As the Internet and communication technologies become an integral part of social, cultural and commercial activity, individuals, organisations, industry and policymakers are having to address the information security threats posed by criminals, computer viruses and malicious software. This Module aims to equip the student with the opportunities, skills and resources which can be used to through introduce the student to examine some of the key governance challenges that the Internet, in particular poses for trust and security in the global networked environment.

By the end of this module the student will be able to:

Demonstrate an awareness of the nature of information security and the governance challenges they pose to stakeholders;
Understand the significance of looking beyond information security as a problem that technology can solve;
Understand the relationship between national and international regulatory initiatives and policies;
Demonstrate the prac tical, legal and technological aspects that underpin information security policymaking;
Demonstrate an awareness of how emerging information security issues can be effectively addressed at national and International levels;
Conduct effective research, including the use of legal information retrieval systems, to locate and collate information about the law applicable in a given situation;
Demonstrate a high level of competency in the analysis and presentation of material.

(LO1) This module aims to develop the student’s understanding of the nature of Information Security; The Module covers some of the most common computer security threats encountered by individuals, organisations and society generally, the technological and legal solutions and the evolving global initiatives which attempt to address the problems. Each topic comprises of structured reading materials, exercises designed to test your understanding of the key concepts and ability to apply these to a given problem. The materials chosen for each topic draw on a range of sources, and include case law and legislation from the United Kingdom,. As Information Security is a global phenomenon, there will be comparative material drawn from the European Union, Council of Europe, United States, and the Commonwealth. The syllabus covers an introduction to Information Security Threats; Cryptography; E-Signatures; The legal response to information Security Threats in the UK, EU, US and Australia ; Standard Setting in Information Security; Information Security in Corporations and the Workplace.

(LO2) You will be provided with opportunities to work individually and participate in on-line discussion on many of the policy, technological and legal questions raised by new technologies. The Module begins with a consideration of the technological setting for many of the public policy debates and issues, and thereafter proceeds to explore the substantive issues raised by applying law to the chosen fields of study. The Module concludes with your submission of a research assignment based on the topics covered during the course of study.

(LO3) Understand the relationship between national and international regulatory initiatives and policies

(LO4) Demonstate the practical, legal and technological aspects that underpin information security policymaking

(LO5) Demonstrate an awareness of how emerging information security issues can be effectively addressed at national and international levels

(LO6) Conduct effective research, including the use of legal information retrieval systems, to locate and collate information about the law applicable in a given situation

(LO7) Demonstrate a high level of competency in the analysis and presentation of material

(S1) Critical analysis appropriate for advanced level masters study.

(S2) Problem-solving skills applicable to complex theoretical and practical contexts.

(S3) Time management and prioritisation skills by working to deadlines.

(S4) Individual and group communication skills by presentations in an online environment (e.g. the virtual classroom).

(S5) Take responsibility for independent learning agenda.

(S6) Reading, analysing and synthesising different viewpoints, becoming familiar with different viewpoints and presenting findings/conclusions in clear, comprehensible, structured format.

(S7) Critical skills with regard to the merits of particular arguments and making reasoned choices between alternative solutions or arguments in all modules and dissertation.

Week One : The Nature of Information Security

Primary materials:10th Annual Ernst & Young Global Information Security Survey; National Research Council, Computer Science and Telecommunications Board, Cybersecurity Today and Tomorrow: Pay Now or Pay Later (2002) (electronic version available at National Academy Press website, http://books.nap.edu/html/cybersecurity ). Organisation for Economic Development and Cooperation (OECD), Computer Viruses and Other Malicious Software: A Threat to the Internet Economy (2009)
Expected Responses: DQI + 3-5 DQF
Study packs to include links and materials to relevant legislation, leading institutions and reports.
Assignment: This will involve undertaking a review of the reading material and research sources to produce a written answer to the question: What is Information Security?

Week Two : The Institutional and Legal Responses to Information Security
Primary materials:
Policy Initiative in World Summit on Information Society:
http://www.itu.int/cybersecurity/laws_legislation.html
European Network and Information Security Agency:
http://enisa.europa.eu/pages/05_01.htm
OECD Forum of Network Security:
http://www.oecd.org/dataoecd/16/27/35884541.pdf
Trends in the Law of Information Security:
http://www.wildmanharrold.com/profile/attorneys/smedinghofft/Trends_in_the_Law_of_Information_Security.pdf  
* The New Law of Information Security
http://www.wildmanharrold.com/profile/attorneys/smedinghofft/The_New_Law_of_Information_Security.pdf
http://www.wildmanharrold.com/profile/attorneys/smedinghofft/The_New_Law_of_Information_Security.pdf
http://www.wildmanharrold.com/profile/attorneys/smedinghofft/The_New_Law_of_Information_Security.pdf
Expected Responses: DQI + 3-5 DQF
Study packs to include short lectures on key regulatory and institutional responses to growing information security threats.
Assignment: HA 13; writing a short report based on the main regulatory issues, problems and institutional responses.

