Information Risk Management and Governance

Various approaches are available concerning the identification, quantification, treatment and monitoring of information risk. There are substantial formal consequences in numerous regulated sectors for failure to deal appropriately with risk. There are substantial informal consequences in all sectors for failure to deal appropriately with risk. This module develops an understanding, both of the risks that digital information and network assets are exposed to, and of how to the manage those risks to the benefit the enterprise; this includes home users, e-commerce, and all organisations using digital networks for infrastructure, both closed and open. Therefore, this module is relevant for the majority of organisations in existence today or likely to exist in the future.

The module equips students to establish and maintain a risk management framework to provide assurance that information security and assurance strategies are aligned with business objectives and consistent with legal and regulatory obligations. A strong focus will be put on cost effectiveness and value to the objectives of the business or enterprise. Various approaches to information risk management and the governance are compared and contrasted. The module also covers business continuity and resilience. There is an emphasis on the practical nature of this process and issues that face managers in the real world.