CQUniversity Unit Profile
COIT20263 Information Security Management
Information Security Management
All details in this unit profile for COIT20263 have been officially approved by CQUniversity and represent a learning partnership between the University and you (our student).
The information will not be changed unless absolutely necessary and any change will be clearly indicated by an approved correction included in the profile.
General Information

Overview

This advanced management unit provides postgraduate networks and information security students with a thorough understanding of the concepts, processes and controls for the assurance of information security within a business organisation. The unit builds on student’s prior knowledge of the measures associated with the protection of an organisation’s information infrastructure assets and the most cost-effective and appropriate ways of planning and implementing these measures. Drawing on the fundamental premise that information security is a management issue, and not a technical one alone, the unit covers areas of information security planning, governance, policies, best practices, risk management, compliance, personnel, law and ethics. The unit qualifies the student to apply the gained knowledge and skills to real world situations, and in accordance with standards set by governments, professional bodies and industry.

Details

Career Level: Postgraduate
Unit Level: Level 9
Credit Points: 6
Student Contribution Band: 8
Fraction of Full-Time Student Load: 0.125

Pre-requisites or Co-requisites

Prerequisite: COIT20261 Network Routing and Switching

Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).

Offerings For Term 3 - 2017

Brisbane
Distance
Melbourne
Sydney

Attendance Requirements

All on-campus students are expected to attend scheduled classes – in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).

Class and Assessment Overview

Recommended Student Time Commitment

Each 6-credit Postgraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.

Class Timetable

Bundaberg, Cairns, Emerald, Gladstone, Mackay, Rockhampton, Townsville
Adelaide, Brisbane, Melbourne, Perth, Sydney

Assessment Overview

1. Group Discussion
Weighting: 15%
2. Practical and Written Assessment
Weighting: 35%
3. Group Discussion
Weighting: 10%
4. Practical and Written Assessment
Weighting: 40%

Assessment Grading

This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of ‘pass’ in order to pass the unit. If any ‘pass/fail’ tasks are shown in the table above they must also be completed successfully (‘pass’ grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the ‘assessment task’ section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University’s Grades and Results Policy for more details of interim results and final grades.

Previous Student Feedback

Feedback, Recommendations and Responses

Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.

Feedback from Review by Unit Coordinator

Feedback

The number of PowerPoint slides of week 12 is too high.

Recommendation

Summarise and reduce the number of PowerPoint slides.

Unit Learning Outcomes
On successful completion of this unit, you will be able to:
  1. Explain how information security management fits into general business management.
  2. Analyse the information security domain both in respect of security policy and security application.
  3. Examine the dominant information security blueprints, methods, processes and models, within the framework of national and international standards.
  4. Research emerging trends in the certification and accreditation of information security systems in Australia and other countries.
  5. Analyse various risk theories and how these will be applied to the protection of information assets.
  6. Critically evaluate and reflect on ethical issues that relate to the practice of information security.
  7. Compare and contrast current laws, regulations, and relevant professional organisations.

Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is in use in over 100 countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles.
ACS members can use the online tool MySFIA to build their skills profile at https://www.acs.org.au/professionalrecognition/mysfia-b2c.html
This unit contributes to the following workplace skills as defined by SFIA. The SFIA code is included:
  • Information Management (IRMG)
  • Information Security (SCTY)
  • Business Risk Management (BURM);
  • Continuity Management (COPL)
  • Data Management (DATM)
  • Methods and Tools (METL)

Alignment of Learning Outcomes, Assessment and Graduate Attributes
N/A Level
Introductory Level
Intermediate Level
Graduate Level
Professional Level
Advanced Level

Alignment of Assessment Tasks to Learning Outcomes

Assessment Tasks Learning Outcomes
1 2 3 4 5 6 7
1 - Group Discussion - 15%
2 - Practical and Written Assessment - 35%
3 - Group Discussion - 10%
4 - Practical and Written Assessment - 40%

