This module aims to develop the student’s understanding of: The Nature of Information Security   The Varied Threats to Information Security The Legal, Technological and Business Responses to the Threats The Techniques of Regulation The Role of Standards and Compliance

(LO1) Demonstrate understanding principles and techniques of advanced legal research

(LO2) Show an understanding of the relevant social, economic, political, historical, philosophical, ethical, scientific and cultural contexts within which Corporate Information Security operates

(LO3) Identify, locate and retrieve source legal materials in Corporate Information Security, both in paper and electronic form

(LO4) Analyse, evaluate and interpret the principal source materials of Corporate Information Security, including national statutes, national, European and international law reports, treaties, directives and other relevant materials as appropriate

(LO5) Demonstrate advanced legal skills (e.g. critical analysis) necessary to enable them to reach a superior understanding of Corporate Information Security, even if not previously studied at undergraduate level

(S1) Commercial awareness - Relevant understanding of organisations

(S2) Improving own learning/performance - Self-awareness/self-analysis

(S3) Time and project management - Personal organisation

(S4) Critical thinking and problem solving - Critical analysis

(S5) Communication (oral, written and visual) - Report writing

The topics covered will include the following: Introduction to Information Security Threats –        What is Information Security? –        How Is It Different from “Regular” Security? –        Does It Matter? The Legal Response to Information Security Threats –        Prevention –        Investigation –        Prosecution –        Jurisdiction The Computer Misuse Act 1990 –        Computer Intrusions –        Hacking –        Unauthorised Access –        Denial of Services The Fraud Act 1990 –  &#x A0;     Identity Theft –        Phishing –        Abuse of Position –        False Representation The Data Protection Act 1998 –        Personal Data –        Exemptions –        Sanctions Standard Setting in Information Security –        International Organization for Standardisation –        ISO/IEC 27001 –        PCI Security Standards –        EU Framework Techniques of Regulation: Approaches in UK, EU, US and Australia –        Theories of Regulation –        Law and Economics –        Code, Contract and Norms –        Cryptography –        E-Signatures Information Security in Corporations and the Workplace –        Concept of Information Security Governance –        OECD Principles of Corporate Governance –        US Sarbanes Oxley Act –        Boardroom Issues and Directors Duties –        Information Security Policies in the Workplace

Teaching Method 1 - Seminar
Description: Weekly 2-hour research- and student-led seminars examining the topics on the syllabus.
Attendance Recorded: Yes