41181 Information Security and Management
Warning: The information on this page is indicative. The subject outline for a
particular session, location and mode of offering is the authoritative source
of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.
Subject handbook information prior to 2021 is available in the Archives.
Credit points: 6 cp
Subject level:
Undergraduate
Result type: Grade and marksRequisite(s): (31268 Web Systems OR 48410 Introduction to ICT Engineering OR 41082 Introduction to Data Engineering OR 65325 Digital Trace and Identity OR 31257 Information System Development Methodologies OR 41092 Network Fundamentals OR 31266 Introduction to Information Systems) AND (48023 Programming Fundamentals OR 41039 Programming 1 OR 48430 Fundamentals of C Programming)
Description
The key focus of this subject is to equip students with IT security policy development and human security management. This includes legal and ethical issues in the context of security management and audit. The subject provides students with the foundations required to apply cyber safety and security, and security management at a corporate level. Students conduct security assessments with business operational constraints using professional methods and strategies. The subject enables students to examine both business and security operations procedurally, and to develop contingency planning, risk assessment, risk management and compliance standards for various businesses.
Subject learning objectives (SLOs)
Upon successful completion of this subject students should be able to:
| 1. | Assess security risks, threats and vulnerabilities to the organisation and design appropriate information security protection mechanisms. |
|---|---|
| 2. | Conduct investigation of security management issues in organisations by analysing requirements, plans and IT security policies. |
| 3. | Identify security training and education needs and associated legal and ethical awareness for organisational personnel. |
| 4. | Work as a team and apply organisational planning and project management principles to IT security planning. |
Course intended learning outcomes (CILOs)
This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):
- Socially Responsible: FEIT graduates identify, engage, interpret and analyse stakeholder needs and cultural perspectives, establish priorities and goals, and identify constraints, uncertainties and risks (social, ethical, cultural, legislative, environmental, economics etc.) to define the system requirements. (B.1)
- Collaborative and Communicative: FEIT graduates work as an effective member or leader of diverse teams, communicating effectively and operating within cross-disciplinary and cross-cultural contexts in the workplace. (E.1)
Teaching and learning strategies
This subject uses active learning strategies, which involves a combination of lectures, tutorials and workshops to support an inquiry-based learning strategy. It also includes elements of guided self-study learning.
Students will be required to review online materials, pre-readings and open education resources before taking the on-campus workshops. Within workshops, students collaboratively engage in intensive discussion and activities on diversified topics or projects. Students will collaboratively plan an IT security investigation and management project using professional IT security planning and project management principles. During the project, students will develop reflective skills to identify how they would improve both group and individual activities through Canvas discussion boards as required to communicate ideas and questions with peers when studying the subject. Students will independently conduct investigation of serious security management issues in real corporate organisations as well.
Students must attend workshop sessions and tutorials to complete the required assessment tasks. Feedback for assessment tasks will be given to students two weeks after the due delivery date. Students will also receive continued feedback for their workshops and tutorial exercises on weekly basis. This will be administered by the tutor in the tutorial sessions where the deficiencies in the answers to problems are pointed out to students.
Content (topics)
- Introduction to Management of Information Security
- Planning for Security and Compliance
- Risk Analysis and Management
- Planning for Contingencies
- Information Security Policy
- Security Management Models & Practices
- Protection Mechanisms
- Implementing Information Security
- Personnel and Security
- Information Security Maintenance
- Law and Ethics
Assessment
Assessment task 1: Group Planning Report
| Intent: | This assessment is for students to demonstrate their ability to plan an investigation of security management issues in corporate organisations. Students are required to work as a team and use IT security planning and project management principles to plan an IT security investigation and management project. They will be required to follow prescribed procedures to evaluate the risk levels, potential impact of threats and vulnerabilities, and cost?benefit analysis of control methods. Student teams will be tested on their ability to analyse the security objectives of businesses and requirements and propose justified contingency plans to manage security risks. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1 and 4 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1 and E.1 |
| Type: | Report |
| Groupwork: | Group, group and individually assessed |
| Weight: | 40% |
| Length: | 2500 words. |
Assessment task 2: Case Investigation Report
| Intent: | This assessment is for students to conduct investigation of serious security management issues in corporate organisations. Students will be required to apply prescribed management and audit procedures as well as analysis of roles, duties and privileges. They will be required to prepare a security management report based on the findings of their investigation and by using knowledge of IT security policies, risk assessment and risk management processes. Students are also required to identify personnel security, training, security education needs, and associated legal and ethical awareness. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1, 2 and 3 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1 |
| Type: | Report |
| Groupwork: | Individual |
| Weight: | 30% |
| Length: | 2000 words. |
Assessment task 3: Examination
| Intent: | This open book examination will assess students’ appliance of security analysis and security management methods to minimize the risks and procedures to security audit. Students must demonstrate an ability to relate, analyse and respond to questions around IT security management and audit under examination conditions. |
|---|---|
| Objective(s): | This assessment task addresses the following subject learning objectives (SLOs): 1, 2 and 3 This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs): B.1 |
| Type: | Examination |
| Groupwork: | Individual |
| Weight: | 30% |
| Length: | Two hours. |
Minimum requirements
In order to pass the subject, a student must achieve an overall mark of 50% or more.
Recommended texts
Whitman, 2017, Management of Information Security, 6th edition, Cengage Learning.
Other resources
FEIT student resources: https://www.uts.edu.au/current-students/current-students-information-faculty-engineering-and-it/manage-your-course