Your feedback is important to us
Please take two minutes at the end of your visit to help us improve our information and services.
Skip to content The Open University

Information security management

On this page

The protection of information assets underpins the commercial viability and profitability of all enterprises and the effectiveness of public sector organisations. It should not be left to chance. If you work in an organisation concerned (directly or indirectly) with valuable information assets, this practical module will enable you to understand and manage strategic and operational aspects of information security, including IT governance and risk analysis and management. It will also provide the knowledge and skills needed to plan the implementation of an information security management system that provides efficient, effective safeguards and responds to your organisation’s needs.

Register for the course

Start End Fee Register
- - -

No current presentation - see Future availability

This course is expected to start for the last time in November 2013.

What you will study

‘In today’s high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their systems of internal control’ (Nigel Turnbull, from the preface of the book IT Governance: A Manager’s Guide to Data Security & BS 7799/ISO 17799).

Taking a practice-based approach based upon an organisation you are familiar with, M886 provides the foundational knowledge, understanding, analysis and synthesis that you need to develop a practical information security management system, to the standard set by the  ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005. You also acquire the personal development skills you need to keep abreast of important development in a rapidly developing field.

The module is structured as three independent units written to support and extend the set book:

An introduction to information security – In this unit you will first learn about the current requirements on, and incentives for organisations to implement information security. You then study the foundations of the subject, learning to identify and value information as an organisational asset. The protection of information assets is the subject of the British standards, around which the module is based. This unit outlines the processes that must be gone through to satisfy the requirements of the standards.

Information security risk assessment – This unit places in context the issues involved in information security risk assessment, as required by the standard. You will examine the risks that may arise in all relevant aspects of an organisation's operations, including human factors, e-commerce, web-services, and systems development. You will learn how to conduct a systematic risk assessment that leads to a prioritised list of information security risks for an organisation, and the requirements for their treatment. The unit concludes with an assignment in which you will carry out a risk assessment for your chosen organisation, based on the information contained in the British standards and the set book.

Information security risk management – In this unit you will complete your study of the development of a fit-for-purpose information security management system through the management of information security risks. You will learn how to be systematic in the choice of controls that treat specific risks, and how the documentation required by the British standards applicable to the module can be produced. There is a full discussion of the technologies that underpin the standard's controls, and the unit finishes by considering the topic of planning for when things do go wrong.

At the end of the module you will be required to carry out some independent research into an issue in information security management, analysing and evaluating the results of your research for presentation in the examination.

The module has been updated from 2008 so that it is based on the current version of the Information Security standard against which an Information Security Management System would be assessed.

You will learn

After studying this module you will be able to:

  • understand contemporary issues in information security management
  • analyse and prioritise information security risks
  • identify countermeasures and review techniques appropriate to the management of information security risks
  • understand the policy and technology trade-offs involved in developing information security systems of adequate quality
  • locate, read, comprehend and evaluate developments in the field as they appear in contemporary professional and research publications.

It is important to realise that information security management is a ‘big picture’ subject concerned with getting the balance of technology, physical and social factors correct. As such, there is no special emphasis on any one factor; this is not a module specifically about security technology and you will not, for instance, learn how to configure a firewall as part of the core teaching of M886.


You can take this as a stand-alone module and it requires no formal qualifications for entry. However, it is a postgraduate level module, and you will be expected to have appropriate skills at this level, which might be developed from previous study (to HNC/HND level or above) or professional or commercial experience. In particular, you will need report-writing skills, since the work you are expected to submit in your assignments and examination will consist mainly of reports.

M886’s assessment involves a significant amount of practical work, including the building of an Information Security Management System for a part of an organisation with which you are familiar. To successfully complete your studies of M886 you will therefore need access to information about your chosen organisation. This often entails obtaining the permission, and possibly the active support, of the manager of that area and we recommend that you make any necessary arrangements before the start of the module. If you require any further information please contact the Postgraduate Technology Centre Adviser by email

If you would like more information about the Postgraduate Computing programme as a whole, you can visit the programme website. This site includes additional information about the programme, details of new modules and qualifications that are being planned, some samples of study materials, FAQs and links to descriptions of current modules and related qualifications.

