USQ LogoCourse specification
The current and official versions of the course specifications are available on the web at //
Please consult the web for updates that may occur during the year.

CIS2005 Principles of Information Security

Semester 2, 2015 External Toowoomba
Units : 1
Faculty or Section : Faculty of Business, Education, Law and Arts
School or Department : School of Management and Enterprise

Contents on this page


Examiner: Michael Lane
Moderator: Jianming Yong

Other requisites

Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at //


The amount of information stored electronically is growing exponentially. At the same time there is an increasing reliance on the Internet and local area networks, information systems and computing devices to store and provide information with the appropriate level of confidentiality, integrity and availability. Hence it is important to ensure that information, systems, networks and computing devices are secure from unintentional and intentional threats from both authorised and unauthorised users while maintaining a high level of service.


There is an increased reliance on the Internet, networks, information systems and computing devices to provide access to information and systems anywhere and anytime. Hence business professionals must have a good understanding of the vulnerabilities and threats to information, systems and networks and the controls that prevent or limit the risks to an acceptable level. It is a goal of this course for business professionals to develop their skills and knowledge so that they can evaluate information security situations, identify specific threats, vulnerabilities, and clearly communicate and manage the risks. The ongoing commitment to effective information security including ethical and privacy considerations is also stressed in this course.


On successful completion of this course, students should be able to:

  1. analyse information security vulnerabilities and threats and determine appropriate controls that can be applied to mitigate the potential risks
  2. explain why continual improvement is necessary to maintain reasonably secure information systems and IT infrastructure and to describe the role of disaster recovery and business continuity plans in recovering information and operational systems when systems and hardware fail
  3. describe why legal privacy and ethical issues play an important part in effectively managing information security
  4. demonstrate an ability to communicate effectively both written and orally about the management of information security in organisations.


Description Weighting(%)
1. Network security 21.00
2. Compliance and operational security 18.00
3. Threats and vulnerabilities 21.00
4. Application, data and host security 16.00
5. Access control and identity management 13.00
6. Cryptography 11.00

Text and materials required to be purchased or accessed

ALL textbooks and materials available to be purchased can be sourced from USQ's Online Bookshop (unless otherwise stated). (

Please contact us for alternative purchase options from USQ Bookshop. (

  • Conklin, WMA & White, G 2012, Principles of computer security: CompTIA security+ and beyond (exam SY0-301), 3rd edn, McGraw-Hill, New York.
    (includes CD.)
  • All students will need access to a PC word processing and spreadsheet package. Any package will suffice.
  • Students also need MS Windows to view multimedia materials.

Reference materials

Reference materials are materials that, if accessed by students, may improve their knowledge and understanding of the material in the course and enrich their learning experience.
  • Cheswick, WR, Bellovin, SM & Rubin, AD 2003, Firewalls and Internet security: repelling the wily hacker, 2nd edn, Addison-Wesley, Boston, Massachusetts.
  • Pfleeger, CP & Pfleeger, SL 2007, Security in computing, 4th edn, Prentice Hall, Upper Saddle River, New Jersey.
  • Stewart, J 2011, CompTIA Security+ review guide: exam SY0-301, 2nd edn, John Wiley, Hoboken, New Jersey.
    (includes CD.)
  • Whitman, M & Mattford, H 2011, Principles of information security, 4th edn, Course Technology, Boston, Massachusetts.

Student workload requirements

Activity Hours
Private Study 155.00

Assessment details

Description Marks out of Wtg (%) Due Date Notes
ASST 1 - ONLINE QUIZ 100 5 07 Aug 2015
ASST 2 - WRITTEN REPORT 100 15 04 Sep 2015
ASST 3 - CASE STUDY REPORT 100 30 16 Oct 2015
EXAM PART A - MULTIPLE CHOICE 30 15 End S2 (see note 1)

  1. The total working time for the examination (parts A and B) is 2 hours. The examination date will be available via UConnect when the official examination timetable has been released.

Important assessment information

  1. Attendance requirements:
    External/Online: If you are an international student in Australia, you are advised to attend all classes at your campus. For all other students, there are no attendance requirements for this course. However, it is the students' responsibility to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.

    On-campus: It is the students' responsibility to attend and participate appropriately in all activities (such as lectures, tutorials, laboratories and practical work) scheduled for them, and to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.

  2. Requirements for students to complete each assessment item satisfactorily:
    To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks. (Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.)

  3. Penalties for late submission of required work:
    Students should refer to the Assessment Procedure (point 4.2.4)

  4. Requirements for student to be awarded a passing grade in the course:
    To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.

  5. Method used to combine assessment results to attain final grade:
    The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative assessment items in the course.

  6. Examination information:
    This is a restricted examination. The only materials that candidates may use in the examination for this course are:
    1. writing materials. These must be non-electronic and free from material which could give the student an unfair advantage in the examination.
    2. an unmarked non-electronic translation dictionary (but not technical dictionary). A student whose first language is not English may take a translation dictionary into the examination room. A translation dictionary with any handwritten notes will not be permitted. Translation dictionaries will be subject to perusal and may be removed from the candidate's possession until appropriate disciplinary action is completed if found to contain material that could give the candidate an unfair advantage.

  7. Examination period when Deferred/Supplementary examinations will be held:
    Any Deferred or Supplementary examinations for this course will be held during the next examination period.

  8. University Student Policies:
    Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at

Assessment notes

  1. Referencing in assignments:
    Harvard (AGPS) is the referencing system required in this course. Students should use Harvard (AGPS) style in their assignments to format details of the information sources they have cited in their work. The Harvard (AGPS) style to be used is defined by the USQ Library's referencing guide at //