Courses
  1. Undergraduate
  2. Postgraduate
  3. Research Degrees
  4. CPD
  5. Short Courses
  1. Management of Information Security and Risk
    1. 2017
Courses

Management of Information Security and Risk

MSc |
Learn about both the technical and the business issues that can bridge the gap between IT security and business risk.

Key Information

Start date

Autumn 2017

Duration

Part-time: 28 months

The modules will be delivered in block mode, with full time students taking four modules per term and part time students taking twomodules per term. Modules can also be taken individually for Continuing Professional Development (CPD).

See more about duration

UK/EU

Part-time: £5,000 per year

Non-EU

Part-time: £7,500 per year

Who is it for?

This Masters course is aimed at IT professionals with approximately five years’ experience and is intended to provide them with the skills that they need to progress to a management role in information security and risk. The course will appeal to companies and professionals that need to develop or improve their capability in managing IT-related security, in order to enter markets with higher demands of dependability and security, comply with new regulations, or re-qualify for new roles.

Objectives

Concerns about cyber security and information risk have led to a growing market for technical specialists, but there is also a need for more senior professionals with an awareness of both the technical and the business issues who can bridge the gap between IT security and business risk.

On this Management of Information Security and Risk MSc programme you will learn about both the technical and the business issues that can bridge the gap between IT security and business risk.

Understand how to communicate these risks to both the technical staff and the executive business team (CEO, CIO, CFO and COO) in a language they share.

Focus on human-machine interaction and decision making within today's increasingly complex Political-Economical-Socio-Technical (PEST) systems.

Find out about latest industry and government standards, legislation and best practice from leading technical experts and network with your peers to compare and contrast best practices from different industries.

Requirements and how to apply

Entry requirements

Applicants should hold a second class honours degree or the equivalent from an international institution in a cognate subject. We will consider applicants without a Bachelors degree, provided they have substantial relevant experience in the IT industry (at least ten years).

All applicants should also have approximately five years of relevant professional experience (absolute minimum of two years in exceptional circumstances).

Other suitable qualifications

If you do not qualify for direct entry, you may wish to follow a Graduate Diploma pathway to the programme through one of our partners.

INTO City, University of London

Don't meet the entry requirements? INTO City, University of London offers a range of academic and English language programmes to help prepare you for study at City, University of London. You'll learn from experienced teachers in a dedicated international study centre.

These programmes are designed for international students who do not meet the required academic and English language requirements for direct entry. To prepare for this degree course, learn more about the Graduate Diploma in Informatics - Science and Engineering.

English requirements

For overseas students whose first language is not English, the following qualification is required:

  • IELTS: 7.0

Due to changes in the UKVI's list of SELTs we are no longer able to accept TOEFL as evidence of English language for students who require a CAS as of April 2014.

English language programmes

Don't meet the English language requirements? INTO City, University of London offers English language programmes to help prepare you for study at university. These intensive and flexible courses are designed to improve your English ability for entry to degree courses. Learn more about INTO's English for University Study programme.

Visa requirements

If you are not from the European Economic Area / Switzerland and you are coming to study in the UK, you may need to apply for a visa or entry clearance to come to the UK to study.

The way that you apply may vary depending on the length of your course. There are different rules for:

  • Students on courses of more than six months
  • Students on courses of less than six months
  • Students on a pre-sessional English language course.

If you require a Tier 4 student visa to study in the UK, you cannot undertake any City courses on a part-time basis.

For more information see our main Visa page.

How to apply

Thank you for having decided to apply to study a postgraduate course at the School of Mathematics, Computer Science and Engineering. Please note that the deadline for applications for the 2017/18 academic year is 31st August 2017.

In order for your application to be considered, please ensure that you upload the following documentation with your application:

  • For all applicants, please upload your degree certificate and transcript of marks from your first degree (if you do not have your final results at the time of making your application, please upload a provisional certificate/interim transcript of marks). A transcript is required in order to have your application processed.
  • If your first language is not English, or you require a Tier 4 visa to study in the UK, please upload a Proof of English Proficiency if you have already obtained it. A list of accepted qualifications can be found here.
  • If you require a Tier 4 student visa to undertake a Master's programme in the UK, please upload a detailed personal statement outlining why you wish to study this specific course, at City University London, as well as explaining how your past studies have prepared you for this course and how it will help you to progress in your career.
  • If you are applying for a Part-time course, or have relevant work experience relating to the degree you are applying for, please upload a copy of your current CV/resume.

You can apply in the following ways:

Postal applications and supporting documents

We encourage online applications, however if you are unable to do this, please send a completed paper application form, together with supporting documents, to:

Postgraduate Courses Office, A302
School of Mathematics, Computer Science & Engineering
City, University of London
Northampton Square
London
EC1V 0HB

Contact information for the Postgraduate Team

Tel: +44 (0)20 7040 0248
Email: smcsepg@city.ac.uk

Part-time
The course is delivered part-time in block mode catering to demands of busy professionals.

Funding

Explore up-to-date information about funding options, available financial support and typical living costs.

