Information has become a key component of the majority of businesses. Availability, Integrity and Confidentiality of information is a paramount concern as the loss or partial loss even for a short time can be of significant negative impact. The need for diligent planning in terms of Information Security and the exacting application of Information Security practices are essential to the maintenance of business today.

Course Aim
The principal aim of the programme is to provide suitable candidates with the knowledge, competencies, and skills necessary to plan and execute information security policies and procedures to ensure confidentiality, integrity, and access to an organisation’s information resources.

Programme Objectives
The objective of this programme is to produce professionals that can:
● Develop and administer ownership of systems and information
● Establish information and data classification guidelines, standards and procedures. Certification In Information Security Practice – Milima Cyber
Academy
● Develop, establish, and maintain standards, procedures, and guidelines to promote the security and uninterrupted operation of computer-based application systems.
● Identify and address exposures to accidental or intentional destruction, disclosure, modification, or interruption of information that may cause serious financial and/or information loss to the company.
● Be responsible for the protection of the company assets and information that are processed by or stored on computerized information systems.

Teaching And Learning Pattern
The taught modules will be delivered by a mixture of instructor-led training sessions and practical workshops. Training materials will be provided prior and during the lectures to allow participants to have prior reading. Workshops will allow the student to consolidate the material consumed
throughout the programme.

Assessment Methods
The module participants will be assessed continuously throughout the taught modules through individual exercises and projects. The minor thesis produced at the end of the Project Module will be assessed by an Industry Expert and graded. The “Certificate in Information Security Practice” will be marked with the grade achieved.
● Distinction level is 70% or above.
● Merit level is 60% or above.
● Pass level is 50% or above.

Recommended Texts
● (ISC)2 Guide to the CISSP CBK, Fourth Edition.
● CIS: The Critical Security Controls for Effective Cyber Defence. Version 6.1.
● Cornford T. and Smithson S. (2006). Project Research in Information Systems. Palgarve McMillan.

Recommended Journals
● (ISC)2 – Information Security Journal.
● Taylor & Francis – Journal of Digital Forensic Practice.
● Harvard Business Review, Long Range Planning.
● Strategic Management Journal.
● Journal of Management Studies.

Websites
● (ISC)2: http://www.isc2.org
● ISACA: http://www.isaca.org
● CIS: http://www.cisecurity.org

Programme Organisation
There is significant work to prepare professionals to meet the complete programme objectives. For this reason, the programme is split across three short course modules and a work-based individual project. While each short course module is standalone and candidates who attend will be presented with a Certificate of Attendance, the successful completion of the three modules plus the work-based project will see the candidate receive a Special Purpose Award (SPA), a Certificate in Information Security Practice.

1. Information Security – Management
Module Code: ISP-001
Course Level: Intermediate
Duration: 16 hours (2 Weeks)

Module Aim
The aim of this module is to provide students with an insight into the principles of Information Security Management. This module also aims to inculcate a broad knowledge of strategic employment choices. Moreover, the module endeavors to highlight the role of Human Resources (HR) in strategic decision-making. In addition, this module seeks to generate students’ awareness of HR strategies for a global business environment. Finally, it endeavors to familiarise students with the key developments in Strategic Human Resource Management.

Module Sections
● Information Security, Governance and Risk Management.
● Legal, Regulations, Investigations and Compliance.
● Business Continuity and Disaster Recovery Planning. Learning Outcomes On successful completion of this section students should be able to:
● Evaluate and contrast various information security, governance and risk management frameworks.
● Understand the key legal, regulatory, investigative, and compliance challenges in the fight against cybercrime.
● Consider business continuity strategies and disaster recovery planning.

2. Information Security – Technical
Module Code: ISP-002
Course Level: Intermediate
Duration: 16 hours (2 Weeks)

Module Aim
The aim of this module is to provide students with an understanding of computing security architecture and design as well as cryptographic technologies. This module also aims to give the student an understanding of software development methodologies and how information security should be included within these as a key basic component. Moreover, the module endeavors to give an understanding of network security and penetration
testing principles.
Module Sections
● Security Architecture and Design.
● Cryptography.
● Systems: Threats, Vulnerabilities and Risks.
● Secure Software Development.
● Network Security and Penetration Testing.

Learning Outcomes
On successful completion of this section students should be able to:
● Consider security architecture and design methodologies.
● Evaluate the goals of cryptography and demonstrate an understanding of key cryptographic systems to deliver stream and block ciphers as well as operation of public-key cryptography.
● Consider the threats, vulnerabilities and risks to computing systems and networks.
● Assess software development controls, development lifecycle models, and testing controls in the context of secure development.
● Demonstrate an understanding of the steps required for a successful penetration test and how the results should be formulated for the system or network owner.

3. Information Security – Operational
Module Code: ISP-003
Course Level: Intermediate
Duration: 16 Hours (2 Weeks)

Module Aim
The aim of this module is to provide students with an understanding of physical and operations security. This module also reviews the types of access control and the methods of implementing, monitoring and managing them.

Module Sections
● Physical Security.
● Access Control.
● Operations Security.

Learning Outcomes
On successful completion of this section students should be able to:
● Identify physical security threats and compose a security plan.
● Ensure appropriate access controls.
● Determine available operations security controls to implement critical security controls.

4. Information Security – Project
Module Code: ISP-004
Course Level: Advanced
Duration: 4 Weeks

Module Aim
This is an inter-disciplinary project, which aims to consolidate and integrate the learners’ knowledge, skills and competences across the three taught
module areas. This module will provide students with the opportunity to complete a piece of research-based work. Students will produce a minor thesis of approximately 5,000 – 7,500 words in length. The subject matter will reflect a study of specific interest to the student across the modules. This minor thesis will reinforce educational/industrial linkages.

Learning Outcomes
On successful completion of this section students will have:
● Reviewed the security implications of a scenario given.
● Contributed to the design of the facility required by the scenario.
● Contributed to the network design of the equipment for the facility.
● Decided on the security model for the data being stored at the facility.
● Decided on the access controls to be established for the facility and its assets.
● Contributed to the new-hire employment terms where they relate to security.
Developed:
★ Employee security screening protocols.
★ Security management plans.
★ Risk assessments.
★ Business impact assessments.
★ Business continuity plans.
★ Disaster recovery plans.

Entry Level Requirements

• A student undertaking this course should have a basic understanding of computing, the web, the internet, and networking.
• A student should also have a basic understanding of cybersecurity.
• A certificate in Fundamentals of Cybersecurity (Milima Cyber Academy) or an equivalent from a cybersecurity training academy is highly recommended.
• Understanding of basic web technologies (HTTP, HTML, JS, …)

Recommended Texts

• (ISC)2 Guide to the CISSP CBK, Fourth Edition.
• CIS: The Critical Security Controls for Effective Cyber Defence. Version 6.1.
• Cornford T. and Smithson S. (2006). Project Research in Information Systems. Palgarve McMillan.

Recommended Journals

• (ISC)2 – Information Security Journal.
• Taylor & Francis – Journal of Digital Forensic Practice.
• Harvard Business Review, Long Range Planning.
• Strategic Management Journal.
• Journal of Management Studies.

Websites

• (ISC)2: http://www.isc2.org
• ISACA: http://www.isaca.org
• CIS: http://www.cisecurity.org