CIS8018 Strategic Information Security
|Semester 2, 2012 On-campus Toowoomba|
|Faculty or Section :||Faculty of Business and Law|
|School or Department :||School of Information Systems|
|Version produced :||30 December 2013|
Examiner: Angela Howard
Moderator: Jianming Yong
Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at http://www.usq.edu.au/current-students/support/computing/hardware.
The rapid diffusion of technology through industry and society means a greater reliance on electronic media to support business activities. The amount of data and information stored electronically is of great concern to all parties involved. It is vitally important that future managers and IS professionals recognise the need to ensure that information systems are secure from unintentional and intentional threats from both authorised and unauthorised users and still maintain a high level of service. The emergence of online business has raised several important issues regarding how secure transactions are over an inherently insecure medium - the Internet.
This course examines the security concerns and problems resulting from the increased reliance on information technology to enhance business functions. There is an urgent need for management and professionals to have an in-depth understanding of the threats information and communication systems face and the controls or countermeasures that can prevent or limit their devastating effects. This course assists you to recognise the threats and vulnerabilities. Furthermore this course addresses how to design and develop the secure computing systems. This course focuses on information security management, including planning for security, security policy, security management models and practices, risk management, protection mechanisms, security and personnel, law and ethics, and information security project management.
On successful completion of this course, students should be able to:
- demonstrate academic and professional literacy by discussing the major security concerns and identify important legal issues impacting upon information security in the global context
- demonstrate an understanding of the skills required to work in non-traditional and virtual working environments by planning security measures for information systems
- demonstrate an understanding of change on organisations in the global environment and the impact of these on organisational systems by planning business continuity
- communicate professionally and effectively in both oral and written communication to various audiences to achieve targeted outcomes demonstrating and collating concepts of information security policy
- identify and solve complex organisational problems creatively and practically to increase the effectiveness of management processes through the development of a security program for an organisation
- evaluate, synthesise and critically review theoretical frameworks with other evidence to provide solutions to real-world problems by understanding security management models and practices
- demonstrate an understanding of change on organisations in the global environment and the impact of these on organisational systems by understanding risk management
- demonstrate reflective practice and apply learning to different contexts by critically analysing protection mechanisms for information systems to build sound knowledge
- demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by understanding the relationships between security and personnel, between security and law, between security and ethics
- demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by properly applying security principles into information security project management.
|1.||Introduction to the management of information security||5.00|
|3.||Information security policy||10.00|
|4.||Developing the security program||10.00|
|5.||Security management models and practices||10.00|
|8.||Personnel and security||10.00|
|9.||Security, law and ethics||5.00|
Text and materials required to be purchased or accessed
ALL textbooks and materials available to be purchased can be sourced from USQ's Online Bookshop (unless otherwise stated). (https://bookshop.usq.edu.au/bookweb/subject.cgi?year=2012&sem=02&subject1=CIS8018)
Please contact us for alternative purchase options from USQ Bookshop. (https://bookshop.usq.edu.au/contact/)
Summers, J & Smith, B 2010, Communication skills handbook, 3rd edn, John Wiley & Sons, Milton, Queensland.
Whitman, ME & Mattord, HJ 2009, Hands-on information security lab manual, 3rd edn, Thomson Course Technology, Boston, Massachusetts.
Whitman, ME & Mattord, HJ 2010, Management of information security, 3rd edn, Thomson Course Technology, Boston, Massachusetts.
Ford, W & Baum, MS 2001, Secure electronic commerce: building the infrastructure for digital signatures and encryption, 2nd edn, Prentice Hall, Upper Saddle River, New Jersey.
Ghosh, AK 2001, Security and privacy for e-business, John Wiley & Sons, New York.
Greenstein, M & Vasarhelyi, M 2002, Electronic commerce: security, risk management and control, 2nd edn, McGraw-Hill, Boston, Massachusetts.
Miyazaki, AD & Fernandez, A 2000, 'Internet privacy and security: an examination of online retailer disclosures', Journal of Public Policy and Marketing, vol. 19, no. 1, pp. 54 - 62.
