CIS2005 Principles of Information Security
|Semester 2, 2013 On-campus Toowoomba|
|Faculty or Section :||Faculty of Business and Law|
|School or Department :||School of Information Systems|
|Version produced :||21 July 2014|
Examiner: Michael Lane
Moderator: Angela Howard
Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at http://www.usq.edu.au/current-students/support/computing/hardware.
The amount of information stored electronically is growing exponentially. At the same time there is an increasing reliance on the Internet and local area networks, information systems and computing devices to store and provide information with the appropriate level of confidentiality, integrity and availability. Hence it is important to ensure that information, systems, networks and computing devices are secure from unintentional and intentional threats from both authorised and unauthorised users while maintaining a high level of service.
There is an increased reliance on the Internet, networks, information systems and computing devices to provide access to information and systems anywhere and anytime. Hence business professionals must have a good understanding of the vulnerabilities and threats to information, systems and networks and the controls that prevent or limit the risks to an acceptable level. It is a goal of this course for business professionals to develop their skills and knowledge so that they can evaluate information security situations, identify specific threats, vulnerabilities, and clearly communicate and manage the risks. The ongoing commitment to effective information security including ethical and privacy considerations is also stressed in this course.
On successful completion of this course, students should be able to:
- analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
- explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
- describe why legal privacy and ethical issues play an important part in effectively managing information security
- demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.
|2.||Compliance and operational security||18.00|
|3.||Threats and vulnerabilities||21.00|
|4.||Application, data and host security||16.00|
|5.||Access control and identity management||13.00|
Text and materials required to be purchased or accessed
ALL textbooks and materials available to be purchased can be sourced from USQ's Online Bookshop (unless otherwise stated). (https://bookshop.usq.edu.au/bookweb/subject.cgi?year=2013&sem=02&subject1=CIS2005)
Please contact us for alternative purchase options from USQ Bookshop. (https://bookshop.usq.edu.au/contact/)
Conklin, WMA, White, G, Williams, D, Davis, R & Cothren, C 2012, All in one CompTIA security+ exam guide (exam SY0-301), 3rd edn, McGraw-Hill, New York.
Summers, J & Smith, B 2010, Communication skills handbook, 3rd edn, John Wiley & Sons, Milton, Queensland.
All students will need access to a PC word processing and spreadsheet package. Any package will suffice.
Students also need MS Windows to view multimedia materials.
Cheswick, WR, Bellovin, SM & Rubin, AD 2003, Firewalls and Internet security: repelling the wily hacker, 2nd edn, Addison-Wesley, Boston, Massachusetts.
Pfleeger, CP & Pfleeger, SL 2007, Security in computing, 4th edn, Prentice Hall, Upper Saddle River, New Jersey.
Stewart, J 2011, CompTIA Security+ review guide: exam SY0-301, 2nd edn, John Wiley, Hoboken, New Jersey.
Whitman, M & Mattford, H 2011, Principles of information security, Cengage Learning, Boston, Massachusetts.
Wysopal, C, et al 2006, The art of software security testing: identifying software security flaws, Addison-Wesley, New York.
Student workload requirements
|Laboratory or Practical Classes||26.00|
|Description||Marks out of||Wtg (%)||Due Date||Notes|
|ASST 1 - ONLINE QUIZ||100||5||02 Aug 2013|
|ASST 2 - WRITTEN REPORT||100||15||30 Aug 2013|
|ASST 3 - CASE STUDY REPORT||100||30||11 Oct 2013|
|EXAMINATION - PART A||30||15||End S2||(see note 1)|
|EXAMINATION - PARTS B & C||70||35||End S2|
- The examination is scheduled to be held in the end-of-semester examination period. Students will be advised of the official examination date for Exam (Parts A, B and C) after the timetable has been finalised. The total working time for Exam (Parts A, B and C) is 2 hours.
Important assessment information
It is the students' responsibility to attend and participate appropriately in all activities (such as lectures, tutorials, laboratories and practical work) scheduled for them, and to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.
Requirements for students to complete each assessment item satisfactorily:
To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks. (Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.)
Penalties for late submission of required work:
If students submit assignments after the due date without prior approval of the examiner, then a penalty of 5% of the total marks gained by the student for the assignment may apply for each working day late up to ten working days at which time a mark of zero may be recorded.
Requirements for student to be awarded a passing grade in the course:
To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.
Method used to combine assessment results to attain final grade:
The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative assessment items in the course.
This is a restricted examination. Candidates are allowed access to specific materials during the examination. The only materials that candidates may use in the examination for this course are:
- writing materials. These must be non-electronic and free from material which could give the student an unfair advantage in the examination.
- translation dictionary. With the examiner's approval, candidates may, take an appropriate non-electronic translation dictionary into the examination. This will be subject to perusal and, if it is found to contain annotations or markings that could give the candidate an unfair advantage, it may be removed from the candidate's possession until the appropriate disciplinary action is completed.
Examination period when Deferred/Supplementary examinations will be held:
Any Deferred or Supplementary examinations for this course will be held during the next examination period.
University Student Policies:
Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at http://policy.usq.edu.au.
- The due date for an assignment is the date by which a student must despatch the assignment to the USQ. The onus is on the student to provide proof of the despatch date, if requested by the examiner.
- Students must retain a copy of each assignment submitted for assessment. This must be produced within 24 hours if required by the examiner.
- In accordance with university policy, the examiner may grant an extension of the due date of an assignment in extenuating circumstances.
- The examiner will normally only accept assignments which are electronically submitted through the USQ Study Desk for this course. Students who are unable to meet this submission requirement should contact the examiner of the course to negotiate alternative arrangements.
- Students who do not have regular access to postal services or who are otherwise disadvantaged by these regulations may be given special consideration. They should contact the examiner to negotiate such special arrangements.
- In the event that a due date for an assignment falls on a local public holiday in their area, such as a show holiday, the due date for the assignment will be the next day. Students are to note on the assignment cover the date of the public holiday for the examiner's convenience.
Course weightings of topics should not be interpreted as applying to the number of marks allocated to questions testing those topics in an examination paper.
Referencing in assignments:
Harvard (AGPS) is the referencing system required in this course. Students should use Harvard (AGPS) style in their assignments to format details of the information sources they have cited in their work. The Harvard (AGPS) style to be used is defined by the USQ Library's referencing guide at http://www.usq.edu.au/library/referencing.
Students who have undertaken all of the required assessments in a course but who have failed to meet some of the specified objectives of a course within the normally prescribed time may be awarded the temporary grade: IM (Incomplete - Make up). An IM grade will only be awarded when, in the opinion of the examiner, a student will be able to achieve the remaining objectives of the course after a period of non-directed personal study.
Students who, for medical, family/personal, or employment-related reasons, are unable to complete an assignment or to sit for an examination at the scheduled time may apply to defer an assessment in a course. Such a request must be accompanied by appropriate supporting documentation. One of the following temporary grades may be awarded: IDS (Incomplete - Deferred Examination); IDM (Incomplete Deferred Make-up); IDB (Incomplete - Both Deferred Examination and Deferred Make-up).
E-mail and Internet access:
Students will require access to e-mail and Internet access to UConnect for this course.