All details in this unit profile for COIT20263 have been officially approved by CQUniversity and represent a learning partnership between the University and you (our student).
The information will not be changed unless absolutely necessary and any change will be clearly indicated by an approved correction
included in the profile.
This unit provides you with a thorough understanding of the managerial aspects of information security in a business organisation. You will complement your existing knowledge of information and communication technologies by studying the organisational and management issues relevant to information security. You will learn about the importance of information security plans, security risk management and compliance monitoring, and develop and apply security policies and best practices. Through case studies, you will consider information security strategies that support business objectives while being aware of legal and ethical obligations. As a result, you will have the knowledge and skills to contribute to information security governance in accordance with standards set by governments, professional bodies and industry.
Career Level: Postgraduate
Unit Level: Level 9
Credit Points: 6
Student Contribution Band: 8
Fraction of Full-Time Student Load: 0.125
Pre-requisites or Co-requisites
Prerequisite: COIT20261 Network Routing and Switching
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit,
should drop the subsequent unit before the census date or within 10 working days of Fail grade notification.
Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability.
See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 3 - 2022
All on-campus students are expected to attend scheduled classes –
in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory.
International students, on a student visa, must maintain a full time study load and meet
both attendance and academic progress requirements in each study period
(satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task,
based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%,
or an overall grade of ‘pass’ in order to pass the unit. If any ‘pass/fail’ tasks are shown in the table above they must
also be completed successfully (‘pass’ grade). You must also meet any minimum mark requirements specified for a particular assessment task,
as detailed in the ‘assessment task’ section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the
University’s Grades and Results Policy
for more details of interim results and final grades.
This list is not an exhaustive list of all University policies.
The full list of University policies are available on the CQUniversity Policy site.
Previous Student Feedback
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review,
the following staff and student feedback items were identified and recommendations were made.
Feedback from Self-reflection
This unit uses examples of security policies and risk assessments from industry. Some students have difficulty in extracting key concepts from the examples and applying the concepts to write new policies.
Update workshops to provide students more practice of deconstructing security policies and writing security policies
Unit Learning Outcomes
On successful completion of this unit, you will be able to:
Analyse the information security policies and programs of organisations based on national and international standards
Develop the guidelines for an information security policy for an organisation
Apply information security risk standards to protect information assets in organisations
Justify information security certification and accreditation required in relation to personnel and information security of an organisation
Compare and contrast the laws and ethics of information security management.
Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is in use in over 100 countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles.