Unit 25: Information Security Management


Unit code                            F/615/1661

Unit level                            QCF Level 5/ NFQ Level 6/7

Credit value                       15


Introduction

Organisations of all sizes need to protect their sensitive information from potential attackers, and simply  having up-to-date firewalls, anti-virus, and other infrastructure components is not enough to prevent breaches. All physical security devices, the teams who manage them, and the processes surrounding their management need to be constantly monitored and evaluated to ensure the organisation as a whole is protected. This is the concept behind an Information Security Management System (ISMS). An ongoing process to continually assess what the organisation deems its biggest threats, and what its most important assets are.

This unit introduces students to the basic principles of an ISMS and how businesses use them to effectively manage the ongoing protection of sensitive information they hold. There are many reasons for establishing  an ISMS for an organisation, but one of the main goals is to enable the organisation to manage information security as a single entity which can be monitored  and continually improved upon.

This unit considers information security management in a business context and will allow students to understand how modern  organisations  manage  the ongoing threats to their sensitive assets.

On successful completion of this unit students will be able to describe what an ISMS is, how one is established, maintained and improved, and describe the role international standards play in developing  an ISMS. As a result students will develop skills such as communic ation literacy, critical thinking,  analysis, reasoning and interpretation, which are crucial for gaining employment  and developing academic competence.

 

Learning  Outcomes

By  the end of this unit students will be able to:

LO1.     Explore  the basic principles of information security management.

LO2.     Critically assess how an organisation can impleme nt and maintain an Information Security Management System (ISMS).

LO3.     Appraise  an ISMS and describe any weaknesses it may contain.

LO4.     Examine  the strengths and weaknesses of impleme nting ISMS standards.