School for Health, Unit Catalogue 2008/09 |
FH50116 Information security management |
| Credits: 6 |
| Level: Masters |
| Modular: no specific semester |
| Assessment: CW 100% |
| Requisites: |
|
Aims: To introduce Information Security legislation, guidance and processes that are required in health and social care organisations.
Learning Outcomes: Knowledge and Understanding After taking this unit the student should be able to: * Describe the legislation and guidance surrounding information security including: - BS 7799/ISO 17799 - Data Protection Act 1998 - NHSnet Code of Conduct - Computer Misuse Act 1990 * Examine the role of information security management within the NHS. * Discuss the relationship between information security management and confidentiality * Critically analyse the role of information security management especially with relevance to confidentiality * Examine the effects of information security management in a shared service environment * Critically analyse the role of information security management and data quality. * Explain the contingency procedures and processes that are needed for effective information security management. * Critically analyse the role of information security management and the information needs of service users. * Give evidence-based advice to individuals or organisations regarding the effects and management of information security factors in a variety of clinical and management contexts. * Explain the procedures involved in applying information security management processes and procedures in a range of clinical and management contexts. * Explain the procedures in assessing the risks in relation to information security management and incident investigation procedures. * Critically analyse the role of information security management in relation to new development in information systems in the NHS. These learning outcomes will be taught and assessed. Skills: On completion of this unit students should be able to: * Apply general guidance and legislation to specific instances * Audit and identify and manage information security risk * Advise on the information security needs of the organisation * Plan and manage their learning through reflecting on and analysing their own learning needs. * Integrate and critically evaluate information gathered from a wide range of resources including the unit resources, text books, journal articles, web pages and other online resources. An appreciation for a hierarchy of evidence should be displayed. * Communicate effectively with colleagues and tutors including through asynchronous online discussions. These learning outcomes will be facilitated and some may be assessed. Content: This unit will introduce the student to the Information Security legislation, guidance and processes that are required in the NHS. This will specifically look at the BS 7799 / ISO 17799 standard. * Information Security Legislation and Guidance - effects of Information security Management on the NHS, service users and organisational management. * IMT Security Officer - role and responsibilities and how this is integrated into the wide Information Governance role * Wider Legislation - Placing information security management in wider national and international legislative context. * Information Sharing - Examining how information can be shared internally, externally and across organisational boundaries. * Risk and Continuity - Assessing Information Security Risk, Information Security Audits and Business continuity * New Developments - The role and place of Information Security Management within new Information Systems developments. |