CQUniversity Unit Profile
COIT20263 Information Security Management
Information Security Management
All details in this unit profile for COIT20263 have been officially approved by CQUniversity and represent a learning partnership between the University and you (our student).
The information will not be changed unless absolutely necessary and any change will be clearly indicated by an approved correction included in the profile.
General Information

Overview

This unit provides you with a thorough understanding of the managerial aspects of information security in a business organisation. You will complement your existing knowledge of information and communication technologies by studying the organisational and management issues relevant to information security. You will learn about the importance of information security plans, security risk management and compliance monitoring, and develop and apply security policies and best practices. Through case studies, you will consider information security strategies that support business objectives while being aware of legal and ethical obligations. As a result, you will have the knowledge and skills to contribute to information security governance in accordance with standards set by governments, professional bodies and industry.

Details

Career Level: Postgraduate
Unit Level: Level 9
Credit Points: 6
Student Contribution Band: 8
Fraction of Full-Time Student Load: 0.125

Pre-requisites or Co-requisites

Prerequisite: COIT20261 Network Routing and Switching

Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).

Offerings For Term 3 - 2024

Melbourne
Online
Sydney

Attendance Requirements

All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).

Class and Assessment Overview

Recommended Student Time Commitment

Each 6-credit Postgraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.

Class Timetable

Bundaberg, Cairns, Emerald, Gladstone, Mackay, Rockhampton, Townsville
Adelaide, Brisbane, Melbourne, Perth, Sydney

Assessment Overview

1. Presentation
Weighting: 30%
2. In-class Test(s)
Weighting: 30%
3. Written Assessment
Weighting: 40%

Assessment Grading

This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of 'pass' in order to pass the unit. If any 'pass/fail' tasks are shown in the table above they must also be completed successfully ('pass' grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the 'assessment task' section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University's Grades and Results Policy for more details of interim results and final grades.

Previous Student Feedback

Feedback, Recommendations and Responses

Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.

Feedback from Teaching Team and Discipline Lead

Feedback

Individual contributions are not evaluated in the group assessment.

Recommendation

Incorporate evaluation of group members' contributions and reflection into the group assessment.

Feedback from Student Feedback

Feedback

An oral assessment could be considered in the written report of the final assessment.

Recommendation

Introduce an oral assessment (viva) into the evaluation process of the written report (final assessment).

Unit Learning Outcomes
On successful completion of this unit, you will be able to:
  1. Develop security policies and program for an organisations based on national and international standards and industry's best practice
  2. Apply appropriate security control mechanism to protect critical infrastructure
  3. Assess security risks and develop risk management strategies for an organisation
  4. Justify appropriate risk treatment options
  5. Integrate laws and ethics of information security management into the organisation's security framework.

The Australian Computer Society (ACS), the professional association for Australia's ICT sector, recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments, and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles. ACS members can use the tool MySFIA to build a skills profile.
 
This unit contributes to the following workplace skills as defined by SFIA8. The SFIA code is included:
  • Information Management (IRMG)
  • Information Security (SCTY)
  • Risk Management (BURM);
  • Continuity Management (COPL)
  • Methods and Tools (METL)

The National Initiative for Cybersecurity Education (NICE) Framework defines knowledge, skills and tasks needed to perform various cyber security roles. Developed by the National Institute of Standards and Technology (NIST), the NICE Framework is used by organisations to plan their workforce, including recruit into cyber security positions.

This unit helps prepare you for roles such as Systems Security Analyst, Network Operations Specialist and Systems Administrator, contributing to the following knowledge and skills:

  • K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
  • K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
  • K0004 Knowledge of cybersecurity and privacy principles.
  • K0038 Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
  • K0040 Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
  • K0263 Knowledge of information technology (IT) risk management policies, requirements, and procedures.
  • K0267 Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
  • K0276 Knowledge of security management.

