Information security

Whether in the public or private sector, the investment in the information assets of a modern organisation underpins its effectiveness and drives its profitability. In this module, you'll explore the skills necessary to understand, document, manage and implement strategic and operational aspects of your organisation's information security. You'll study topics in information security risk assessment and management, professionalism, home information security, and information security research. By studying this module, you'll better understand your organisation's information security requirements, developing your ability to deliver a fit-for-purpose information security management system.

Course facts
About this course:
Course code M811
Credits 30
OU Level Postgraduate
SCQF level 11
FHEQ level 7
Course work includes:
3 Tutor-marked assignments (TMAs)
End-of-module assessment
No residential school

What you will study

"In today's high technology environment, organisations are becoming more and more dependent on their information systems. The public is increasingly concerned about the proper use of information, particularly personal data. The threats to information systems from criminals and terrorists are increasing. Many organisations will identify information as an area of their operation that needs to be protected as part of their systems of internal control" (Nigel Turnbull, from the foreword of the book IT Governance: A Manager's Guide to Data Security BS 7799/ISO 17799).

Taking a practice-based approach based upon an organisation you are familiar with, this module provides the foundational knowledge, understanding, analysis and synthesis that you need to develop a practical information security management system, to the standard set by the ISO 27000 family of standards (particularly 27001 and 27002). You will also acquire the personal development skills that you need to keep abreast of important development in a rapidly developing field.

The module is structured into strands. The main strand has three independent units written to support and extend the module book.

An introduction to information security
You will begin by learning about the current requirements on, and the incentives for, organisations to implement information security. Next, you will study the foundations of the subject, learning to identify and value information as an organisational asset. The protection of information assets is the subject of the British standards, around which this module is based. This unit outlines the processes required to satisfy the requirements of these standards.

Information security risk assessment
This unit places in context the issues involved in information security risk assessment, as required by the standard. You will examine the risks that may arise in all relevant aspects of an organisation's operations, including human factors, ecommerce, web services and systems development. You will learn how to conduct a systematic risk assessment that leads to a prioritised list of information security risks for an organisation, and the requirements for their treatment.

The unit concludes with an assignment in which you will carry out a risk assessment for your chosen organisation, based on the information contained in the British standards and the module book.

Information security risk management
In this unit you will complete your study of the development of a fit-for-purpose information security management system through the management of information security risks. You will learn how to be systematic in the choice of controls that treat specific risks, and how to produce the documentation required by the relevant British standards. You'll fully explore the technologies that underpin the standard's controls, and complete the unit by considering the topic of planning for when things do go wrong.

The other strands cover professionalism, home information security, information security research, and exploring the leading edge of information security.

This module makes extensive use of videos, podcasts, blogs and other web resources to support your learning. At the end of the module you will be required to carry out some independent research into an issue in information security management, analysing and evaluating the results of your research for presentation in the end-of-module assessment.

The module is based on the current version of the Information Security standard against which an Information Security Management System would be assessed.

Vocational relevance

By studying this module you will learn how to craft a fit-for-purpose Information Security Management System for an organisation with which you are familiar. As such you will be interacting with other people in your organisation and this may help to raise your profile.

Entry

It is expected that you will hold a bachelors degree (or equivalent) in computing or a related discipline, or alternatively have at least three years relevant industry experience.

Your spoken and written English must be of an adequate standard for postgraduate study. If English is not your first language, we recommend that you will need a minimum overall score of 6 and minimum score of 5.5 in each of the four components: reading, writing, speaking and listening under the International English Language Testing System (IELTS). Please see the IELTS website for details.

If you have any doubt about the suitability of the module, please speak to an adviser.

If you have a disability or additional requirement

The study material is online, so you'll spend considerable time using a computer and the internet.

Some components might not be fully accessible using a screen reader. Mathematical and scientific materials can be particularly difficult to read in this way.

Written transcripts of audio components and figure descriptions are available.

If you're using printed materials as part of reasonable adjustments to support your studies, note that printed versions of online materials are unavailable for this module.

Study materials

What's included

This module is only presented online - there are no printed materials.

All the study materials will be available from the module website including: details of how to download and install Nessus software; three units of core texts; the continuous assessment; the end-of-module assessment and exercises and podcasts to support the teaching.

In addition you will have access to download your own copy of the module book - IT Governance: An International Guide to Data Security and ISO27001/ISO27002.

Computing requirements

  • Primary device – A desktop or laptop computer. It's possible to access some materials on a mobile phone, tablet or Chromebook; however, they will not be suitable as your primary device.
  • Peripheral device – Headphones/earphones with a built-in microphone for online tutorials.
  • Our OU Study app operates on supported versions of Android and iOS.
  • Operating systems – Windows 11 or latest supported macOS. Microsoft will no longer support Windows 10 as of 14 October 2025.
  • Internet access – Broadband or mobile connection.
  • Browser – Google Chrome and Microsoft Edge are recommended. Mozilla Firefox and Safari may be suitable.

Teaching and assessment

Support from your tutor

Throughout your module studies, you'll get help and support from your assigned module tutor. They'll help you by:

  • Marking your assignments (TMAs) and providing detailed feedback for you to improve.
  • Guiding you to additional learning resources.
  • Providing individual guidance, whether that's for general study skills or specific module content.
  • Facilitating online discussions between your fellow students, in the dedicated module and tutor group forums.

Assessment

The assessment details can be found in the facts box.

Future availability

Information security (M811) starts once a year – in November.

This page describes the module that will start in November 2025.

We expect it to start for the last time in November 2028.

This course is expected to start for the last time in November 2028.