Alignment of Graduate Attributes to Learning Outcomes

Graduate Attributes Learning Outcomes
1 2 3 4 5 6 7
1 - Knowledge
2 - Communication
3 - Cognitive, technical and creative skills
4 - Research
5 - Self-management
6 - Ethical and Professional Responsibility
7 - Leadership
8 - Aboriginal and Torres Strait Islander Cultures

Alignment of Assessment Tasks to Graduate Attributes

Assessment Tasks Graduate Attributes
1 2 3 4 5 6 7 8
1 - Group Discussion - 15%
2 - Practical and Written Assessment - 35%
3 - Group Discussion - 10%
4 - Practical and Written Assessment - 40%
Textbooks and Resources

Textbooks

Prescribed

Management of Information Security

Edition: 5th (2017)
Authors: Michael E. Whitman & Herbert J. Mattord
Cengage Learning
Stamford Stamford , Connecticut , USA
ISBN: 9781305501256
Binding: Hardcover

Additional Textbook Information

It is recommended that students purchase the electronic version of this book (e-book). The e-book should be purchased directly from the Publisher. To do so:

1. Browse to www.cengagebrain.com

2. Search for the book "Management of Information Security" by Whitman & Mattord, 5th edition (as detailed above).

3. From the purchase options displayed, select the e-book version. Purchasing the e-book gives 6-months access to the e-book, according to the site.

4. If you have any questions about the e-book, you need to contact the Publisher directly using the contact details given on the publisher's website.

5. If no questions, then go ahead and purchase the e-book directly from the site.

NOTE: If you prefer the printed version of the book, contact the CQU Bookshop (+61 7 4930 9421) in the first instance.

IT Resources

You will need access to the following IT resources:
  • CQUniversity Student Email
  • Internet
  • Unit Website (Moodle)
Referencing Style

All submissions for this unit must use the referencing style: Harvard (author-date)

For further information, see the Assessment Tasks.

Teaching Contacts
Khaleel Petrus Unit Coordinator
k.petrus@cqu.edu.au
Schedule
Week 1 Begin Date: 06 Nov 2017

Module/Topic

Introduction to the Management of Information Security

Chapter

1

Events and Submissions/Topic

Week 2 Begin Date: 13 Nov 2017

Module/Topic

Compliance: Law and Ethics

Chapter

2

Events and Submissions/Topic

Week 3 Begin Date: 20 Nov 2017

Module/Topic

Governance and Strategic Planning for Security

Chapter

3

Events and Submissions/Topic

Start of Group Discussion I
Week 4 Begin Date: 27 Nov 2017

Module/Topic

Information Security Policy

Chapter

4

Events and Submissions/Topic

Continuation of Group Discussion I
Vacation Week Begin Date: 04 Dec 2017

Module/Topic

Developing the Security Program

Chapter

5

Events and Submissions/Topic

End of Group Discussion I
Week 5 Begin Date: 11 Dec 2017

Module/Topic

- MID-TERM BREAK -

Chapter

Events and Submissions/Topic

Week 6 Begin Date: 18 Dec 2017

Module/Topic

Risk Management: Identifying and Assessing Risk

Chapter

6

Events and Submissions/Topic

Group Discussion I Due Friday (22 Dec 17) 11:30 PM AEST
Group Discussion I Due: Week 6 Friday (22 Dec 2017) 11:30 pm AEST
Week 7 Begin Date: 01 Jan 2018

Module/Topic

Risk Management: Controlling Risk

Chapter

7

Events and Submissions/Topic

Written Assessment 1 Due Friday (05 Jan 18) 11:30 PM AEST
Written Assessment 1 Due: Week 7 Friday (5 Jan 2018) 1:30 pm AEST
Week 8 Begin Date: 08 Jan 2018

