PROGRAMME SPECIFICATION POSTGRADUATE PROGRAMMES KEY FACTS Programme name Masters in Management of Information Security and Risk Award MSc School School of Mathematics, Computer Science and Engineering Department or equivalent Computer Science Programme code PSINSR Type of study Part time Total UK credits 180 Total ECTS 90 Partner (partnership programmes only) Type of partnership PROGRAMME SUMMARY This Masters course provides you, as an experienced professional with about 5 years of relevant experience, with the breadth of knowledge needed to progress to a management role in information security and risk. It covers both technical issues such as information security, quantitative risk assessment, and assurance, and more business oriented issues such as information leadership, enterprise architecture, and professional skills. Concerns about cyber security and information risk have led to a growing need for technical specialists in security, but there is also a need for more senior professionals with an awareness of both the technical and the business issues who can bridge the gap between IT security and business risk. As such a professional, you would be responsible for drawing up organisation strategies for managing risk, identifying trade-offs between multiple risks and the cost of protection, and advising higher management on these issues. Typical roles might include Security Architect, Chief Information Risk Manager, or Chief Security Officer. POSTGRADUATE CERTIFICATE IN Management of Information Security and Risk (Information Security Stream) The first exit point is the Postgraduate Certificate in Management of Information Security and Risk (Information Security Stream) which you are able to achieve through successful completion of INM416, INM412, INM415 and INM419 modules. For all of you completing the Postgraduate Certificate in Management of Information Security and Risk (information Security Stream) you will be able to write, and assess security policies, identify risks to information security and appropriate information assurance controls, identify the implications of applicable regulations and standards for an information assurance management problem, summarise complex information about information risks and strategies coherently and present it to others in a structured and professional manner using oral and written presentation skills, critically evaluate the basic principles, theories and models used in how the information leader acts in an organisation, critically evaluate the role of human performance and human limitations in the dependability of a socio-technical system, identify the role of organisational factors in system resilience, undertake critical evaluation (theoretical and empirical) of alternative assurance case 1
solutions, identify the types of claims, arguments and evidence that can be credibly used for computer based systems, as well as the implications of applicable regulations and standards. The assessments you undertake to achieve this qualification will focus on activities that you need to undertake either as part of your role or to support you in developing your practice. POSTGRADUATE CERTIFICATE IN Management of Information Security and Risk (Information Risk Stream) An alternative exist point to the first exit point above is the Postgraduate Certificate in Management of Information Security and Risk (Information Risk Stream) which you are able to achieve through successful completion of INM417, INM414, INM413 and INM418 modules. For all of you completing the Postgraduate Certificate in Management of Information Security and Risk (Information Risk Stream) you will be able to identify risk containment needs and produce preliminary analyses of possible defences selected from both avoidance and mitigation techniques - both technical and organisational, identify basic cost-benefit trade-offs in the application of defences for risk mitigation, produce arguments to make management aware of risk and of the need for risk control investment, recognise basic fallacies in such arguments, construct logical probabilistic arguments about uncertainty and risk, identify fallacious reasoning in statistical reports / probabilistic arguments about risk, develop an appropriate probabilistic model and use it to assess risk(s) in the context of an outlined computer based system, analyse own professional development and that of others, formulate strategies for using negotiation and influencing in professional practice, communicate with impact and empathy, and use communication skills to develop personal impact and others, analyse management roles in complex situations, including commercial, legal, ethical and sustainability issues, reflect on own and others' behaviour in order to improve performance and practice. The assessments you undertake to achieve this qualification will focus on activities that you need to undertake either as part of your role or to support you in developing your practice. POSTGRADUATE DIPLOMA IN Management of Information Security and Risk may be achieved if you have successfully met the requirements of both of the Postgraduate Certificate awards mentioned above. For all of you completing the Postgraduate Diploma in Academic Practice you will be able to do ALL of the items listed under BOTH the certificate routes above. The assessments you undertake to achieve this qualification will again focus on activities related to your role and developments you wish to implement or examine further. MSc in Management of Information Security and Risk, you must in addition to achieving the requirements for the Postgraduate Diploma award - complete successfully the Dissertation module INM363. For all of you completing the MSc in in Management of Information Security and Risk in addition to the above you will spend the project module examining one (or combination of) aspect of information security and risk. The INM363 module will provide more details on the expected content of the dissertation. 2
