USQ Logo
The current and official versions of the course specifications are available on the web at
Please consult the web for updates that may occur during the year.

CIS8712 Information Assurance and Risk Management

Semester 1, 2022 Online
Units : 1
Faculty or Section : Faculty of Business, Education, Law and Arts
School or Department : School of Business
Student contribution band : Band 2
Grading basis : Graded
Version produced : 27 June 2022


Examiner: Mahdi Fahmideh


Risk Management is at the core of protecting a business or organisation against cyber threats, while enabling operational and innovative business activity. Identifying information assets to protect, understanding organisational risk tolerance and assuring the operation of an appropriate control set is at the core of an effective cyber security strategy. This course explores and provides insights, strategies and skills in designing, operating and evaluating an information assurance and risk management function.

This course explores identification of information assets, evaluation of cyber security controls and risk management across the spectrum of the cyber security functions. A variety of industry standard risk management frameworks and approaches are reviewed and analysed in order to provide a comprehensive perspective on developing a mature risk management strategy. Information assurance approaches and skills are examined to test and validate the effectiveness and appropriateness of the control environment, and communicate this to organisational and external stakeholders.

Course learning outcomes

On successful completion of this course students should be able to:

  1. apply specialised knowledge relating to risk management and information assurance as it relates to information security and cybersecurity;
  2. analyse critically, reflect on and synthesise complex issues, frameworks, problems, concepts and theories relating to the role or organisational cyber risk management and the information assurance function;
  3. examine and then apply specialist knowledge and skills in developing and implementing cyber risk management and an information assurance function;
  4. research and review sources of specialist risk management knowledge relating to cyber security, and how these can be applied towards specific organisational requirements;
  5. interpret, articulate and communicate complex issues relating to risk management and information assurance in cyber security to achieve targeted outcomes.


Description Weighting(%)
1. Risk Management frameworks 10.00
2. Implementing risk management practices 20.00
3. Cyber Security controls 20.00
4. Information Assurance Practices and Processes 20.00
5. Communicating Risk 20.00
6. Risk management for emergent threats 10.00

Text and materials required to be purchased or accessed

There is no prescribed textbook for this course, required materials will be packaged with lecture content and materials.

Student workload expectations

To do well in this subject, students are expected to commit approximately 10 hours per week including class contact hours, independent study, and all assessment tasks. If you are undertaking additional activities, which may include placements and residential schools, the weekly workload hours may vary.

Assessment details

Description Weighting (%)
Online Test 10
Written Assignment 40
Date printed 27 June 2022