CIS 2005 Systems Security and Control

Subject Cat-nbr Class Term Mode Description Units Campus
CIS 2005 44584 2, 2005 ONC Systems Security and Control 1.00 Toowoomba
Academic group: FOBUS
Academic org: FOB005
Student contribution band: 2
ASCED code: 029901

Contents


STAFFING:

Examiner: Anita Ryle
Moderator: Michael Lane



REQUISITES:

Pre-requisite: CIS1000

RATIONALE:

The rapid diffusion of technology through industry and society means a greater reliance on electronic media to support business activities. The amount of data and information stored electronically is of great concern to those who store it and those whose details are stored. It is vitally important that business analysts recognise the need to ensure that information systems are secure from unintentional and intentional threats from both authorised and unauthorised users and still maintain a high level of service.




SYNOPSIS:

The increased reliance on technology to enhance business functions means students must have an understanding of the vulnerabilities and threats which systems face and the controls or countermeasures which can prevent or limit their effect. In this course students will be expected to apply structured risk analysis techniques to determine vulnerability, threat and control profiles for an organisation. Students will then need to develop an Information Security Management Plan which reflects the findings of risk analysis. The ongoing commitment to information systems security that organisations need to take is also stressed in this course.

OBJECTIVES:

On successful completion of this course students will be able to:

  1. have a strong understanding of the vulnerabilities and threats relating to information systems, the controls which can be implemented to mitigate their effect, and relevant standards;
  2. understand the need for information systems security;
  3. relate the three security goals of confidentiality, integrity and availability and four key principles of computer security to business systems;
  4. demonstrate a good understanding of vulnerabilities, threats and related controls relating to physical security, software security, operating system security and database security;
  5. have a basic understanding of cryptography, including knowledge of DES, AES and public key encryption systems;
  6. discuss advantages and disadvantages of various methods of user authentication and recognise that a combination of methods is preferable;
  7. describe various network related threats and controls as covered in this course;
  8. discuss specific e-commerce security issues as covered in this course;
  9. recognise that legal and ethical issues can play a part in information systems security;
  10. perform risk analysis techniques to determine vulnerability and threat profiles for an organisation;
  11. identify techniques for treating vulnerability and threat profiles to minimise their effect for an organisation;
  12. provide well written reports on the findings of risk analysis projects of various business computer systems in the form of an Information Security Management Plan; and
  13. recognise the ongoing commitment to information systems security that is imperative for organisations to maintain reasonably secure information systems and understand the concept of continual improvement.

TOPICS:


Description Weighting (%)
1. Key concepts and physical security
 10.00
2. Cryptography
 8.00
3. Software security
 8.00
4. Operating system security and user authentication
 8.00
5. Information security management system
 8.00
6. Information security risk analysis
 8.00
7. Information security risk treatment
 8.00
8. Network security threats
 8.00
9. Network security controls
 10.00
10. Database security
 8.00
11. Electronic commerce security issues
 8.00
12. Legal and ethical issues
 8.00

TEXT and MATERIALS required to be PURCHASED or accessed:

ALL textbooks and materials are available for purchase from USQ BOOKSHOP (unless otherwise stated). Orders may be placed via secure internet, free fax 1800642453, phone 07 46312742 (within Australia), or mail. Overseas students should fax +61 7 46311743, or phone +61 7 46312742. For costs, further details, and internet ordering, use the 'Textbook Search' facility at http://bookshop.usq.edu.au click 'Semester', then enter your 'Course Code' (no spaces).

All students will need access to a PC word processing and spreadsheet package. Any package will suffice.

CIS2005 study package available from the USQ Bookshop.

Students also need MS Windows to view multimedia materials.

Pfleeger, CP & Pfleeger, SL 2003, Security in computing, 3rd edn, Prentice-Hall Inc, Upper Saddle River, New Jersey.

Summers, J & Smith, B 2004, Communication skills handbook: how to succeed in written and oral communication, John Wiley & Sons, Milton, Queensland.
(revised & updated edition)

REFERENCE MATERIALS:

Reference materials are materials that, if accessed by students, may improve their knowledge and understanding of the material in the course and enrich their learning experience.

Bragg, R, Rhodes-Ousley, M & Strassberg, K 2004, Network security: the complete reference, McGraw-Hill, Emeryville, California.

Campbell, P, Calvert, B & Boswell, S 2003, Security+ guide to network security fundamentals, Cisco Learning Institute, Boston, Massachusetts.

Cheswick, WR, Bellovin, SM & Rubin, AD 2003, Firewalls and Internet security, 2nd edn, Pearson Education, Boston, Massachusetts.

Erbschloe, M 2003, Guide to disaster recovery, Course Technology, Boston, Massachusetts.

Parker, DB 1998, Fighting computer crime: a new framework for protecting information, John Wiley & Sons, New York.

Schneier, B 2000, Secrets and lies: digital security in a networked world, John Wiley & Sons, New York.