More about funding

If a student leaves City after commencing but before completing their course, City reserves the right to charge the student the tuition/course fee for the full academic year (or full course for capacity limited post-graduate courses - up to a maximum of 2 years fees) in question. The student may be charged the full fee for that year or course as applicable unless the student is able to present justification that exceptional and unforeseeable reasons for their withdrawal exist.

How to pay

City has introduced an instalment payment scheme which is available to certain categories of students, including taught postgraduate students. For students following the normal academic year, the annual fee may be paid in two equal instalments: the first on registering, the second on 31st January. If you wish to pay your fees by instalment you must pay the first instalment at or before registration, by cheque or credit/debit card. You must also supply your bank details or credit card details for payment of your second instalment which will be deducted automatically from your bank or credit card account on 31st January.

Funding

For up-to-date information about tuition fees, living costs and financial support, visit Postgraduate Fees and Finance.

Future Finance Loans

Future Finance offers students loans of between £2,500 and £40,000 to help cover tuition fees and living expenses. All students and courses are considered. All loans are subject to credit checks and approval for further details please visit the City Finance website.

Learn a language for free

We offer a free language course for City, University of London students.

Find out how to apply

Teaching and learning

The modules are taught by academics at the Centre for Software Reliability, within the School of Mathematics, Computer Science and Engineering, and also by visiting lecturers from industry. We also have invited speakers from academia and industry in most modules. Teaching takes place via seminars, lectures, group work and tutorials. The assessment is through coursework only – this consists of written work (individual and group), presentations and peer review.

The modules will be delivered in block mode, with students taking two modules per term. Each module consists of two blocks as follows:

  • Thursday evening: 5pm - 9pm
  • Friday: 9am-5pm
  • Saturday: 9am-5pm

In summary, assuming attendance at the Thursday evening sessions can be done without having to take any time off from work, the students are expected to take eight Fridays off from work in a calendar year (though some employers may allow their employees to take these times off as study leave), and they will need to also attend classes for a further eight Saturdays (i.e. two Fridays and two Saturdays per module). Timetables are for guidance only and are subject to change.

Modules

The course covers the skills and knowledge necessary to be successful in senior roles in information security and risk.

The course supports the extra breadth of knowledge required by people with professional experience to help them progress towards target roles in management or consulting on security, assurance and risk.

Applicants can also apply to enrol on individual modules as CPDs. It will then be possible for you to gradually build credits for the MSc should you wish to take this route. City, University of London is also an approved MoD Enhanced Learning Credits (ELC) scheme provider (ID-1538).

Modules providing Professional Skills

Information Leadership (15 credits)

  • The role of the CIO/information leader past, present and future
  • Relationships with key executive posts such as CEO, COO, CFO
  • Talent management: the information leader's team, key IT functional roles and technology specific issues
  • Financial context: budgeting, corporate/public sector financial reporting, balance sheets, cash flow, income/expenditure, etc. Management accounting issues
  • Purchasing, third-party and customer/supplier management
  • Introduction to IT governance, legal/regulatory issues and the role of policy and standards
  • Information as a source of competitive advantage: when IT does and doesn't matter.

Executive Development (15 credits)

  • Competency frameworks, qualifications and CPD, including; IISP, SFIA, ITIL, BCS and industry certifications
  • Personal SWOT analyses and action planning
  • Developing behavioural competencies in an organisational context; leadership, team work, communication, negotiation, and influencing
  • Reflection, performance appraisal, mentoring and coaching
  • Project, programme and change management in uncertain environments
  • Communities of practice and professional identity.

Socio-Technical Systems (15 credits)

  • The concept of socio-technical system; examples of errors caused by technical-only analysis of IT based systems
  • Introduction to Human Factors, cognitive processes, assessment of human performance and human error
  • Unexpected effects of automation on work organisation,  behaviour and performance
  • The psychology of risk perception and communication
  • Models and empirical studies of responsibility, trust and trustworthiness
  • Psychology of security and social engineering attacks
  • Organisational factors: roles of culture and incentives
  • Approaches to the study of risk and risk management in socio-technical systems: "Normal accidents", "High reliability organisations", "Resilience engineering".

IT Risk Management for effective performance and the prevention of fraud, error and disaster (15 credits)

  • The assurance gap -  how to identify the black hole between the Board's understanding of the governance of the organisation and the operational reality
  • IT Risk Management - how to ensure that IT risks are part of the enterprise risk management process
  • IT Audit - the multi-layered approach to identifying the effectiveness of controls over the systems life cycle, the operational efficacy and the security of the IT resource
  • IT Governance - demonstrating the need for transparency and integration of the IT resource
  • Continuous Monitoring and Continuous Audit - the new dynamic - providing assurance that events - specifically IT related events - are controlled in real time - or close to real time
  • Best Practice IT workshop including case studies showing the causes of major IT failures
  • Prevention of Fraud, denial of service.

Specialised Security and Risk Modules

Information Security Management (15 credits)

  • Information Security in the 21st century, evolving threats and defences
  • Security policies and governance; Role of standards, guidelines and legislation
  • Communicating security and risk issues to general and executive audiences
  • Selecting and evaluating strategies and technologies for organization wide security.