WHAT WILL I BE EXPECTED TO ACHIEVE? On successful completion of this programme, you will be expected to be able to: Knowledge and understanding Demonstrate knowledge of information risk, security and resilience in their technical, socio-technical and organisational aspects Demonstrate an ability to assess and develop strategies for security and risk management Evaluate various forms of risk analyses according to techniques specific to the security, reliability and human factors communities, and relate them together in a system view Understand and assess professional level reporting, presentation and negotiation strategies Skills: Design plans and strategies for security, dependability, risk and assurance, with critical evaluation of alternative strategies and design solutions, using a variety of approaches including quantitative methods Present to higher management the cases for good security/risk containment actions and against inappropriate actions Take into account psychological and social factors in the operation of systems and organisations Develop and analyse models of technical and business systems and processes Research, critically evaluate and use research and technical literature relating to security and risk in computer based systems Values and attitudes: Define a security culture taking overall responsibility at the corporate level Educate both superiors and juniors about the relationship between security, risk and business effectiveness React to risk rationally by applying the systematic approach taught HOW WILL I LEARN? You will be taught using a variety of teaching methods, including formal lectures, seminars, group work and tutorials (guided group sessions). Lectures will be delivered by academics, practitioners and outside experts to relate theory to current practice, and you will be encouraged to share your experience with other students via debate and discussion. The style of teaching will take into account your prior experience as an IT professional. The aim is to provide a structured context based on a set of pre-determined learning outcomes in which you can consolidate and develop your existing knowledge and skills, share your experience with other students, and incorporate what you learn into your professional practice. WHAT TYPES OF ASSESSMENT AND FEEDBACK CAN I EXPECT? 3
Assessment and Assessment Criteria Overview Coursework is the main form of assessment. Coursework mainly relies on autonomous work requiring the various abilities to be demonstrated; it may be specified as individual or group work, with indications of how individual contributions will be assessed; and can be specified to be submitted as written essays or reports and/or oral presentations. What do I have to do to pass? Assessment Criteria and Grade-Related Criteria will be made available to students to support them in completing assessments. These will be provided in module specifications, on the virtual learning environment or attached to a specific assessment task (coursework, exam). Feedback on assessment Feedback will be provided in line with our Assessment and Feedback Policy. In particular, you will normally be provided with feedback within three weeks of the submission deadline or assessment date. This would normally include a provisional grade or mark. For end of module examinations or an equivalent significant task (e.g. an end of module project), feedback will normally be provided within four weeks. The timescale for feedback on final year projects or dissertations may be longer. The full policy can be found at: https://www.city.ac.uk/ data/assets/pdf_file/0008/68921/assessment_and_feedback_p olicy.pdf Assessment Regulations In order to pass your Programme, you should complete successfully or be exempted from the relevant modules and assessments and will therefore acquire the required number of credits. The Pass mark for each module is 50%. If you fail an assessment component or a module, the following will apply: 1. Compensation: where you fail up to a total of 20 credits at first or resit attempt (15 for a Postgraduate Certificate), you may be allowed compensation if: Compensation is permitted for the module involved (see the module specification), and It can be demonstrated that you have satisfied all the Learning Outcomes of the modules in the Programme, and A minimum overall mark of no more than 10 percentage points below the module pass mark has been achieved in the module to be compensated, and An aggregate mark of 50% has been achieved overall. If you receive a compensated pass in a module you shall be awarded the credit for that 4
