Page Navigation

Module Descriptors

This page displays the selected Module Descriptor.

Printer friendly version Printer friendly version

Session: 2022/23

Last modified: 21/07/2022 15:49:06

Title of Module: Information Security Management

Code: COMP09086 SCQF Level: 9
(Scottish Credit and Qualifications Framework)
Credit Points: 20 ECTS: 10
(European Credit Transfer Scheme)
School:School of Computing, Engineering and Physical Sciences
Module Co-ordinator:Henry  Hunter

Summary of Module

Modern businesses face considerable competitive and regulatory pressure to understand, leverage and safeguard information. Effective information security management policy, education and technical controls will be critical to success and perhaps ultimately to survival.

This module provides an overview of the key concepts, practices and technologies of holistic information security management. In addition, students will gain practical experience in the analysis and assessment of information security in a realistic or simulated business environment.

On completion of this module, students should be able to demonstrate knowledge and understanding of the key concepts relating to information security management (confidentiality, integrity, availability, etc.), current national and international legislation and standards which impact upon information security management, frameworks and organisations which support the management of information security, the current business technology environments in which information security management must operate, and the categorisation, operation and effectiveness of different types of procedural and technical information security controls.

Undertaking this module should develop a range of graduate attributes. Students will be encouraged to develop their research and critical faculties by researching topics of interest. Information privacy is a recurring theme and should stimulate awareness of ethical issues. As part of the coursework, students will also have an opportunity to work together to solve problems and build on their communication skills.

Module Delivery Method
Face-To-FaceBlendedFully OnlineHybridCHybridOWork-based Learning
check markcheck mark

Term used to describe the traditional classroom environment where the students and the lecturer meet synchronously in the same room for the whole provision.

A mode of delivery of a module or a programme that involves online and face-to-face delivery of learning, teaching and assessment activities, student support and feedback. A programme may be considered “blended” if it includes a combination of face-to-face, online and blended modules. If an online programme has any compulsory face-to-face and campus elements it must be described as blended with clearly articulated delivery information to manage student expectations

Fully Online
Instruction that is solely delivered by web-based or internet-based technologies. This term is used to describe the previously used terms distance learning and e learning.

Online with mandatory face-to-face learning on Campus

Online with optional face-to-face learning on Campus

Work-based Learning
Learning activities where the main location for the learning experience is in the workplace.

Campus(es) for Module Delivery
The module will normally be offered on the following campuses / or by Distance/Online Learning: (Provided viable student numbers permit)
Paisley:Ayr:Dumfries:Lanarkshire:London:Distance/Online Learning:Other:
check mark


check markcheck mark


check markcheck mark
Term(s) for Module Delivery
(Provided viable student numbers permit).
Term 1


Term 2check markTerm 3


[Top of Page]

Learning Outcomes: (maximum of 5 statements)

On successful completion of this module the student will be able to:

L1. Demonstrate a critical understanding of the concepts and principles of information security management and of its application in a business environment

L2. Demonstrate abilities and practices in the investigation, analysis and definition of requirements for a suitable and viable information security solution in a real or simulated business environment

Employability Skills and Personal Development Planning (PDP) Skills
SCQF Headings During completion of this module, there will be an opportunity to achieve core skills in:
Knowledge and Understanding (K and U) SCQF Level 9.

Understanding the development of international standards for information security management and appreciating the importance of such

Understanding the concepts and principles that underpin current and emerging approaches to information security management

Practice: Applied Knowledge and Understanding SCQF Level 9.

Appreciating the practical aspects of planning for and implementing information security management in a range of businesses

Generic Cognitive skills SCQF Level 9.

Bringing together information from a variety of sources, including academic and industrial technical publications

Communication, ICT and Numeracy Skills SCQF Level 9.

Making effective use of information retrieval systems and information technology applications to present information in an appropriate form

Autonomy, Accountability and Working with others SCQF Level 9.

Identifying and addressing personal learning needs.
Working effectively, together with others in groups or teams, to achieve a time-sensitive deadline and taking a leadership role where appropriate

Exercising initiative, self-management, cooperation, collaboration and self-reflection in the completion of the module coursework

Pre-requisites: Before undertaking this module the student should have undertaken the following:
Module Code:
Module Title:
Co-requisitesModule Code:
Module Title:

* Indicates that module descriptor is not published.