Module/Topic

Security Management Models

Chapter

8

Events and Submissions/Topic

Start of Group Discussion II
Week 9 Begin Date: 15 Jan 2018

Module/Topic

Security Management Practices

Chapter

9

Events and Submissions/Topic

Continuation of Group Discussion II
Week 10 Begin Date: 22 Jan 2018

Module/Topic

Planning for Contingencies

Chapter

10

Events and Submissions/Topic

End of Group Discussion II Group Discussion II Due Friday (26 Jan 18) 11:30 PM AEST
Group Discussion II Due: Week 10 Friday (26 Jan 2018) 11:30 pm AEST
Week 11 Begin Date: 29 Jan 2018

Module/Topic

Planning for Contingencies

Chapter

11

Events and Submissions/Topic

Written Assessment 2 Due Friday (02 Feb 18) 11:30 PM AES
Written Assessment 2 Due: Week 11 Friday (2 Feb 2018) 11:30 pm AEST
Week 12 Begin Date: 05 Feb 2018

Module/Topic

Protection Mechanisms

Chapter

12

Events and Submissions/Topic

Review/Exam Week Begin Date: 12 Feb 2018

Module/Topic

Chapter

Events and Submissions/Topic

Exam Week Begin Date: 12 Feb 2018

Module/Topic

Chapter

Events and Submissions/Topic

Term Specific Information

Contact information for Dr Khaleel Petrus:

Email: k.petrus@cqu.edu.au Office: Level 20, 160 Ann Street, Brisbane Campus. Please submit questions about the course through the 'Q&A' discussion forum in Moodle, so that everyone can benefit from the questions and answers. If you have any individual queries, please email me and I'll try to get back to you within a day or so. For an individual discussion, please email me and we will make arrangement.

Assessment Tasks

1 Group Discussion

Assessment Title
Group Discussion I

Task Description

This assessment task has a group discussion and a video presentation of the outcome of the discussion. In their groups of up to 4 members, the students will discuss the specified information security issues of the organisation in the given scenario in relation to the Unit Learning Outcomes 4 and 7. The students need to contribute to their group discussion in Group Discussion I Forum in Moodle during weeks 3, 4 and 5. Each student should copy/paste their discussions to a Word document and upload the latter to Moodle by the deadline in Week 6. Also, they need to individually prepare and upload a very brief video (5 min max.) to YouTube and provide the link in the Word document. Distance students can form groups with on-campus students as well. Further details of this assessment task will be provided on the Moodle unit webpage.


Assessment Due Date

Week 6 Friday (22 Dec 2017) 11:30 pm AEST

Contributions during each week from weeks 3-5 should be concluded by 11.30 pm, Friday of the respective week. The contributions of each student should be copy/pasted to a Word document and uploaded to Moodle by the above deadline. Recorded video presentation should be uploaded to YouTube and the link to the video should be provided in the Word document.


Return Date to Students

Week 8 Friday (12 Jan 2018)


Weighting
15%

Minimum mark or grade
15%

Assessment Criteria

In this assessment task, the students are assessed against their ability to discuss the information security issues of the organisation in the given scenario in relation to the Unit Learning Outcomes 4 and 7. Please see the unit website for more specific marking criteria.


Referencing Style

Submission
Online

Submission Instructions
Each student has to contribute to Group Discussion I Forum of their group in Moodle each week. The contributions of each student should be copy/pasted to a Word document and uploaded to Moodle by the above deadline. Recorded video presentation should be uploaded to YouTube and the link to the video should be provided in the Word document.

Learning Outcomes Assessed
  • Research emerging trends in the certification and accreditation of information security systems in Australia and other countries.
  • Compare and contrast current laws, regulations, and relevant professional organisations.


Graduate Attributes
  • Knowledge
  • Communication
  • Research
  • Self-management
  • Ethical and Professional Responsibility

2 Practical and Written Assessment

Assessment Title
Written Assessment 1

Task Description

This assessment task relates to the Unit Learning Outcomes 1 and 2, and can be undertaken in a group of up to 4 members or individually. Each student will analyse the given scenario and develop an information security policy, either individually or through discussions with other students in their group. Distance students can form groups with on-campus students as well. Further details of this assessment task will be provided on the Moodle unit webpage.


