Security management


This module will emphasise the need for good security management. Its aims are to identify the problems associated with security management and to show how various major organisations solve those problems.

Topics covered

  • Risk assessment and risk management
  • Audit
  • Law and regulation
  • Business continuity planning
  • Internal control
  • Standards (including the ISO 27000 family of standards)
  • Policy and procedure
  • Trust and communication

Learning outcomes

If you complete the module successfully, you should be able to:

  • explain the fundamentals of security management.
  • appreciate its main complexities.
  • see how some companies attempt to solve these problems.


This module is assessed by a two-hour unseen written examination.

Essential reading

  • David Sutton et al., Principles of information security management
  • Mark Neocleous, Critique of Security