IY2S510 - Compliance and Risk Management   01 Jul 2022 - 31 Aug 2028 | Version 1

Associated Module Information

Module Code: IY2S510
Module Title: Compliance and Risk Management  
Faculty: Faculty of Computing, Engineering and Science
Faculty Group: Cyber Security
Faculty Sub Group: Cyber Security
Module Leader: Emma Derbi
Module Team: Joshua Richards, Rachael Medhurst, Andrew Bellamy, Sharan Johnstone, Beth Jenkins, Peter Eden, Richard Ward, Arun Kumar, Nisha Rawindaran
First Intended Intake: SEP 2022 Final Year of Intake:
Date Closed:
Credit Value: 20 Credit Level: 5
Language: English
Percentage of Module Taught in Welsh: 0
Equivalent Module:
HECOS codes: 100376 - computer and information security
HECOS Code Weighting: 100

Document Version Information

Version 1
Valid From 01 Jul 2022
Valid To 31 Aug 2028

Module Aims

To develop an ability to evaluate and analyse the underlying principles of strategic risk management, governance and compliance strategies in order to manage a corporate information security governance infrastructure at the strategic and tactical levels.

To provide knowledge of the tools, techniques, frameworks and legislation associated with regulatory governance and compliance.

Content Summary

  • Introduction to IT Governance and risk management.

  • Audit process & project management.

  • Quality assurance & Governance/Management of IT/GDPR.

  • IT Related Frameworks (ISO 27001, 27002, ITIL, COBIT, NIST etc.) & Organisational Structure.

  • System Performance Management, Identity and Access Management & Enterprise Architecture.

  • Change/patch/release/incident Management

  • Incident Analysis and Response

Learning and Teaching Methods

Activity Type Hours
Online Lecture 12
Practical 24
Independent Study 91
Directed Study 60
Formative Assessment - Scheduled 1
Prerecorded Lecture 12
Total Hours Selected 200

Learning Outcomes

# Learning Outcome
LO1 To evaluate and analyse the tools, techniques, principles and practices associated with Cyber Governance and Compliance.
LO2 To evaluate corporate governance strategies to mitigate risk.

Module Requisites

N/A

Assessment Criteria

Assessment Category Assessment Type Description Duration Word Count Weight (%) Best of? Pass Mark
Synchronous Onsite Oral Assessment Presentation (Synchronous Onsite) 1 A presentation on a compliance and risk topic where knowledge and presentation skills are assessed 15 N/A 30 No 40
Asynchronous Assessment Project 1 A project focused on the research and analysis of cyber security governance and utilised to develop governance principles for a specified set of systems 0 1500 70 No 40

Assessment Matrix

Assessment Type Learning Outcomes
LO1 LO2
Presentation (Synchronous Onsite) 1
Project 1

Reading List

Essential Reading:

Blokdyk, G. (2018), ISO 31000: A complete guide

Wens, C. (2019), ISO 27001 Handbook, independently published.

Wright, C. (2016), Fundamentals of Information Risk Management Auditing, Ely, IT Governance Publishing.

Recommended Reading:

BS ISO/IEC 27001: Information technology - Security techniques. Information security management systems. ISO. British Standards Institute.

BS ISO/IEC 27002: Information technology - Security techniques. Code of practice for information security management. ISO. British Standards Institute.

Cascarino, R. (2012), Auditors Guide to IT Auditing, (2nd Edition), New Jersey .

Online Version:

https://rl.talis.com/3/southwales/lists/AE586403-6F73-ECF3-D8DB-06F77728B72F.html?lang=en&login=1