risk_and_information_management

This is an old revision of the document!

Risk and information management

Module CY302 (temporary code)

All information on this page is subject to validation and may change

Module team leader: Leonard Shand

Module specification

Overview

Risk assessments are used to identify, estimate, and prioritize risk to organisational operations (i.e., mission, functions, image, finance and reputation), organisational assets, individuals and other organisations, resulting from the operation and use of information systems. In order to assess risk, the systems need to be explored for weaknesses, either technical or social. Reconnaissance methods emulate those of attackers. This module examines:

  • the methods and roles of those involved in attacking systems
  • analysing system weaknesses
  • assessing the associated risks and managing them

You will cover:

  • information management concepts, e.g.:
    • information storage and retrieval;
    • information capture and representation;
    • searching, retrieving, linking, navigating
  • database concepts, e.g.:
    • components of database systems;
    • design of core DBMS functions (e.g. query mechanisms, access methods);
    • database architecture and query language
  • big data, e.g.:
    • benefits and limitations
    • components and architectures employed in systems for big data (e.g. Hadoop cluster)
    • tools and techniques for analysing large heterogeneous data sets, including statistics
    • graph theory
  • key concepts and benefits of information security management system
  • internationally recognised standards – e.g., ISO27001, or similar
  • governance, organisational structure, roles, policies, standards and guidelines for cyber and information security
  • how an organisation’s security policies, standards and governance are supported by provisioning and access rights – e.g., how identity and access management are implemented and maintained for a database application or physical access control system
  • how cyber security policies and procedures are used in different organisational environments and affect individuals and organisations
  • the roles of experts in the cyber security industry, how they are recognised, and the work they do.
  • how to use organisations such as a CERT, OSINT provider, incident response provider

Assignment Brief

The full assignment brief will be placed here when it is issued

Component A: Practical portfolio

Issued: Start of block release week 1

Due: Start of block release week 3

Part 1: Apprentices will design, create and use a database through a DBMS and explain information concepts (1,500 words or equivalent) Part 2: Apprentices will extract and present data (including graphs) from a large dataset. They will explain potential issues with the management of large datasets (1,500 words)

Component B: Presentation (30 minutes)

Issued: End of block release week 3

Due: Start of block release week 1 of next module

A presentation of an information security plan for the apprentice’s organisation. It should cover:

  • Compliance with ISO27001
  • The organisation’s security policies and procedures
  • The use of CERT and OSINT

Submission details

To be added

Reading lists

To be added

Communication

All questions about this module, after the course commences, should be initially directed to the module leader. Prior to that contact Bob Higgie bob.higgie@gloscol.ac.uk

Please contact via email, which is monitored continuously

Advice and support

To be added

  • risk_and_information_management.1584462423.txt.gz
  • Last modified: 2020/09/18 13:16
  • (external edit)