risk_and_information_management

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		 Previous revision
risk_and_information_management [2020/03/17 16:27] – created bobrisk_and_information_management [2025/08/27 08:38] (current) – [Module UFCFMU-30-3 Level 6 30 credits] mark
Line 1: Line 1:
 ====== Risk and information management ====== ====== Risk and information management ======
  
-==== Module CY302 (temporary code) ====+==== Module UFCFMU-30-3 Level 6 30 credits ====
  
-===== All information on this page is subject to validation and may change =====+=== Module team leader: Anisa Elezi ===
  
-=== Module team leaderLeonard Shand ===+{{:cyberdegree:risk_and_information_management.pdf|Module specification}}
  
-{{ :cyberdegree:cy204_info_security.docx |Module specification}} 
  
 ==== Overview ==== ==== Overview ====
  
 Risk assessments are used to identify, estimate, and prioritize risk to organisational operations (i.e., mission, functions, image, finance and reputation), organisational assets, individuals and other organisations, resulting from the operation and use of information systems. Risk assessments are used to identify, estimate, and prioritize risk to organisational operations (i.e., mission, functions, image, finance and reputation), organisational assets, individuals and other organisations, resulting from the operation and use of information systems.
 +
 In order to assess risk, the systems need to be explored for weaknesses, either technical or social. Reconnaissance methods emulate those of attackers. In order to assess risk, the systems need to be explored for weaknesses, either technical or social. Reconnaissance methods emulate those of attackers.
 +
 This module examines:  This module examines: 
   *the methods and roles of those involved in attacking systems    *the methods and roles of those involved in attacking systems 
   *analysing system weaknesses    *analysing system weaknesses 
   *assessing the associated risks and managing them     *assessing the associated risks and managing them  
- 
-  
  
 You will cover: You will cover:
-  *information management concepts, e.g.: +  *the role of information security awareness and training  
-     *information storage and retrieval; +  *behavioural analysis and security culture management in maintaining good information security  
-     *information capture and representation; +  *the motivations and ways of thinking of different classes of threat actorscriminal intentactivismstate actors, hackers, and how this drives the behaviour of the threat actors  
-     *searchingretrievinglinkingnavigating  +  *tailoring mitigations for the different classes of threat actor  
-  *database concepts, e.g.: +  *social engineering and phishing  
-     *components of database systems; +  *insider threat  
-     *design of core DBMS functions (e.g. query mechanisms, access methods);  +     *malicious intent and human error  
-     *database architecture and query language  +  *usable security 
-  *big datae.g.+  *creation of a reasoned argument employing evidence to support a position  
-     *benefits and limitations +  *how threat actors’ actions appear in typical sources of information  
-     *components and architectures employed in systems for big data (e.g. Hadoop cluster)  +  *sourcing intelligence ethically so that it may be used as required  
-     *tools and techniques for analysing large heterogeneous data sets, including statistics +  *methods attackers/threat actors may use to build knowledge of a system they have limited or no direct access tosuch as:  
-     *graph theory +     *phishing  
-  *key concepts and benefits of information security management system  +     *exploiting an insider  
-  *internationally recognised standards – e.g., ISO27001, or similar  +     *port scanning  
-  *governance, organisational structure, roles, policies, standards and guidelines for cyber and information security  +  *open source intelligence  
-  *how an organisation’s security policiesstandards and governance are supported by provisioning and access rights – e.g.how identity and access management are implemented and maintained for database application or physical access control system  +  *asset valuation and management concepts  
-  *how cyber security policies and procedures are used in different organisational environments and affect individuals and organisations  +  *risk analysis methodologies in common use  
-  *the roles of experts in the cyber security industryhow they are recognisedand the work they do.  +  *risk appetite and risk tolerance concepts  
-  *how to use organisations such as a CERTOSINT providerincident response provider +  *economics of security concepts 
 +  *different ways of treating risk (mitigatetransferaccept etc.)  
 +  *principles of system risk modelling a system risk modelling methodology 
 +  *an enterprise modelling technique such as UML 
 +  *risk assessment and risk management methodologies  
 +  *approaches to risk treatment (mitigatetransferaccept, etc. 
 +  *risk management in practice  
 +     *examples such as technicalbusiness processor other  
 +  *description of risk in qualitative, quantitative, or mixed terms  
 +  *role of risk owner, contrasting role with other stakeholders  
  
  
Line 48: Line 57:
 The full assignment brief will be placed here when it is issued The full assignment brief will be placed here when it is issued
  
-=== Component A: Practical portfolio ===+=== Component A: Oral Examination ===
  
-Issued: Start of block release week 1+Issued: End of block release week 2
  
 Due: Start of block release week 3 Due: Start of block release week 3
  
-Part 1: Apprentices will design, create and use database through DBMS and explain information concepts (1,500 words or equivalent) +Apprentices will be provided with case study of system (in document and physical formfor them to perform complete risk assessment. They will submit a notebook of their findings and methodswhich will inform a 30 minute oral examination of their work. 
-Part 2: Apprentices will extract and present data (including graphsfrom large dataset. They will explain potential issues with the management of large datasets (1,500 words)+This assessment also serves as a preparation for an End-Point-Assessment.  
  
  
-=== Component B: Presentation (30 minutes)  ===+=== Component B: Report  ===
  
 Issued: End of block release week 3 Issued: End of block release week 3
Line 64: Line 73:
 Due: Start of block release week 1 of next module Due: Start of block release week 1 of next module
  
-A presentation of an information security plan for the apprentice’s organisation. It should cover: +Apprentices will undertake a research-based assignment in which they investigate the (theoretical) roles and actions that people play in cyber security, both beneficial and harmful. They will write a 1500 word report on their findings. 
-  *Compliance with ISO27001 +
-  *The organisation’s security policies and procedures +
-  *The use of CERT and OSINT +
  
  
Line 76: Line 82:
 ==== Submission details ==== ==== Submission details ====
  
-To be added+All assignments will be submitted and feedback given on the UWE Blackboard system 
  
-==== Reading lists ====+==== Reading list (link to UWE library system) ====
  
-To be added+[[https://rl.talis.com/3/uwe/lists/F434F272-1DFF-02C5-4E0C-B604B66633BE.html|Link]]
  
 ==== Communication ==== ==== Communication ====
  
-All questions about this module, after the course commences, should be initially directed to the module leader. Prior to that contact Bob Higgie bob.higgie@gloscol.ac.uk+All questions about this module should be directed to the module leader. 
  
 Please contact via email, which is monitored continuously Please contact via email, which is monitored continuously
  
  
-==== Advice and support ==== 
  
-To be added 
  • risk_and_information_management.1584462423.txt.gz
  • Last modified: 2020/09/18 13:16
  • (external edit)