University of Technology Sydney

41181 Information Security and Management

Warning: The information on this page is indicative. The subject outline for a particular session, location and mode of offering is the authoritative source of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.

Subject handbook information prior to 2021 is available in the Archives.

UTS: Information Technology: Computer Science
Credit points: 6 cp

Subject level:

Undergraduate

Result type: Grade and marks

Description

The key focus of this subject is to equip students with IT security policy development and human security management. This includes legal and ethical issues in the context of security management and audit. The subject provides students with the foundations required to apply cyber safety and security, and security management at a corporate level. Students conduct security assessments with business operational constraints using professional methods and strategies. The subject enables students to examine both business and security operations procedurally, and to develop contingency planning, risk assessment, risk management and compliance standards for various businesses.

Subject learning objectives (SLOs)

Upon successful completion of this subject students should be able to:

1. Assess security risks, threats and vulnerabilities to the organisation and design appropriate information security protection mechanisms.
2. Conduct investigation of security management issues in organisations by analysing requirements, plans and IT security policies.
3. Identify security training and education needs and associated legal and ethical awareness for organisational personnel.
4. Work as a team and apply organisational planning and project management principles to IT security planning.

Course intended learning outcomes (CILOs)

This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):

  • Socially Responsible: FEIT graduates identify, engage, interpret and analyse stakeholder needs and cultural perspectives, establish priorities and goals, and identify constraints, uncertainties and risks (social, ethical, cultural, legislative, environmental, economics etc.) to define the system requirements. (B.1)
  • Collaborative and Communicative: FEIT graduates work as an effective member or leader of diverse teams, communicating effectively and operating within cross-disciplinary and cross-cultural contexts in the workplace. (E.1)

Teaching and learning strategies

This subject uses active learning strategies, which involves a combination of lectures, tutorials and workshops to support an inquiry-based learning strategy. It also includes elements of guided self-study learning.

Students will be required to review online materials, pre-readings and open education resources before taking the on-campus workshops. Within workshops, students collaboratively engage in intensive discussion and activities on diversified topics or projects. Students will collaboratively plan an IT security investigation and management project using professional IT security planning and project management principles. During the project, students will develop reflective skills to identify how they would improve both group and individual activities through UTSOnline discussion boards as required to communicate ideas and questions with peers when studying the subject. Students will independently conduct investigation of serious security management issues in real corporate organisations as well.

Students must attend workshop sessions and tutorials to complete the required assessment tasks. Feedback for assessment tasks will be given to students two weeks after the due delivery date. Students will also receive continued feedback for their workshops and tutorial exercises on weekly basis. This will be administered by the tutor in the tutorial sessions where the deficiencies in the answers to problems are pointed out to students.

Content (topics)

  • Introduction to Management of Information Security
  • Planning for Security and Compliance
  • Risk Analysis and Management
  • Planning for Contingencies
  • Information Security Policy
  • Security Management Models & Practices
  • Protection Mechanisms
  • Implementing Information Security
  • Personnel and Security
  • Information Security Maintenance
  • Law and Ethics

Assessment

Assessment task 1: Group Planning Report

Intent:

This assessment is for students to demonstrate their ability to plan an investigation of security management issues in corporate organisations. Students are required to work as a team and use IT security planning and project management principles to plan an IT security investigation and management project. They will be required to follow prescribed procedures to evaluate the risk levels, potential impact of threats and vulnerabilities, and cost?benefit analysis of control methods. Student teams will be tested on their ability to analyse the security objectives of businesses and requirements and propose justified contingency plans to manage security risks.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1 and 4

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

B.1 and E.1

Type: Report
Groupwork: Group, group and individually assessed
Weight: 40%
Length:

2500 words.

Assessment task 2: Case Investigation Report

Intent:

This assessment is for students to conduct investigation of serious security management issues in corporate organisations. Students will be required to apply prescribed management and audit procedures as well as analysis of roles, duties and privileges. They will be required to prepare a security management report based on the findings of their investigation and by using knowledge of IT security policies, risk assessment and risk management processes. Students are also required to identify personnel security, training, security education needs, and associated legal and ethical awareness.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2 and 3

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

B.1

Type: Report
Groupwork: Individual
Weight: 30%
Length:

2000 words.

Assessment task 3: Examination

Intent:

This open book examination will assess students’ appliance of security analysis and security management methods to minimize the risks and procedures to security audit. Students must demonstrate an ability to relate, analyse and respond to questions around IT security management and audit under examination conditions.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2 and 3

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

B.1

Type: Examination
Groupwork: Individual
Weight: 30%
Length:

Two hours.

Minimum requirements

In order to pass the subject, a student must achieve an overall mark of 50% or more.

Recommended texts

Whitman, 2017, Management of Information Security, 6th edition, Cengage Learning.

Other resources

FEIT student resources: https://www.uts.edu.au/current-students/current-students-information-faculty-engineering-and-it/manage-your-course