Week Three : Introduction to Cryptography
Primary materials:
Chapter 1 “Overview of Cryptography’ in MENEZES, A., VAN OORSCHOT, P., VANSTONE, S., Handbook of applied cryptography, CRC Press, Boca Raton, 1997, pp. 1-49
Organization for Economic Cooperation and Development (OECD), Guidelines for Cryptography Policy
Chapter 5, A Survey of Cryptography Laws and Regulations
http://rechten.uvt.nl/koops/THESIS/cryptocontroversy-ch05.PDF
Expected Responses: DQI and 3-5 DQF
Study packs to include additional reference material and techniques for engaging with the material in a critical and reflective manner.
Assignment: Students will be asked to undertake a comparative analysis of cryptography policies in three jurisdictions.

Week Four : Electronic Signatures
Primary materials:
Electronic Communications Act 2000 (ECA) an d the Electronic Signatures Regulations 2002 (ESR)
Report on the operation of Directive 1999/93/EC on a Community framework for electronic signatures (15.03.2006)
http://europa.eu.int/information_society/eeurope/i2010/docs/single_info_space/com_electronic_signatures_report_en.pdf
Guidance from Department of Business Enterprise and Regulatory Reform on electronic signatures (February 2009)
Expected Responses: DQI plus 3-5 DQF. Students will be asked to undertake a critical review of 5 academic commentaries on electronic signatures post these on the Module discussion board.
Study packs to include additional reference material and techniques for engaging with the material in a critical and reflective manner.
Assignment: To prepare a report for an International export company, identifying the legal aspects of electronic signatures in the UK, EU, and US and the potential difficulties faced by enterprises working in an international environment.

Week Five : Standard Setting and Information Security Policies
Primary materials:
Communication from the Commission to the Council, the European Parliament and the European Economic and Social Committee on 'Towards an increased contribution from standardisation to innovation in Europe' COM(2008) 133 final
Decision No 1673/2006/EC of the European Parliament and of the Council of 24 October 2006 on the financing of European standardisation
ISO/IEC Guide 2:2004 Standardization and related activities
http://www.standardsinfo.net/info/livelink/fetch/2000/148478/6301438/standards_regulations.html
http://www.iso.org/iso/iss_home.htm
IT Security: http://www.businesslink.gov.uk
Information Security Policy considerations: http://www.sans.org/resources/policies/# template
Expected Responses: DQI plus 3-5 DQF
Study packs to include additional reference material and techniques for engaging with the material in a critical and reflective manner.
Assignment: To draft an Internet and email policy for any two of the following organisations: (i) academic institution; (ii) medical practice; and (iii) bank.

Week Six : Corporate Governance and Information Security

Primary Materials:
OECD, OECD Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security
Information Technology Governance Institute. Information Security Governance: Guidance for Boards of Directors and Executive Management, 2nd Edition. ITGI, 2006.
http://www.itgi.org/template_ITGI.cfm?template=/ContentManagement/ContentDisplay.cfm&ContentID=24384
J Allen, "Governing for Enterprise Security." (CMU/SEI-2005-TN-023). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, June 2005.
http://www.sei.cmu.edu/publications/documents/05.reports/05tn023.html .
J Wilcox, "What's Next for Boards? Ten Landscape-Altering Trends," Directors & Boards, 2006.
http://directorsandboards.com/DBEBRIEFING/November2006/ColumnNovember2006.html
T Smedinghoff, "Information Compliance Overload: Dealing with a Growing Corporate Legal Nightmare." Presentation to the Security Management Conference, ISACA Winnipeg chapter. November 2007. http://www.cert.org/archive/pdf/info_compliance0801.pdf
J Steven, "Adopting an Enterprise Software Security Framework." IEEE Security & Privacy, IEEE Computer Society, March/April 2006. https://buildsecurityin.us-cert.gov/daisy/bsi/resources/published/series/bsi-ieee/568.html .
DQI Topic:  Draw on a range of legal sources (primary and secondary) on Information Security Governance and Privacy from the UK and the US and draft an executive summary of the issues and suggested solutions.
Expected Responses: DQI plus 3-5 DQF
Assignment: Begin the collection of materials for the final assignment from your allocated topic

Week Seven : Preparing a Structured Policy Report

Primary material: Guidance Sheet
DQI Topic: To produce a Structured Information Security Policy Report
Expected Responses: DQI + 3-5 DQR
Assignment: Interim Report

Week Eight : Final Assignment

Primary material: Module Checklist
Expected Responses: DQI + 3-5 DQR
Assignment: Final Report

Assessment Methods
Contribution to virtual classroom discussion; written assignments; individual project – interim report and final project.

Teaching Method 1 - Online Discussions Description: Weekly Online Discussions and Assignments in Virtual Classroom