University of Technology Sydney

41181 Information Security and Management

Warning: The information on this page is indicative. The subject outline for a particular session, location and mode of offering is the authoritative source of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.

Subject handbook information prior to 2025 is available in the Archives.

UTS: Information Technology: Computer Science
Credit points: 6 cp

Subject level:

Undergraduate

Result type: Grade and marks

Requisite(s): (31268 Web Systems OR 48410 Introduction to ICT Engineering OR 41082 Introduction to Data Engineering OR 65325 Digital Trace and Identity OR 31257 Information System Development Methodologies OR 41092 Network Fundamentals OR 31266 Introduction to Information Systems) AND (48023 Programming Fundamentals OR 41039 Programming 1 OR 48430 Fundamentals of C Programming)

Description

The key focus of this subject is to equip students with IT security policy development and human security management. This includes legal and ethical issues in the context of security management and audit. The subject provides students with the foundations required to apply cyber safety and security, and security management at a corporate level. Students conduct security assessments with business operational constraints using professional methods and strategies. The subject enables students to examine both business and security operations procedurally, and to develop contingency planning, risk assessment, risk management and compliance standards for various businesses.

Subject learning objectives (SLOs)

Upon successful completion of this subject students should be able to:

1. Investigate security management issues in organisations by analysing requirements, plans and IT security policies. (B.1)
2. Propose appropriate information security protection mechanisms by assessing security risks, threats and vulnerabilities. (B.1)
3. Identify security training and education needs and associated legal and ethical awareness for organisational personnel. (B.1)
4. Apply organisational planning and project management principles to IT security planning individually and collaboratively. (E.1)
5. Demonstrate awareness on how to assess and identify cyber security issues when working with, and for, Indigenous Australians. (A.1)

Course intended learning outcomes (CILOs)

This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):

  • Indigenous Professional Capability: FEIT graduates are culturally and historically well informed, able to co-design projects as respectful professionals when working in and with Aboriginal and Torres Strait Islander communities. (A.1)
  • Socially Responsible: FEIT graduates identify, engage, interpret and analyse stakeholder needs and cultural perspectives, establish priorities and goals, and identify constraints, uncertainties and risks (social, ethical, cultural, legislative, environmental, economics etc.) to define the system requirements. (B.1)
  • Collaborative and Communicative: FEIT graduates work as an effective member or leader of diverse teams, communicating effectively and operating within cross-disciplinary and cross-cultural contexts in the workplace. (E.1)

Contribution to the development of graduate attributes

Engineers Australia Stage 1 Competencies

This subject contributes to the development of the following Engineers Australia Stage 1 Competencies:

  • 1.5. Knowledge of engineering design practice and contextual factors impacting the engineering discipline.
  • 1.6. Understanding of the scope, principles, norms, accountabilities and bounds of sustainable engineering practice in the specific discipline.
  • 2.4. Application of systematic approaches to the conduct and management of engineering projects.
  • 3.1. Ethical conduct and professional accountability.
  • 3.6. Effective team membership and team leadership.

Teaching and learning strategies

The subject has one contact hour in Week 1 and three contact hours per week in the remaining weeks.

This subject involves a combination of guided self-study learning activities, lectures and workshops to support an inquiry-based learning strategy.

A weekly online study module presents new material in the form of videos, written articles and open education resources. Students will be required to complete the online study module before taking the lectures and workshops.

Regular lectures include interactive quizzes, discussions and reflections on the key topics and feedbacks.

Within weekly two-hour workshops, students present the current security issues following the standard procedure, and conduct practical lab independently.

Students must attend workshop sessions and lectures to complete the required assessment tasks. Students will receive continued feedback for their exercises and assessments on weekly basis.

Content (topics)

  • Security Governance and Compliance
  • Risk Analysis and Management
  • Security Policy, Law and Ethics
  • Security Management Models and Practices
  • Protection Mechanisms
  • Security Contingencies and Maintenance

Assessment

Assessment task 1: Security Assessment Report

Intent:

This assessment requires students to investigate the security management issues in corporate organisations in teams by evaluating the risk levels, potential impact of threats and vulnerabilities, and cost benefit analysis of control methods, to analyse the security objectives of businesses and requirements and propose justified contingency plans to manage security risks in a group report.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2 and 4

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

B.1 and E.1

Type: Report
Groupwork: Group, group and individually assessed
Weight: 30%
Length:

5000 words

Assessment task 2: Security Management Report

Intent:

This assessment requires students to prepare a security management report based on the findings of their investigation by using knowledge of IT security policies, risk assessment and management process, to identify personnel security, training, security education needs, and associated legal and ethical awareness.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2, 3, 4 and 5

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

A.1, B.1 and E.1

Type: Report
Groupwork: Individual
Weight: 40%
Length:

3000 words, 3 minutes.

Assessment task 3: Online Quiz

Intent:

This quiz tests students’ appliance of risk analysis and management approaches to consolidate the application skills of minimizing the risks and procedures to security audit.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2 and 3

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

B.1

Type: Quiz/test
Groupwork: Individual
Weight: 30%
Length:

60 minutes.

Minimum requirements

In order to pass the subject, a student must achieve an overall mark of 50% or more.

Recommended texts

Whitman, 2017, Management of Information Security, 6th edition, Cengage Learning.

Other resources

FEIT student resources: https://www.uts.edu.au/current-students/current-students-information-faculty-engineering-and-it/manage-your-course