The protection of information assets underpins the commercial viability and profitability of all enterprises and the effectiveness of public sector organisations. It should not be left to chance. If you work in an organisation concerned (directly or indirectly) with valuable information assets, this practical course will enable you to understand and manage strategic and operational aspects of information security, including IT governance and risk analysis and management. It will also provide the knowledge and skills needed to plan the implementation of an information security management system that provides efficient, effective safeguards and responds to your organisation’s needs.
|About this course:|
|Course work includes:|
|3 Tutor-marked assignments (TMAs)|
|No residential school|
No current presentation - see Future availability
|This course is expected to start for the last time in November 2013.|
‘In today’s high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their systems of internal control’ (Nigel Turnbull, from the preface of the book IT Governance: A Manager’s Guide to Data Security & BS 7799/ISO 17799).
Taking a practice-based approach based upon an organisation you are familiar with, M886 provides the foundational knowledge, understanding, analysis and synthesis that you need to develop a practical information security management system, to the standard set by the ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005. You also acquire the personal development skills you need to keep abreast of important development in a rapidly developing field.
The course is structured as three independent units written to support and extend the set book:
An introduction to information security – In this unit you will first learn about the current requirements on, and incentives for organisations to implement information security. You then study the foundations of the subject, learning to identify and value information as an organisational asset. The protection of information assets is the subject of the British standards, around which the course is based. This unit outlines the processes that must be gone through to satisfy the requirements of the standards.
Information security risk assessment – This unit places in context the issues involved in information security risk assessment, as required by the standard. You will examine the risks that may arise in all relevant aspects of an organisation's operations, including human factors, e-commerce, web-services, and systems development. You will learn how to conduct a systematic risk assessment that leads to a prioritised list of information security risks for an organisation, and the requirements for their treatment. The unit concludes with an assignment in which you will carry out a risk assessment for your chosen organisation, based on the information contained in the British standards and the set book.
Information security risk management – In this unit you will complete your study of the development of a fit-for-purpose information security management system through the management of information security risks. You will learn how to be systematic in the choice of controls that treat specific risks, and how the documentation required by the British standards applicable to the course can be produced. There is a full discussion of the technologies that underpin the standard's controls, and the unit finishes by considering the topic of planning for when things do go wrong.
At the end of the course you will be required to carry out some independent research into an issue in information security management, analysing and evaluating the results of your research for presentation in the examination.
The course has been updated from 2008 so that it is based on the current version of the Information Security standard against which an Information Security Management System would be assessed.
After studying this course you will be able to:
It is important to realise that information security management is a ‘big picture’ subject concerned with getting the balance of technology, physical and social factors correct. As such, there is no special emphasis on any one factor; this is not a course specifically about security technology and you will not, for instance, learn how to configure a firewall as part of the core teaching of M886.
You can take this as a stand-alone course and it requires no formal qualifications for entry. However, it is a postgraduate level course, and you will be expected to have appropriate skills at this level, which might be developed from previous study (to HNC/HND level or above) or professional or commercial experience. In particular, you will need report-writing skills, since the work you are expected to submit in your assignments and examination will consist mainly of reports.
M886’s assessment involves a significant amount of practical work, including the building of an Information Security Management System for a part of an organisation with which you are familiar. To successfully complete your studies of M886 you will therefore need access to information about your chosen organisation. This often entails obtaining the permission, and possibly the active support, of the manager of that area and we recommend that you make any necessary arrangements before the start of the course. If you require any further information please contact the Postgraduate Technology Centre Adviser by email.
If you would like more information about the Postgraduate Computing programme as a whole, you can visit the programme website. This site includes additional information about the programme, details of new courses and qualifications that are being planned, some samples of study materials, FAQs and links to descriptions of current courses and related qualifications.
You do need to have a reasonable standard of spoken and written English to study successfully with us. Poor language skills will make study more difficult, and it will take longer. The normal requirements for English language skills are explained on our website.
If you have any doubts about whether your level of English is good enough for you to study this course you may find it helpful to look at our Skills for OU Study site.
Discount for Open University Graduates
If you are a graduate of The Open University (holding either an undergraduate or masters degree), you are eligible for a discount of £100 towards the cost of this course. You can claim this discount when you register, please contact our Student Registration & Enquiry Service.
M886 is a compulsory module in our:
M886 is an optional module in our:
Some postgraduate qualifications allow study to be chosen from other subject areas. We advise you to refer to the relevant qualification descriptions for information on the circumstances in which this module can count towards these qualifications because from time to time the structure and requirements may change.
As a student of The Open University, you should be aware of the content of the Module Regulations and the Student Regulations which are available on our Essential documents website.
You will need to spend considerable amounts of time using a personal computer and the internet.
If you have particular study requirements please tell us as soon as possible, as some of our support services may take several weeks to arrange. Visit our Services for disabled students website for more information, including:
Course text, set book (A. Calder and S. Watkins (2006) International IT Governance: An Executive Guide to ISO 17799/ ISO 27001, Kogan Page), online access to copies of the standards ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005, other printed and online materials, website, optional online forums.
Access to the internet is essential for this course, since some study materials are available only on the M886 website. You also need to use the internet to submit your assignments to your tutor.
You will need a computer with internet access to study this course as it includes online activities, which you can access using a web browser.
You can also visit the Technical requirements section for further computing information including the details of the support we provide.
You will have a tutor who will be responsible for monitoring your progress on the course, marking and commenting on your written work and whom you can contact for advice and guidance. There is usually a lively student online forum. Contact our Student Registration & Enquiry Service if you want to know more about study with The Open University before you register.
The assessment details can be found in the facts box above.
You will be expected to submit your tutor-marked assignments (TMAs) online through the eTMA system unless there are some difficulties which prevent you from doing so. In these circumstances, you must negotiate with your tutor to get their agreement to submit your assignment on paper.
You will take your examination in one of the University’s examination centres.
The details given here are for the final course start in November 2013.
We regret that we are currently unable to accept registrations for this course. Where the course is to be presented again in the future, relevant registration information will be displayed on this page as soon as it becomes available.
“This was a fascinating course that scored on a number of aspects with regard applicability to work life. I work ...”
“This was my 8th postgraduate OU course and the one I was least looking forward to due to its nature ...”
The Open University is the world’s leading provider of flexible, high quality distance learning. Unlike other universities we are not campus based. You will study in a flexible way that works for you whether you’re at home, at work or on the move. As an OU student you’ll be supported throughout your studies – your tutor or study adviser will guide and advise you, offer detailed feedback on your assignments, and help with any study issues. Tuition might be in face-to-face groups, via online tutorials, or by phone.
For more information about distance learning at the OU read Study explained.
|About this course:|
|Course work includes:|
|3 Tutor-marked assignments (TMAs)|
|No residential school|
Try our frequently asked questions.
Come and meet us at an event near you.
Or contact an adviser by Email or call +44(0) 845 300 60 90 +44(0) 845 366 60 35