module. The original component marks shall be retained in the record of marks and the greater of the original module mark and the minimum pass mark for the module shall be used for the purpose of calculation towards the Award. 2. Resit: you will normally be offered one resit attempt. However, if you did not participate in the first assessment and have no extenuating circumstances, you may not be offered a resit. If you are successful in the resit, you shall be awarded the credit for that module. The mark used for the purpose of calculation towards your Award shall be calculated from the original marks for the component(s) that you passed at first attempt and the minimum pass mark for the component(s) for which you took a resit. If you do not satisfy your resit by the date specified you will not progress and the Assessment Board shall require that you withdraw from the Programme. If you fail to meet the requirements for the Programme, but satisfy the requirements for a lower-level Award, then a lower qualification may be awarded as per the table below. If you fail to meet the requirements for the Programme and are not eligible for the award of a lower level qualification, the Assessment Board shall require that you withdraw from the Programme. If you would like to know more about the way in which assessment works at City, please see the full version of the Assessment Regulations at: http://www.city.ac.uk/ data/assets/word_doc/0003/69249/s19.doc WHAT AWARD CAN I GET? Master s Degree: HE Credits Weighting Class % required Level (%) Taught 7 120 1 With Distinction 70 Dissertation 7 60 1 With Merit 60 With Pass 50 Postgraduate Diploma: HE Credits Weighting Class % required Level (%) Taught 7 120 100 With Distinction 70 With Merit 60 With Pass 40 Postgraduate Certificate: HE Credits Weighting Class % required Level (%) Taught 7 60 100 With Distinction 70 With Merit 60 With Pass 40 5
WHAT WILL I STUDY? Taught component Module Title SITS Module Core/ Compensation Level Code Credits Elective Yes/No Information Leadership INM412 15 Core Yes 7 Executive Development INM413 15 Core Yes 7 IT Risk Management INM414 15 Core Yes 7 for effective performance and the prevention of fraud, error and disaster Socio-technical INM415 15 Core Yes 7 Systems Information Security INM416 15 Core Yes 7 Management IT Risk and Resilience INM417 15 Core Yes 7 Quantitative Risk INM418 15 Core Yes 7 Analysis Assurance Cases INM419 15 Core Yes 7 - Dissertation component: Module Title SITS Module Core/ Compensation Level Code Credits Elective Yes/No Individual Project INM363 60 Core No 7 You are normally required to complete all the taught modules successfully before progressing to the dissertation TO WHAT KIND OF CAREER MIGHT I GO ON? Information on possible career paths, alumni destinations etc. This course prepares for a technical management or consultancy role dealing with information risk and information assurance: advising on, formulating, assessing and managing organisational policies regarding IT-related security, business continuity, protection of information integrity etc. Such roles may have names like risk manager, business information security officer, principal security architect. If you would like more information on the Careers support available at City, please go to: http://www.city.ac.uk/careers/for-students-and-recent-graduates. WHAT STUDY ABROAD OPTIONS ARE AVAILABLE? - Not available WHAT PLACEMENT OPPORTUNITIES ARE AVAILABLE? 6
- Placement opportunities are available according to the School of Informatics Internship Scheme WILL I GET ANY PROFESSIONAL RECOGNITION? - British Computer Society to be applied for. HOW DO I ENTER THE PROGRAMME? Applicants should have at least two years experience, normally significantly more, in a graduate/professional level role, or in an approved company graduate development scheme cognate to a security or information assurance role, following a good second class or higher honours degree in a cognate subject, a recognised equivalent from an accredited overseas institution or an equivalent professional qualification. Students need to have good professional English in order to read and write literature of a complex technical nature. For applicants whose first language is not English, the following qualifications will suffice: a first degree from a UK university; a first degree from an overseas institution proving adequate evidence of proficiency in the English language (for example, from institutions in Australia, Canada or the USA); GCE O-level/GCSE English language or English literature (grade C min); Test in English (JMB); Use of English (Oxford, Oxford and Cambridge); CSE English (grade 1); Proficiency in English (Cambridge); score of 7.0 in the English Language Testing Service (IELTS); internet-based score of 107 (or equivalent) in the Test of English as a Foreign Language (TOEFL); satisfactory standard in the verbal section of the Princeton Test (GMAT); other evidence of proficiency in the English language which satisfies the Board of Studies concerned. Applicants for admission will be selected not only by academic ability but also with reference to a wider profile of demonstrable potential for success in a technical IT management career. Applications from mature applicants who have extensive relevant commercial experience, but who do not possess formal academic qualifications will also be considered. The applicants will also be able to apply for entry on any of the modules as part of a CPD route. The same entry criteria will be applied for applications for individual modules as for applicants for the full MSc. Because of this, applicants will be able to build credits for, and switch to, the MSc route at any stage after they have been accepted for any of the modules, though modules taken for CPD may be credited only if a student is admitted to the MSc programme within 2 years of completing the module(s). Version: 2.0 Version date: July 2014 For use from: 2014-15 7