Alignment of Learning Outcomes, Assessment and Graduate Attributes
N/A Level
Introductory Level
Intermediate Level
Graduate Level
Professional Level
Advanced Level

Alignment of Assessment Tasks to Learning Outcomes

Assessment Tasks Learning Outcomes
1 2 3 4 5
1 - In-class Test(s) - 30%
2 - Presentation - 30%
3 - Written Assessment - 40%

Alignment of Graduate Attributes to Learning Outcomes

Graduate Attributes Learning Outcomes
1 2 3 4 5
1 - Knowledge
2 - Communication
3 - Cognitive, technical and creative skills
4 - Research
5 - Self-management
6 - Ethical and Professional Responsibility
7 - Leadership
8 - Aboriginal and Torres Strait Islander Cultures
Textbooks and Resources

Textbooks

Prescribed

CISSP Official Study Guide

9th Edition (2021)
Authors: Mike Chapple, James M. Stewart, and Darril Gibson
Sybex
Hoboken Hoboken , NJ , USA
ISBN: 9781119786238
Binding: Hardcover
Supplementary

CISSP Official Practice Tests

Edition: 3rd (2021)
Authors: Mike Chapple and David Seidl
Sybex
Hoboken Hoboken , NJ , USA
ISBN: 9781119787631
Supplementary

Management of Information Security

Edition: 6th (2018)
Authors: Michael E. Whitman and Herbert J. Mattord
Cengage Learning
Boston Boston , MA , USA
ISBN: 9781337405713
Binding: Hardcover

IT Resources

You will need access to the following IT resources:
  • CQUniversity Student Email
  • Internet
  • Unit Website (Moodle)
Referencing Style

All submissions for this unit must use the referencing style: Harvard (author-date)

For further information, see the Assessment Tasks.

Teaching Contacts
Mahmoud El Khodr Unit Coordinator
m.elkhodr@cqu.edu.au
Schedule
Week 1 Begin Date: 04 Nov 2024

Module/Topic

Introduction to the Management of Information Security

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 2 Begin Date: 11 Nov 2024

Module/Topic

Governance and Strategic Planning for Security

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 3 Begin Date: 18 Nov 2024

Module/Topic

Information Security Policy

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 4 Begin Date: 25 Nov 2024

Module/Topic

Compliance: Law and Ethics

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 5 Begin Date: 02 Dec 2024

Module/Topic

 Developing the Security Program

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle


Assessment 1 Due: Week 5 Monday (2 Dec 2024) 11:45 pm AEST
Week 6 Begin Date: 09 Dec 2024

Module/Topic

Risk Management: Assessing Risk

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 7 Begin Date: 16 Dec 2024

Module/Topic

Risk Management: Treating Risk

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Vacation Week Begin Date: 23 Dec 2024

Module/Topic

Chapter

Events and Submissions/Topic

Vacation Week Begin Date: 30 Dec 2024

Module/Topic

Chapter

Events and Submissions/Topic

Week 8 Begin Date: 06 Jan 2025

Module/Topic

Security Management Models

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle


Assessment 2 Due: Week 8 Monday (6 Jan 2025) 11:45 pm AEST
Week 9 Begin Date: 13 Jan 2025

Module/Topic

Security Management Practices

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 10 Begin Date: 20 Jan 2025

Module/Topic

Planning for Contingencies

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 11 Begin Date: 27 Jan 2025

Module/Topic

Security Maintenance

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle

Week 12 Begin Date: 03 Feb 2025

Module/Topic

Protection Mechanisms

Chapter

Online resources provided

Events and Submissions/Topic

Weekly Study Plan is provided on Moodle


Assessment 3 Due: Week 12 Monday (3 Feb 2025) 11:45 pm AEST
Exam Week Begin Date: 10 Feb 2025

Module/Topic

Chapter

Events and Submissions/Topic

Term Specific Information

Unit Coordinator:

Dr Mahmoud Elkhodr

m.elkhodr@cqu.edu.au

Assessment Tasks

1 Presentation

Assessment Title
Assessment 1

Task Description

This is a group assessment. Students must form teams of at least 3 students and a maximum of 4 students, with any larger teams at the discretion of the Unit Coordinator.

