|8W Teaching Period 6, 2021 Online|
|Short Description:||Insider Cyber Threats|
|Faculty or Section :||Faculty of Business, Education, Law and Arts|
|School or Department :||School of Business|
|Student contribution band :||Band 2|
|ASCED code :||020399 - Information Systems not elsewh|
|Grading basis :||Graded|
Examiner: Scott Sorley
Insider threats come from within organisational trust boundaries and as such are very different to cyber threats originating from outside the organisation. They can be difficult to detect and can cause significant risk and impact. Understanding the insider threat, and how it can be detected and mitigated is a critical objective to reduce cyber risk and a vital control for organisations. Students will learn about what insider cyber threats are, how to detect them, and how to mitigate against them. Real world examples from multiple industries are used to illustrate key principles.
The minicourse provides an understanding of threats to cyber security of an organisation that are posed from within the internal environment of the organisation. Students will learn about the range and nature of insider cyber threats that occur maliciously, as a result of negligence or through the organisation's supply chain. Students will also learn what system, tools and approaches organisations can exploit to detect or predict insider cyber threats or what defence they need to consider in their overall security strategy and approach.
On successful completion of this course students should be able to:
- analyse information, concepts and theories related to human roles in insider threats (CIS8710 LO2)
- analyse and apply specialist knowledge related to managing human factors and behaviour to counter insider cyber threats (CIS8710 LO3, LO4)
- analyse, evaluate and apply sources of specialist human behavioural knowledge relating to cyber security knowledge, and how these can be applied towards improved cyber security controls (CIS8710 LO4).
|1.||Introduction to insider threats: This topic introduces students to the concept of insider threat within a cyber security context. It explores different types of insider threats and discusses how they occur||25.00|
|2.||Supply chain attacks: This topic gives students an understanding of a supply chain attack. It explores different types of supply chain attacks and how they occur from within the organisation’s supply chain||25.00|
|3.||Detection of insider threats: This topic discusses insider threat detection systems and approaches||25.00|
|4.||Human centric controls for managing insider threats: This topic covers a variety of controls that help deter and discourage insider attacks on an organisation||25.00|
Text and Materials
Student Workload Expectations
|Description||Marks out of||Wtg (%)||Due Date||Notes|
|ASSESSMENT 1||50||100||03 Dec 2021||(see note 1)|
- The assessment for this minicourse is due in Week 7. Students have access to the learning platform for a total of 11 weeks.
Important assessment information
There are no attendance requirements for this course. However, it is the students’ responsibility to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.
Requirements for students to complete each assessment item satisfactorily:
To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks for that item. Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.
Penalties for late submission of required work:
Students should refer to the Assessment Procedure http://policy.usq.edu.au/documents.php?id=14749PL (point 4.2.4)
Requirements for student to be awarded a passing grade in the course:
To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.
Method used to combine assessment results to attain final grade:
The final grade for the full course will be assigned on the basis of the aggregate of the weighted marks obtained for each mapped minicourse, once all assessments have been successfully undertaken.
There is no examination in this course.
Examination period when Deferred/Supplementary examinations will be held:
Deferred and Supplementary examinations will be held in accordance with the Assessment Procedure https://policy.usq.edu.au/documents/14749PL.
University Student Policies:
Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at http://policy.usq.edu.au.
Referencing in assignments must comply with the Harvard (AGPS) referencing system. This system should be used by students to format details of the information sources they have cited in their work. The Harvard (APGS) style to be used is defined by the USQ library’s referencing guide. This guide can be found at http://www.usq.edu.au/library/referencing.
Evaluation and Benchmarking
In meeting the University’s aims to establish quality learning and teaching for all programs, this course monitors and ensures quality assurance and improvements in at least two ways. This course:
• conforms to the USQ Policy on Evaluation of Teaching, Courses and Programs to ensure ongoing monitoring and systematic improvement
• forms part of CIS8710 Human Factors in Cyber Security
and is benchmarked against the internal USQ accreditation/reaccreditation processes which include
(i) stringent standards in the independent accreditation of its academic programs,
(ii) close integration between business and academic planning, and
(iii) regular and rigorous review.
There are 4 minicourses at 0.25 credit point that map to 1 full course. To receive credit for this minicourse into the full course, students must successfully pass the assessment. Once all 4 mapped minicourses have been successfully completed, a credit into the full course applies.