Select the most appropriate approach to information risk management for a given organisation or scenario
Analyse how inadequate information risk management affects organisations across a range of specific sectors
- In the numerous regulated sectors in which you may be working, there are substantial formal consequences for failure to deal appropriately with risk.
- There are also substantial informal consequences in all sectors
Risk management is the identification, assessment and prioritisation of the effects of uncertainty on organisational objectives, followed by the coordinated and economical application of resources to minimise, monitor, and control the combination of: a) the probability of an unfortunate event occurring and b) the negative impact on organisational objectives were the unfortunate event to occur.
Information risk management takes generic risk management and applies it to the information that an organisation values in some way, based on the properties of that information - the restricted availability of sensitive information for example. In the context of this module, the information is anything stored, processed or transmitted digitally.
This module is concerned with systematically addressing threats, vulnerabilities, and the negative consequences that could occur should a threat exploit a vulnerability in any organisation's day-to-day cyber engagement. In this instance, 'organisation' includes the home user, commerce, and any organisation using digital networks.
You'll learn how to establish and maintain a risk management framework to provide assurance that information security and assurance strategies are aligned with business objectives, and consistent with legal and regulatory obligations. There is an emphasis on the practical nature of this process and the real-world issues that face managers.
Module content will cover:
- International standards, certification, risk assessment and accreditation process.
- Organisational life-cycle methodologies and processes.
- Interpreting a security policy as an organisational information security management system (SMS) programme
- Operational management
- Overview of incident management
- Information risk
- Implementing a risk management strategy
- Communicating risk and developing uptake
- Information security governance
Delivery and assessment
14 half-day sessions will be regularly spaced across Year 1. Within each half day session, there will be a mix of lecture, tutorial and practical activity.
Assessment is 100% coursework for this module.
A level: AAB (STEM subjects preferred)
IB: 36 points (STEM subjects preferred), with a minimum of 4 in English
Degree of Bachelor of Science (BSc)
3 years full time (30 weeks per academic year)
Find out more about fees and funding
How to apply Undergraduate admissions