[Top of Page]

Learning and Teaching
Materials will normally be presented face-to-face in a classroom but in exceptional circumstances blended learning strategies may be adopted.
Learning Activities
During completion of this module, the learning activities undertaken to achieve the module learning outcomes are stated below:
Student Learning Hours
(Normally totalling 200 hours):
(Note: Learning hours include both contact hours and hours spent on other learning activities)
Lecture/Core Content Delivery20
Tutorial/Synchronous Support Activity10
Personal Development Plan10
Independent Study160
200 Hours Total

**Indicative Resources: (eg. Core text, journals, internet access)

The following materials form essential underpinning for the module content and ultimately for the learning outcomes:

Required Resources: Internet and VLE (Moodle) materials.

Extension Resources (*):

* Alexander, D. et al. (2020) Information Security Management Principles, 3rd ed., British Computer Society.

* Andress, J. (2019) Foundations of Information Security, Kindle Edition, No Starch Press.

* Ciampa, M. (2016) Security Awareness: Applying Practical Security in Your World, 5th ed., Cengage Learning.

* Harris, S. and Maymi, F. (2018) CISSP All-in-One Exam Guide, 8th ed., McGraw-Hill Education.

* Whitman, M. and Mattord, H. (2017) Principles of Information Security, 6th ed., Cengage Learning.

(**N.B. Although reading lists should include current publications, students are advised (particularly for material marked with an asterisk*) to wait until the start of session for confirmation of the most up-to-date material)

Engagement Requirements

In line with the Academic Engagement Procedure, Students are defined as academically engaged if they are regularly engaged with timetabled teaching sessions, course-related learning resources including those in the Library and on the relevant learning platform, and complete assessments and submit these on time. Please refer to the Academic Engagement Procedure at the following link: Academic engagement procedure

[Top of Page]

Supplemental Information

Programme BoardComputing
Assessment Results (Pass/Fail) No
Subject PanelBusiness and Applied Computing
ModeratorStephen Devine
External ExaminerT Gaber
Accreditation Details
Version Number


[Top of Page]

Assessment: (also refer to Assessment Outcomes Grids below)
Online assessment (individual) worth 50% of the final module mark.
Coursework assessment worth 50% of the final module mark.
(N.B. (i) Assessment Outcomes Grids for the module (one for each component) can be found below which clearly demonstrate how the learning outcomes of the module will be assessed.
(ii) An indicative schedule listing approximate times within the academic calendar when assessment is likely to feature will be provided within the Student Handbook.)

Assessment Outcome Grids (Footnote A.)

Component 1
Assessment Type (Footnote B.) Learning Outcome (1) Learning Outcome (2) Weighting (%) of Assessment ElementTimetabled Contact Hours
Class test (written)check mark 502

Component 2
Assessment Type (Footnote B.) Learning Outcome (1) Learning Outcome (2) Weighting (%) of Assessment ElementTimetabled Contact Hours
Report of practical/ field/ clinical work check mark500
Combined Total For All Components100% 2 hours

A. Referred to within Assessment Section above
B. Identified in the Learning Outcome Section above

[Top of Page]

  1. More than one assessment method can be used to assess individual learning outcomes.
  2. Schools are responsible for determining student contact hours. Please refer to University Policy on contact hours (extract contained within section 10 of the Module Descriptor guidance note).
    This will normally be variable across Schools, dependent on Programmes &/or Professional requirements.

Equality and Diversity
This module is suitable for any student. The assessment regime will be applied flexibly so that a student who can attain the practical outcomes of the module will not be disadvantaged. When a student discloses a disability, or if a tutor is concerned about a student, the tutor in consultation with the School Enabling Support coordinator will agree the appropriate adjustments to be made. (N.B. Every effort will be made by the University to accommodate any equality and diversity issues brought to the attention of the School). Students should note that the language of instruction is English and that they will need to have a reasonable grasp of the language in order to keep abreast of the teaching materials and in submitting assessed work.

Every effort will be made by the University to accommodate any equality and diversity issues brought to the attention of the School.
UWS Equality and Diversity Policy
(N.B. Every effort will be made by the University to accommodate any equality and diversity issues brought to the attention of the School)

2014 University of the West of Scotland

University of the West of Scotland is a Registered Scottish Charity.

Charity number SC002520.