablet device or Chromebook. However, as you may be asked to install additional software or use certain applications, you’ll also require a desktop or laptop, as described above.

Teaching and assessment

Support from your tutor

Throughout your module studies, you’ll get help and support from your assigned module tutor. They’ll help you by:

  • Marking your assignments (TMAs) and providing detailed feedback for you to improve.
  • Guiding you to additional learning resources.
  • Providing individual guidance, whether that’s for general study skills or specific module content.
  • Facilitating online discussions between your fellow students, in the dedicated module and tutor group forums.

Module tutors also run online tutorials throughout the module. Where possible, recordings of online tutorials will be made available to students. While these tutorials won’t be compulsory for you to complete the module, you’re strongly encouraged to take part.


The assessment details for this module can be found in the facts box.

If you have a disability

The OU strives to make all aspects of study accessible to everyone and this Accessibility Statement outlines what studying TM311 involves. You should use this information to inform your study preparations and any discussions with us about how we can meet your needs.

Future availability

Information security (TM311) starts once a year – in October.

This page describes the module that will start in October 2024.

We expect it to start for the last time in October 2028.

Course work includes:

3 Tutor-marked assignments (TMAs)
3 Interactive computer-marked assignments (iCMAs)
End-of-module assessment