Module Information
Module Identifier
DSM3320
Module Title
INFORMATION ASSURANCE
Academic Year
2010/2011
Co-ordinator
Semester
Distance Learning
Course Delivery
| Delivery Type | Delivery length / details |
|---|---|
| Other | DL materials: printed module book plus VLE activities, discussion forum areas and tutor support |
Assessment
| Assessment Type | Assessment length / details | Proportion |
|---|---|---|
| Semester Assessment | One report/written presentation (equivalent to 2,500-3,000 words) | 60% |
| Semester Assessment | Portfolio of practical exercises | 40% |
| Supplementary Assessment | Submission of supplementary coursework for failed course elements in line with the learning outcomes of the original assignments |
Learning Outcomes
On successful completion of this module students should be able to:
* Critically analyse information assurance in the current IT and security landscape
* Outline system vulnerabilities, evolving threats and mechanisms for mitigating these threats
* Compare the various roles within the IA framework and re-evaluate the changing requirements
- Critique and design policies and plans which align with organisational goals and meet legal and ethical standards
* Apply the information perspective in the IA environment and conceptualise cross disciplinary, cross functional approaches to managing the organisation¿s information securely
* Formulate strategies for implementing IA across an organisation to ensure the confidentiality, integrity and availability of information and information systems
Brief description
Information is the lifeblood of organisations. To preserve its value, skilled professionals must ensure it is protected from loss, theft, or corruption and expertly maintained. Information assurance is the discipline that prepares individuals to protect and defend information and information systems across an enterprise. Broader than simply computer security, IA encompasses policies, planning, technologies, procedures, training and awareness programs, compliance protocols and audit processes ¿ each necessary to safeguard enterprise information.
Whilst the enabling of access and the sharing of data are valid outcomes for any information management programme, the restricting of access, where appropriate, has become equally essential. This may be established on the basis of:
¿ the confidentiality of certain types of data,
¿ the need to preserve the integrity of information which may be presented in courts, tribunals etc., (i.e. proof that data has not been altered subsequently)
¿ the authenticity of its contents (i.e. it can be proven to have been undertaken by the people in question, as part of the activity under review and at the time and date on which it was purported to have occurred).
Content
The content of the module is divided into:
Context:
threats, vulnerabilities and strategic countermeasures in a variety of contexts; system services and strategies that implement IA; the life cycle for IA in an organisational context.
Policies, plans and strategies:
organisational goals through IA policy and plans; the information assurance life cycle through IA planning; the human factors affecting the validity of IA policy and plans; legal and ethical issues related to IA
Roles within the IA framework:
the role and responsibilities of security professionals; the role of risk management in IA decision making; the ability and skills required to maintain currency in IA
The information perspective in the IA environment:
the concepts of information privacy and accountability; the relationship between people and IA practices and technology.
Context:
threats, vulnerabilities and strategic countermeasures in a variety of contexts; system services and strategies that implement IA; the life cycle for IA in an organisational context.
Policies, plans and strategies:
organisational goals through IA policy and plans; the information assurance life cycle through IA planning; the human factors affecting the validity of IA policy and plans; legal and ethical issues related to IA
Roles within the IA framework:
the role and responsibilities of security professionals; the role of risk management in IA decision making; the ability and skills required to maintain currency in IA
The information perspective in the IA environment:
the concepts of information privacy and accountability; the relationship between people and IA practices and technology.
Module Skills
| Skills Type | Skills details |
|---|---|
| Application of Number | |
| Communication | Oral and written communication via tutorials and classroom discussion/online forums in VLE and assessed work |
| Improving own Learning and Performance | Self management: students make their own selections relating to sector for specialisation/directed study through exercises in certain units and assessed work. |
| Information Technology | Students are expected to utilise the VLE, and other technical systems during practical sessions. Coursework requires the application of IT in its presentation. |
| Personal Development and Career planning | Career needs awareness encouraged and assessed through the group project exercise and report |
| Problem solving | Exercises which seek to identify the needs of the organisation and how best these might be met under different operational conditions |
| Research skills | Analysis of sets of resources and their application to a research problem |
| Subject Specific Skills | Professional skills development in embedding Information Assurance in recordkeeping designs and developing risk management plans |
| Team work | Group activities are integral to the teaching of this module, and to classroom exercises. |
Notes
This module is at CQFW Level 7