For this assessment, you are required to work in a group to develop and deliver a presentation on developing an issue specific policy for a given case study. You will be provided with the case study for your presentation. 

The presentations will be conducted during the tutorials in Week 5. Online students can submit a recording of the presentation. 

Further detail of this assessment will be provided on the Moodle unit website.  


Assessment Due Date

Week 5 Monday (2 Dec 2024) 11:45 pm AEST

During your scheduled tutorial in week 5


Return Date to Students

The marks and feedback will be returned within 2 weeks after the submission due date.


Weighting
30%

Assessment Criteria

No Assessment Criteria


Referencing Style

Submission

No submission method provided.


Learning Outcomes Assessed
  • Develop security policies and program for an organisations based on national and international standards and industry's best practice
  • Apply appropriate security control mechanism to protect critical infrastructure
  • Integrate laws and ethics of information security management into the organisation's security framework.


Graduate Attributes

2 In-class Test(s)

Assessment Title
Assessment 2

Task Description

This is an individual assessment.

In this assessment, there will be an in-class test in Week 8.

The in-class tests will assess your knowledge and understanding of the materials covered from week 1 to week 7 inclusively. This includes assessing risks, managing security operations, risk assessments, risk treatment, security governance, policies, ethics, law and compliance.

In the in-class test, you will complete an online quiz on Moodle during the tutorial. Further detail of this assessment will be provided on the Moodle unit website.


Assessment Due Date

Week 8 Monday (6 Jan 2025) 11:45 pm AEST

During your scheduled tutorial class


Return Date to Students

Two weeks after submission


Weighting
30%

Assessment Criteria

This assessment will assess your knowledge and understanding of the materials covered from week 1 to week 7 inclusively. This includes assessing risks, managing security operations, risk assessments, risk treatment, security governance, policies, and ethics, law and compliance.

The detailed marking criteria will be provided on the Moodle unit website.


Referencing Style

Submission

No submission method provided.


Submission Instructions
Test will be completed during the tutorial

Learning Outcomes Assessed
  • Develop security policies and program for an organisations based on national and international standards and industry's best practice
  • Assess security risks and develop risk management strategies for an organisation
  • Justify appropriate risk treatment options
  • Integrate laws and ethics of information security management into the organisation's security framework.


Graduate Attributes

3 Written Assessment

Assessment Title
Assessment 3

Task Description

This is a group assessment. Students must form teams of at least 3 students and a maximum of 4 students, with any larger teams at the discretion of the Unit Coordinator. 

you will be required to produce a written report, completing a few tasks on the security controls, security risk assessment and risk treatment. You may need to apply international standards such as NIST Cybersecurity Framework, or NIST Risk Management Framework to produce your report. The written report is due on Week 12 Monday. 


Assessment Due Date

Week 12 Monday (3 Feb 2025) 11:45 pm AEST


Return Date to Students

The marks and feedback will be returned on the day of certification of grades.


Weighting
40%

Assessment Criteria

This assessment will assess your knowledge on risk assessments and capacity to select appropriate risk treatment options and security controls.


The detailed marking criteria will be provided on the Moodle unit website.


Referencing Style

Submission

No submission method provided.


Submission Instructions
Online via Moodle

Learning Outcomes Assessed
  • Apply appropriate security control mechanism to protect critical infrastructure
  • Assess security risks and develop risk management strategies for an organisation
  • Justify appropriate risk treatment options


Graduate Attributes

Academic Integrity Statement

As a CQUniversity student you are expected to act honestly in all aspects of your academic work.

Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.

When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.

Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.

As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.

What is a breach of academic integrity?

A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.

Why is academic integrity important?

A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.

Where can I get assistance?

For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.

What can you do to act with integrity?