Organisations of all sizes need to protect their sensitive information from potential attackers, and simply having up-to-date firewalls, anti-virus, and other infrastructure components is not enough to prevent breaches. All physical security devices, the teams who manage them, and the processes surrounding their management need to be constantly monitored and evaluated to ensure the organisation as a whole is protected. This is the concept behind an Information Security Management System (ISMS). An ongoing process to continually assess what the organisation deems its biggest threats, and what its most important assets are.
This unit introduces students to the basic principles of an ISMS and how businesses use them to effectively manage the ongoing protection of sensitive information they hold. There are many reasons for establishing an ISMS for an organisation, but one of the main goals is to enable the organisation to manage information security as a single entity which can be monitored and continually improved upon.
This unit considers information security management in a business context and will allow students to understand how modern organisations manage the ongoing threats to their sensitive assets.
On successful completion of this unit students will be able to describe what an ISMS is, how one is established, maintained and improved, and describe the role international standards play in developing an ISMS. As a result students will develop skills such as communic ation literacy, critical thinking, analysis, reasoning and interpretation, which are crucial for gaining employment and developing academic competence.
By the end of this unit students will be able to:
LO1. Explore the basic principles of information security management.
LO2. Critically assess how an organisation can impleme nt and maintain an Information Security Management System (ISMS).
LO3. Appraise an ISMS and describe any weaknesses it may contain.
LO4. Examine the strengths and weaknesses of impleme nting ISMS standards.