About 12. Information Security Management

 Organisations of all sizes need to protect their sensitive information from potential attackers, and simply having up-to-date firewalls, anti-virus and other infrastructure components is not enough to prevent breaches. All physical security devices, the teams who manage them, and the processes surrounding their management, need to be constantly monitored and evaluated to ensure that the organisation as a whole is protected. 

This is the concept behind an Information Security Management System (ISMS). An ongoing process to continually assess what the organisation deems its biggest threats, and what its most important assets are. This unit introduces students to the basic principles of an ISMS and how businesses use them to manage the ongoing protection of sensitive information they hold effectively. There are many reasons for establishing an ISMS for an organisation, but one of the main goals is to enable the organisation to manage information security as a single entity, which can be monitored and continually improved on. 

This unit covers information security management in a business context and will give students an understanding of how modern organisations manage the ongoing threats to their sensitive assets. 

On successful completion of this unit, students will be able to describe what an ISMS is, how one is established, maintained and improved and describe the role that international standards play in developing an ISMS. Students will develop skills such as communication literacy, critical thinking, analysis, reasoning, and interpretation, which are crucial for gaining employment and developing academic competence.