(available from EBSCOhost MegaFILE Premier, Business Source Complete AN 3215143.)
Panko, RR 2004, Corporate computer and network security, Pearson Education, New York.
Schneider, GP 2011, Electronic commerce, 9th edn, Course Technology Cengage Learning, Boston, Massachusetts.
Standing, C & Benson, S 2000, 'An effective framework for evaluating policy and infrastructure issues for e-commerce', Information Infrastructure and Policy, vol. 6, no. 4, pp. 227 - 237.
(available from EBSCOhost MegaFILE Premier, Academic Search Complete, AN 4055720.)
Ellison, C & Schneier, B 2000, Risks of PKI: e-commerce, communications of the ACM available at http://www.acm.org/pubs/articles/journals/cacm/2000-43- 2/p152-ellison/p152-ellison.pdf - vol. 43, no. 2, p. 152.
Neumann, PG 2000, Practical architectures for survivable systems and networks, SRI-report for the US Army Research Laboratory available at http://www.csl.sri.com/papers/arl-one/.
Student workload requirements
|Description||Marks out of||Wtg (%)||Due Date||Notes|
|ESSAY||100||5||06 Aug 2012|
|RESEARCH PAPER 1 (REPORT)||100||30||27 Aug 2012|
|RESEARCH PAPER 2 (REPORT)||100||30||17 Sep 2012|
|RESEARCH PAPER 3 (REPORT)||100||35||15 Oct 2012|
Important assessment information
It is the students' responsibility to attend and participate appropriately in all activities (such as lectures, tutorials, laboratories and practical work) scheduled for them, and to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.
Requirements for students to complete each assessment item satisfactorily:
To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks. (Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.)
Penalties for late submission of required work:
If students submit assignments after the due date without prior approval of the examiner, then a penalty of 5% of the total marks gained by the student for the assignment may apply for each working day late up to ten working days at which time a mark of zero may be recorded.
Requirements for student to be awarded a passing grade in the course:
To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.
Method used to combine assessment results to attain final grade:
The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative assessment items in the course.
There is no examination in this course.
Examination period when Deferred/Supplementary examinations will be held:
University Student Policies:
Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at http://policy.usq.edu.au.
Assignments: (i) The due date for an assignment is the date by which a student must despatch the assignment to the USQ. The onus is on the student to provide proof of the despatch date, if requested by the examiner. (ii) Students must retain a copy of each assignment submitted for assessment. This must be produced within 24 hours if required by the examiner. (iii) In accordance with university policy, the examiner may grant an extension of the due date of an assignment in extenuating circumstances. (iv) The examiner will normally only accept assignments which are electronically submitted through the USQ Study Desk for this course. Students who are unable to meet this submission requirement should contact the examiner of the course to negotiate alternative arrangements. (v) In the event that a due date for an assignment falls on a local public holiday in their area, such as a show holiday, the due date for the assignment will be the next day. Students are to note on the assignment cover the date of the public holiday for the examiner's convenience.
Course weightings: Course weightings of topics should not be interpreted as applying to the number of marks allocated to questions testing those topics in an examination paper.
Referencing in assignments: Harvard (AGPS) is the referencing system required in this course. Students should use Harvard (AGPS) style in their assignments to format details of the information sources they have cited in their work. The Harvard (AGPS) style to be used is defined by the USQ Library's referencing guide at http://www.usq.edu.au/library/referencing.
Make-up work: Students who have undertaken all of the required assessments in a course but who have failed to meet some of the specified objectives of a course within the normally prescribed time may be awarded the temporary grade: IM (Incomplete - Make up). An IM grade will only be awarded when, in the opinion of the examiner, a student will be able to achieve the remaining objectives of the course after a period of non-directed personal study.
Deferred work: Students who, for medical, family/personal, or employment-related reasons, are unable to complete an assessment item at the scheduled time may apply to defer an assessment in a course. Such a request must be accompanied by appropriate supporting documentation. A temporary grade of IDM (Incomplete Deferred Make-up) may be awarded.
Computer, e-mail and Internet access: Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at http://www.usq.edu.au/current-students/support/computing/hardware.