STUDENT WORKLOAD REQUIREMENTS:

ACTIVITY HOURS
Laboratory or Practical Classes 26.00
Lectures 26.00
Private Study 110.00


ASSESSMENT DETAILS:

Description Marks out of Wtg(%) Due date
ASSIGNMENT 100.00 30.00 12 Oct 2005
3 HOUR EXAMINATION 100.00 70.00 END S2 (see note 1)
NOTES:
1.
The examination is scheduled to be held in the end-of-semester examination period. Students will be advised of the official examination date after the timetable has been finalised.

IMPORTANT ASSESSMENT INFORMATION

  1. Attendance requirements:
    It is the students' responsibility to attend and participate appropriately in all activities (such as lectures, tutorials, laboratories and practical work) scheduled for them, and to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.
  2. Requirements for students to complete each assessment item satisfactorily:
    To complete the assignment satisfactorily, students must obtain at least 50% of the marks available for the assignment. To complete the examination satisfactorily, students must obtain at least 50% of the marks available for the examination.
  3. Penalties for late submission of required work:
    If students submit assignments after the due date without prior approval then a penalty of 20% of the total marks available for the assignment may apply for each working day late.
  4. Requirements for student to be awarded a passing grade in the course:
    To be assured of receiving a passing grade a student must attempt all of the summative assessment items, achieve a mark of at least 50% for the assignment, achieve a mark of at least 50% for the examination, and at least 50% of the available weighted marks for the summative assessment items.
  5. Method used to combine assessment results to attain final grade:
    The final grades for students will be assigned on the basis of the weighted aggregate of the marks obtained for each of the summative assessment items in the course.
  6. Examination information:
    This is a restricted examination. Candidates are allowed access to specific materials during the examination. The only materials that candidates may use in the examination for this course are (i) Writing materials: non-electronic and free from material which could give the student an unfair advantage in the examination; (ii) Translation dictionaries: with the Examiner's approval, candidates may, take an appropriate non-electronic translation dictionary into the examination. This will be subject to perusal and, if it is found to contain annotations or markings that could give the candidate an unfair advantage, it may be removed from the candidate's possession until the appropriate disciplinary action is completed.
  7. Examination period when Deferred/Supplementary examinations will be held:
    Any Deferred or Supplementary examinations for this course will be held during the next examination period.
  8. University Regulations:
    Students should read USQ Regulations 5.1 Definitions, 5.6. Assessment, and 5.10 Academic Misconduct for further information and to avoid actions which might contravene University Regulations. These regulations can be found at the URL http://www.usq.edu.au/corporateservices/calendar/part5.htm. Students should also read the Faculty of Business Guide to Policies and Procedures of the Faculty which can be found at the URL http://www.usq.edu.au/handbook/current/buspolproc.html.

ASSESSMENT NOTES

1. Assignments: (i) The due date for an assignment is the date by which a student must despatch the assignment to the USQ. The onus is on the student to provide proof of the despatch date, if requested by the Examiner. (ii) If requested, students will be required to provide a copy of an assignment submitted for assessment purposes. This should be despatched to the USQ within 24 hours of receipt of a request being made. (iii) The Examiner may grant an extension of the due date of an assignment in extenuating circumstances. Students may apply for an extension before the due date or include an application with the submitted assignment after the due date. Such applications should be in writing and include supporting documentary evidence. The authority for granting extensions rests with the relevant Examiner. (iv) The Examiner will normally only accept assessments that have been written, typed or printed on paper-based media. (v) In the event that a due date for an assignment falls on a local public holiday in their area, such as a Show holiday, the due date for the assignment will be the next day. Students are to note on the assignment cover the date of the public holiday for the Examiner's convenience.
2. Course Weightings: Course weightings of topics should not be interpreted as applying to the number of marks allocated to questions testing those topics in an examination paper.
3. Guidelines for Assignments: Unless otherwise directed by the Examiner, all written and oral assignments submitted by students must conform to the guidelines laid out in the 'Communication skills handbook: How to succeed in written and oral communication'. Any work not prepared in accordance with these guidelines may be subject to penalty or requirement for resubmission.
4. Make-up Work: Students who have undertaken all of the required assessments in a course but who have failed to meet some of the specified objectives of a course within the normally prescribed time may be awarded the temporary grade: IM (Incomplete - Make up). An IM grade will only be awarded when, in the opinion of the Examiner, a student will be able to achieve the remaining objectives of the course after a period of non-directed personal study.
5. Deferred Work: Students who, for medical, family/personal, or employment-related reasons, are unable to complete an assignment or to sit for an examination at the scheduled time may apply to defer an assessment in a course. Such a request must be accompanied by appropriate supporting documentation. One of the following temporary grades may be awarded: IDS (Incomplete - Deferred Examination); IDM (Incomplete Deferred Make-up); IDB (Incomplete - Both Deferred Examination and Deferred Make-up).

OTHER REQUIREMENTS:

  1. Learning Resources: Prescribed text and materials (see above); prescribed reference materials (see above); printed Introductory Book*, Study Book/s*, and Book/s of Selected Readings*; and course Website accessible via USQConnect. *part of the study package available from the USQ Bookshop.
  2. E-mail and Internet Access: Students will require access to e-mail and Internet access to USQConnect for this course.