IT Risk and Resilience (15 credits)

  • Basic concepts, definitions and types of requirements in dependability, security, resilience including reference to the relevant international standards and adopted good practices
  • Systematic methods for identifying vulnerabilities and threats; basic concepts and examples about means for achieving resilience and security: avoidance, prevention, removal, mitigation and recovery at the technical and at the organisational levels
  • Fundamental design trade-offs in formulating information security/resilience strategies; introduction to the means for assessing dependability and resilience and information assurance methodologies
  • Basic concept of the risks due to the interdependencies between critical infrastructures (i.e. power grid reliance on telecommunication and vice versa, etc.) and methods of its quantification and management (interdependency analysis).

Quantitative Risk Analysis (15 credits)

  • Quantifying risk. Probabilistic models.  Statistical inference
  • Subjective probabilities and Bayesian inference
  • Dependent events.  Dependent random values
  • Worst / best case estimates of probabilities and random values
  • Models of defence / protection
  • Presenting results of risk analysis

Assurance Cases (15 credits)

  • The nature of the assurance and evaluation problem for computer based systems
  • Deriving and structuring of claims in an assurance case; claim expansion from architecture; from dependability attributes.
  • The role of standards, policies and regulations in deriving claims and argument strategies
  • Evidence and arguments for different attributes
  • Reviewing and assessing cases; improving communication. Developing cases for a range of stakeholders - from "boardroom to back office"
  • Cases for specific classes of systems. Issues of scalability
  • The use of tools for assurance cases (e.g. ASCE).

Students also take an independent individual project, which applies the technical contents of the course to a concrete problem. The project may be executed during an internship in an outside organisation, within a successful internship scheme.

  • Academic expert
    Professor of System and Software Dependability working in the School of Mathematics, Computer Science & Engineering.
  • Academic expert
    Senior Lecturer working in the School of Mathematics, Computer Science & Engineering.
  • Academic expert
    Professor of Systems Engineering working in the School of Mathematics, Computer Science & Engineering.
  • Academic expert
    Lecturer working in the School of Mathematics, Computer Science & Engineering.
  • Academic expert
    Senior Lecturer working in the School of Mathematics, Computer Science & Engineering.
  • Student
    The course offered me the unique opportunity to understand the complexities of information security whilst being able to articulate them to senior members of a business.

Career prospects

This course will appeal to companies and professionals that need to develop or improve their capability in managing IT-related security, in order to enter markets with higher demands of dependability and security, comply with new regulations, or re-qualify for new roles. Graduates should be suitable for consideration as the CSO or Security Architects and Senior Information Risk Managers and would also greatly help them in information security Consultancy and Auditing roles.

Our previous and existing cohort of students have all been employed full-time in a wide range of companies, including multi-billion pound turnover internationals in the aviation industry, global auditing companies (e.g. KPMG), media companies (e.g. Sky and Sony), financial services companies (e.g. Deutsche Bank) in the City of London, small and medium enterprises (SMEs), government departments and NHS trusts. The programme helps students build a strong network with their peers and maintain it as part of their career development.

Learn more about how the programme can protect your organisation.


Thank you for having decided to apply to study a postgraduate course at the School of Mathematics, Computer Science and Engineering. Please note that the deadline for applications for the 2017/18 academic year is 31st August 2017.

In order for your application to be considered, please ensure that you upload the following documentation with your application:

  • For all applicants, please upload your degree certificate and transcript of marks from your first degree (if you do not have your final results at the time of making your application, please upload a provisional certificate/interim transcript of marks). A transcript is required in order to have your application processed.
  • If your first language is not English, or you require a Tier 4 visa to study in the UK, please upload a Proof of English Proficiency if you have already obtained it. A list of accepted qualifications can be found here.
  • If you require a Tier 4 student visa to undertake a Master's programme in the UK, please upload a detailed personal statement outlining why you wish to study this specific course, at City University London, as well as explaining how your past studies have prepared you for this course and how it will help you to progress in your career.
  • If you are applying for a Part-time course, or have relevant work experience relating to the degree you are applying for, please upload a copy of your current CV/resume.

You can apply in the following ways:

Postal applications and supporting documents

We encourage online applications, however if you are unable to do this, please send a completed paper application form, together with supporting documents, to:

Postgraduate Courses Office, A302
School of Mathematics, Computer Science & Engineering
City, University of London
Northampton Square
London
EC1V 0HB

Contact information for the Postgraduate Team

Tel: +44 (0)20 7040 0248
Email: smcsepg@city.ac.uk

Contact details

Programmes Office (room A302)

Request a prospectus

Find out more about City and all our postgraduate degree programmes.

Get your prospectus

Find us

City, University of London

Northampton Square

London EC1V 0HB

United Kingdom

Back to top

City, University of London is an independent member institution of the University of London. Established by Royal Charter in 1836, the University of London consists of 18 independent member institutions with outstanding global reputations and several prestigious central academic bodies and activities.