USQ Logo
The current and official versions of the course specifications are available on the web at https://www.usq.edu.au/course/specification/current.
Please consult the web for updates that may occur during the year.

CIS5205 Management of Information Security

Semester 2, 2021 On-campus Toowoomba
Short Description: Mgt of Information Security
Units : 1
Faculty or Section : Faculty of Business, Education, Law and Arts
School or Department : School of Business
Student contribution band : Band 2
ASCED code : 020399 - Information Systems not elsewh
Grading basis : Graded
Version produced : 11 April 2021

Staffing

Examiner: Michael Lane

Requisites

Co-requisite: CIS5100

Other requisites

Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at http://www.usq.edu.au/current-students/support/computing/hardware.

Rationale

Information Communications and Technology professionals need to develop a good breadth of knowledge and skills required for the secure management of information technology and communications assets for organisations. Students must have a good working knowledge of the role of information security in providing an appropriate level of confidentiality, integrity and availability for ICT Assets while considering the legal, privacy and ethical implications. Students need to develop the knowledge and skills using a range of security technologies and tools to identify potential threats and vulnerabilities that may exist in business systems and networks and manage security architecture and design and the associated risks and legal, privacy and ethical issues that may rise. This course provides students with an intermediate knowledge of the key principles necessary for managing the security of an organisation's ICT assets including information, information systems and networks.

Synopsis

Students study contemporary information security theory and practice in the context of threats, attacks and vulnerabilities that may exist in relation to organisation's information, communications and technology assets and the controls that can be put in place to ensure that the risks are managed at an acceptable level. Students will develop their skills and knowledge so that they can evaluate information security situations. They will be able to identify specific threats, attacks, vulnerabilities and manage security architecture and design and legal, privacy or ethical issues that may arise. They will be able to clearly communicate and provide advice and guidance to business managers and operational employees to manage the risks identified. Students will be assessed on their understanding of key concepts of information security and their ability to apply and communicate effectively contemporary information security theory and practice to real world problems.

Objectives

On successful completion of this course students should be able to:

  1. analyse and evaluate the potential risks associated information security vulnerabilities, attacks and threats and explain how security architecture, design and controls that can be applied to mitigate those potential risks;
  2. analyse systems and hardware failures and provide advice and guidelines on disaster recovery and business continuity plans for critical recovering information and operational systems;
  3. evaluate and explain legal privacy and ethical situations to effectively managing information security;
  4. communicate effectively both written and orally by providing advise and guidance on the risks and technical and people issues associated with management of information security to business managers and operational employees in organisations.

Topics

Description Weighting(%)
1. Threats, Attacks and Vulnerabilities 20.00
2. Security Technologies and Tools 15.00
3. Security Architecture and Design 20.00
4. Identity and Access Management 15.00
5. Risk management 10.00
6. Cryptography and Public Key Infrastructure 10.00
7. Legal, privacy and ethical considerations 10.00

Text and materials required to be purchased or accessed

ALL textbooks and materials available to be purchased can be sourced from USQ's Online Bookshop (unless otherwise stated). (https://omnia.usq.edu.au/textbooks/?year=2021&sem=02&subject1=CIS5205)

Please contact us for alternative purchase options from USQ Bookshop. (https://omnia.usq.edu.au/info/contact/)

Conklin, WMA, White, G, Cothren, C & Williams, D 2018, Principles of computer security: CompTIA security+ and beyond (exam SY0-501), 5th edn, McGraw-Hill, New York.
(includes CD.)
All students will need access to a PC word processing and spreadsheet package. Any package will suffice.
Students also need MS Windows to view multimedia materials.

Reference materials

Reference materials are materials that, if accessed by students, may improve their knowledge and understanding of the material in the course and enrich their learning experience.
Cheswick, WR, Bellovin, SM & Rubin, AD 2003, Firewalls and Internet security: repelling the wily hacker, 2nd edn, Addison-Wesley, Boston, Massachusetts.
Pfleeger, CP & Pfleeger, SL 2015, Security in computing, 5th edn, Prentice Hall, Upper Saddle River, New Jersey.
Stewart, J 2017, CompTIA Security+ review guide: exam SY0-501, 4th edn, John Wiley, Indianapolis, Indiana.
Whitman, M & Mattford, H 2017, Principles of information security, 6th edn, Course Technology, Boston, Massachusetts.

Student workload expectations

Activity Hours
Directed Study 65.00
Independent Study 100.00

Assessment details

Description Marks out of Wtg (%) Due Date Objectives Assessed Notes
ASST 1 (MOODLE QUIZ) 100 20 06 Aug 2021 1
ASST 2 (WRITTEN REPORT) 100 20 25 Aug 2021 1,2,4
ASST 3 (CASE STUDY) 100 50 09 Oct 2021
ASST 4 (MOODLE QUIZ) 100 10 16 Oct 2021 2,3

Important assessment information

  1. Attendance requirements:
    Online: There are no attendance requirements for this course. However, it is the students' responsibility to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.

    On-campus: It is the students' responsibility to attend and participate appropriately in all activities (such as lectures, tutorials, laboratories and practical work) scheduled for them, and to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.

  2. Requirements for students to complete each assessment item satisfactorily:
    To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks. (Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.)

  3. Penalties for late submission of required work:
    Students should refer to the Assessment Procedure http://policy.usq.edu.au/documents.php?id=14749PL (point 4.2.4)

  4. Requirements for student to be awarded a passing grade in the course:
    To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.

  5. Method used to combine assessment results to attain final grade:
    The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative assessment items in the course.

  6. Examination information:
    This is a closed examination. Candidates are allowed to bring only writing and drawing instruments into a closed examination.

  7. Examination period when Deferred/Supplementary examinations will be held:
    Any Deferred or Supplementary examinations for this course will be held during the next examination period.

  8. University Student Policies:
    Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at http://policy.usq.edu.au.

Assessment notes

  1. Referencing in assignments:
    Harvard (AGPS) is the referencing system required in this course. Students should use Harvard (AGPS) style in their assignments to format details of the information sources they have cited in their work. The Harvard (AGPS) style to be used is defined by the USQ Library's referencing guide at http://www.usq.edu.au/library/referencing.

Date printed 11 April 2021