Information security

Whether in the public or private sector, the investment in the information assets of a modern organisation underpins its effectiveness and drives its profitability. In this module, you’ll explore the skills necessary to understand, document, manage and implement strategic and operational aspects of your organisation’s information security. You’ll study topics in information security risk assessment and management, professionalism, home information security, and information security research. By studying this module, you’ll better understand your organisation's information security requirements, developing your ability to deliver a fit-for-purpose information security management system.

Vocational relevance

By studying this module you will learn how to craft a fit-for-purpose Information Security Management System for an organisation with which you are familiar. As such you will be interacting with other people in your organisation and this may help to raise your profile.


M811 is a compulsory module in our:

M811 is an optional module in our:

Excluded combinations

Sometimes you will not be able to count a module towards a qualification if you have already taken another module with similar content. To check any excluded combinations relating to this module, visit our excluded combination finder or check with an adviser before registering.


Module code


  • Credits measure the student workload required for the successful completion of a module or qualification.
  • One credit represents about 10 hours of study over the duration of the course.
  • You are awarded credits after you have successfully completed a module.
  • For example, if you study a 60-credit module and successfully pass it, you will be awarded 60 credits.
Study level
Across the UK, there are two parallel frameworks for higher education qualifications, the Framework for Higher Education Qualifications in England, Northern Ireland and Wales (FHEQ) and the Scottish Credit and Qualifications Framework (SCQF). These define a hierarchy of levels and describe the achievement expected at each level. The information provided shows how OU postgraduate modules correspond to these frameworks.
OU Postgraduate
Study method
Distance learning
Module cost
See Module registration
Entry requirements

Find out more about entry requirements.

What you will study

"In today’s high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their systems of internal control" (Nigel Turnbull, from the foreword of the book IT Governance: A Manager’s Guide to Data Security BS 7799/ISO 17799).

Taking a practice-based approach based upon an organisation you are familiar with, this module provides the foundational knowledge, understanding, analysis and synthesis that you need to develop a practical information security management system, to the standard set by the ISO 27000 family of standards (particularly 27001 and 27002). You will also acquire the personal development skills that you need to keep abreast of important development in a rapidly developing field.

The module is structured into strands. The main strand has three independent units written to support and extend the module book.

An introduction to information security
You will begin by learning about the current requirements on, and the incentives for, organisations to implement information security. Next, you will study the foundations of the subject, learning to identify and value information as an organisational asset. The protection of information assets is the subject of the British standards, around which this module is based. This unit outlines the processes required to satisfy the requirements of these standards.

Information security risk assessment
This unit places in context the issues involved in information security risk assessment, as required by the standard. You will examine the risks that may arise in all relevant aspects of an organisation's operations, including human factors, ecommerce, web services and systems development. You will learn how to conduct a systematic risk assessment that leads to a prioritised list of information security risks for an organisation, and the requirements for their treatment.

The unit concludes with an assignment in which you will carry out a risk assessment for your chosen organisation, based on the information contained in the British standards and the module book.

Information security risk management
In this unit you will complete your study of the development of a fit-for-purpose information security management system through the management of information security risks. You will learn how to be systematic in the choice of controls that treat specific risks, and how to produce the documentation required by the relevant British standards. You’ll fully explore the technologies that underpin the standard's controls, and complete the unit by considering the topic of planning for when things do go wrong.

The other strands cover professionalism, home information security, information security research, and exploring the leading edge of information security.

This module makes extensive use of videos, podcasts, blogs and other web resources to support your learning. At the end of the module you will be required to carry out some independent research into an issue in information security management, analysing and evaluating the results of your research for presentation in the end-of-module assessment.

The module is based on the current version of the Information Security standard against which an Information Security Management System would be assessed.

Teaching and assessment

Support from your tutor

Throughout your module studies, you’ll get help and support from your assigned module tutor. They’ll help you by:

  • Marking your assignments (TMAs) and providing detailed feedback for you to improve.
  • Guiding you to additional learning resources.
  • Providing individual guidance, whether that’s for general study skills or specific module content.
  • Facilitating online discussions between your fellow students, in the dedicated module and tutor group forums.


The assessment details can be found in the facts box.

Course work includes

3 Tutor-marked assignments (TMAs)
End-of-module assessment

Future availability

Information security (M811) starts once a year – in November.

This page describes the module that will start in November 2024.

We expect it to start for the last time in November 2028.


As a student of The Open University, you should be aware of the content of the academic regulations which are available on our Student Policies and Regulations website.

Entry requirements

It is expected that you will hold a bachelors degree (or equivalent) in computing or a related discipline, or alternatively have at least three years relevant industry experience.

Your spoken and written English must be of an adequate standard for postgraduate study. If English is not your first language, we recommend that you will need a minimum overall score of 6 and minimum score of 5.5 in each of the four components: reading, writing, speaking and listening under the International English Language Testing System (IELTS). Please see the IELTS website for details.

If you have any doubt about the suitability of the module, please speak to an adviser.


Start End England fee Register
01 Nov 2024 Apr 2025 £1660.00

Registration closes 03/10/24 (places subject to availability)

This module is expected to start for the last time in November 2028.

Future availability

Information security (M811) starts once a year – in November.

This page describes the module that will start in November 2024.

We expect it to start for the last time in November 2028.

Additional costs

Study costs

There may be extra costs on top of the tuition fee, such as set books, a computer and internet access.

Ways to pay for this module

We know there’s a lot to think about when choosing to study, not least how much it’s going to cost and how you can pay.

That’s why we keep our fees as low as possible and offer a range of flexible payment and funding options, including a postgraduate loan, if you study this module as part of an eligible qualification. To find out more, see Fees and funding.

Study materials

What's included

This module is only presented online - there are no printed materials.

All the study materials will be available from the module website including: details of how to download and install Nessus software; three units of core texts; the continuous assessment; the end-of-module assessment and exercises and podcasts to support the teaching.

In addition you will have access to download your own copy of the module book - IT Governance: An International Guide to Data Security and ISO27001/ISO27002.

Computing requirements

You’ll need broadband internet access and a desktop or laptop computer with an up-to-date version of Windows (10 or 11) or macOS Ventura or higher.

Any additional software will be provided or is generally freely available.

To join in spoken conversations in tutorials, we recommend a wired headset (headphones/earphones with a built-in microphone).

Our module websites comply with web standards, and any modern browser is suitable for most activities.

Our OU Study mobile app will operate on all current, supported versions of Android and iOS. It’s not available on Kindle.

It’s also possible to access some module materials on a mobile phone, tablet device or Chromebook. However, as you may be asked to install additional software or use certain applications, you’ll also require a desktop or laptop, as described above.

If you have a disability

The materials for this module are provided as a series of web pages via the module website and should be accessible using screen readers. You will be required to interact with Nessus software which is 508 compliant; Section 508 was enacted to eliminate barriers in information technology, to make available new opportunities for disabled people, and to encourage development of technologies that will help achieve these goals.

We provide descriptions of any diagrams along with transcripts of any audio material. Some online material may not be available or fully accessible using a screen reader (and mathematical and scientific materials may be particularly difficult to read in this way).

To find out more about what kind of support and adjustments might be available, contact us or visit our disability support pages.

Request your prospectus

Our prospectuses help you choose your course, understand what it's like to be an OU student and register for study.

Request prospectus