• Select the most appropriate approach to information risk management for a given organisation or scenario
• Analyse how inadequate information risk management affects organisations across a range of specific sectors

• In the numerous regulated sectors in which you may be working, there are substantial formal consequences for failure to deal appropriately with risk.
• There are also substantial informal consequences in all sectors

Risk management is the identification, assessment and prioritisation of the effects of uncertainty on organisational objectives, followed by the coordinated and economical application of resources to minimise, monitor, and control the combination of: a) the probability of an unfortunate event occurring and b) the negative impact on organisational objectives were the unfortunate event to occur.

Information risk management takes generic risk management and applies it to the information that an organisation values in some way, based on the properties of that information - the restricted availability of sensitive information for example. In the context of this module, the information is anything stored, processed or transmitted digitally.

This module is concerned with systematically addressing threats, vulnerabilities, and the negative consequences that could occur should a threat exploit a vulnerability in any organisation's day-to-day cyber engagement. In this instance, 'organisation' includes the home user, commerce, and any organisation using digital networks.

You'll learn how to establish and maintain a risk management framework to provide assurance that information security and assurance strategies are aligned with business objectives, and consistent with legal and regulatory obligations. There is an emphasis on the practical nature of this process and the real-world issues that face managers.

Module content will cover:

• International standards, certification, risk assessment and accreditation process.
• Organisational life-cycle methodologies and processes.
• Interpreting a security policy as an organisational information security management system (SMS) programme
• Security:

• Operational management
• Overview of incident management
• Information risk
• Implementing a risk management strategy
• Communicating risk and developing uptake
• Information security governance

Delivery and assessment

14 half-day sessions will be regularly spaced across Year 1. Within each half day session, there will be a mix of lecture, tutorial and practical activity.

Assessment is 100% coursework for this module.