You do need to have a reasonable standard of spoken and written English to study successfully with us. Poor language skills will make study more difficult, and it will take longer. The normal requirements for English language skills are explained on our website.

If you have any doubts about whether your level of English is good enough for you to study this module you may find it helpful to look at our Skills for OU Study site.

Discount for Open University Graduates

If you are a graduate of The Open University (holding either an undergraduate or masters degree), you are eligible for a discount of £100 towards the cost of this module. You can claim this discount when you register, please contact our Student Registration & Enquiry Service.


As a student of The Open University, you should be aware of the content of the Module Regulations and the Student Regulations which are available on our Essential documents website.

If you have a disability

You will need to spend considerable amounts of time using a personal computer and the internet.

If you have particular study requirements please tell us as soon as possible, as some of our support services may take several weeks to arrange. Visit our Services for disabled students website for more information, including:

  • help to determine your study requirements and how to request the support that you need  
  • Disabled Students' Allowances (DSAs)
  • using a computer for OU study
  • equipment and other support services that we offer
  • examination arrangements
  • how to contact us for advice and support both before you register and while you are studying.

Study materials

What's included

Module text, set book (A. Calder and S. Watkins (2006) International IT Governance: An Executive Guide to ISO 17799/ ISO 27001, Kogan Page), online access to copies of the standards ISO/IEC 27001:2005 and BS ISO/IEC 17799:2005, other printed and online materials, website, optional online forums.

You will need

Access to the internet is essential for this module, since some study materials are available only on the M886 website. You also need to use the internet to submit your assignments to your tutor.

Computing requirements

You will need a computer with internet access to study this course as it includes online activities, which you can access using a web browser.

  • If you have purchased a new desktop or laptop computer since 2007 you should have no problems completing the online activities.
  • If you’ve got a netbook, tablet or other mobile computing device check our Technical requirements section.
  • If you use an Apple Mac you will need OS X 10.6 or later.

You can also visit the Technical requirements section for further computing information including the details of the support we provide.

Teaching and assessment

Support from your tutor

You will have a tutor who will be responsible for monitoring your progress on the module, marking and commenting on your written work and whom you can contact for advice and guidance. There is usually a lively student online forum. Contact our Student Registration & Enquiry Service if you want to know more about study with The Open University before you register.


The assessment details can be found in the facts box above.

You will be expected to submit your tutor-marked assignments (TMAs) online through the eTMA system unless there are some difficulties which prevent you from doing so. In these circumstances, you must negotiate with your tutor to get their agreement to submit your assignment on paper.

You will take your examination in one of the University’s examination centres.

Future availability

The details given here are for the final module start in November 2013. 

How to register

We regret that we are currently unable to accept registrations for this course. Where the course is to be presented again in the future, relevant registration information will be displayed on this page as soon as it becomes available.

Student Reviews

“This was a fascinating course that scored on a number of aspects with regard applicability to work life. I work ...”
Read more
“This was my 8th postgraduate OU course and the one I was least looking forward to due to its nature ...”
Read more

Distance learning

The Open University is the world’s leading provider of flexible, high quality distance learning. Unlike other universities we are not campus based. You will study in a flexible way that works for you whether you’re at home, at work or on the move. As an OU student you’ll be supported throughout your studies – your tutor or study adviser will guide and advise you, offer detailed feedback on your assignments, and help with any study issues. Tuition might be in face-to-face groups, via online tutorials, or by phone.

For more information about distance learning at the OU read Study explained.

Course facts
About this course:
Course code M886
Credits 15
OU Level Postgraduate
SCQF level 11
FHEQ level 7
Course work includes:
3 Tutor-marked assignments (TMAs)
No residential school

Your questions

Try our frequently asked questions.

Come and meet us at an event near you.

Or contact an adviser by Email or call +44(0) 845 300 60 90 +44(0) 845 366 60 35

Employers' questions

Contact Corporate Enquiries
Visit our website for employers or Email us

Get a prospectus

Download or