Assessment Due Date

Week 7 Friday (5 Jan 2018) 1:30 pm AEST

The written report (Microsoft Word file) should be uploaded to Moodle by each student by the above due date.


Return Date to Students

Week 9 Friday (19 Jan 2018)


Weighting
35%

Minimum mark or grade
35%

Assessment Criteria

The students are assessed against their ability to analyse the given scenario and develop an information security policy. Please see the unit website for more specific marking criteria.


Referencing Style

Submission
Online

Submission Instructions
Each student has to upload the written assignment as a Microsoft Office Word file to Moodle.

Learning Outcomes Assessed
  • Explain how information security management fits into general business management.
  • Analyse the information security domain both in respect of security policy and security application.


Graduate Attributes
  • Knowledge
  • Communication
  • Cognitive, technical and creative skills
  • Research

3 Group Discussion

Assessment Title
Group Discussion II

Task Description

In their groups of up to 4 members, the students will discuss the information security risk management issues of the organisation in the given scenario in relation to the Unit Learning Outcome 3. The students need to contribute to their group discussion in Group Discussion II Forum in Moodle during weeks 8, 9 and 10. Each student should copy/paste their discussions to a Word document and upload it to Moodle by the deadline in Week 10. Distance students can form groups with on-campus students as well. Further details of this assessment task will be provided on the Moodle unit webpage.


Assessment Due Date

Week 10 Friday (26 Jan 2018) 11:30 pm AEST

Contributions during each week from weeks 8-10 should be concluded by 11.30 pm, Friday of the respective week. The contributions of each student should be copy/pasted to a Word document and uploaded to Moodle by the above deadline.


Return Date to Students

Week 12 Friday (9 Feb 2018)


Weighting
10%

Minimum mark or grade
10%

Assessment Criteria

In this assessment task, the students are assessed against their ability to discuss the information security risk management issues of the organisation in the given scenario in relation to the Unit Learning Outcome 3. Please see the unit website for more specific marking criteria.


Referencing Style

Submission
Online

Submission Instructions
Each student has to contribute to the Group Discussion II Forum of their group in Moodle each week. The contributions of each student should be copy/pasted to a Word document and uploaded to Moodle by the above deadline.

Learning Outcomes Assessed
  • Examine the dominant information security blueprints, methods, processes and models, within the framework of national and international standards.


Graduate Attributes
  • Knowledge
  • Communication
  • Cognitive, technical and creative skills
  • Self-management

4 Practical and Written Assessment

Assessment Title
Written Assessment 2

Task Description

This assessment task relates to the Unit Learning Outcomes 5 and 6, and can be undertaken in a group of up to 4 members or individually. The students will need to apply the principles of information security risk management to the organisation in the given scenario and produce a written report. Distance students can form groups with on-campus students as well. Further details of this assessment task will be provided on the Moodle unit webpage.


Assessment Due Date

Week 11 Friday (2 Feb 2018) 11:30 pm AEST

The written report (Microsoft Word file) should be uploaded to Moodle by each student by the above due date.


Return Date to Students

On Certification Day.


Weighting
40%

Minimum mark or grade
45%

Assessment Criteria

The students are assessed against their ability to apply the principles of information security risk management to the organisation in the given scenario. Please see the unit website for more specific marking criteria.


Referencing Style

Submission
Online

Submission Instructions
Each student needs to upload the written report to Moodle as a Microsoft Office Word file.

Learning Outcomes Assessed
  • Analyse various risk theories and how these will be applied to the protection of information assets.
  • Critically evaluate and reflect on ethical issues that relate to the practice of information security.


Graduate Attributes
  • Knowledge
  • Communication
  • Cognitive, technical and creative skills
  • Research

Academic Integrity Statement

As a CQUniversity student you are expected to act honestly in all aspects of your academic work.

Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.

When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.

Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.

As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.

What is a breach of academic integrity?

A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.

Why is academic integrity important?

A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.

Where can I get assistance?

For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.

What can you do to act with integrity?