University of Technology Sydney

420108 Cybersecurity Management

Warning: The information on this page is indicative. The subject outline for a particular session, location and mode of offering is the authoritative source of all information about the subject for that offering. Required texts, recommended texts and references in particular are likely to change. Students will be provided with a subject outline once they enrol in the subject.

Subject handbook information prior to 2022 is available in the Archives.

UTS: Information Technology: Electrical and Data Engineering
Credit points: 6 cp
Result type: Grade and marks

There are course requisites for this subject. See access conditions.

Description

The subject presents security principles, methodologies and technologies from technical and management perspectives. The subject enables students to identify and communicate insights on cyber-attack techniques, and compare and contrast methods to defend against such attacks using industry standard tools and techniques. Topics include intrusion detection and defences, along with confidentiality, integrity, authentication and technologies. Explored through stakeholder contexts, the subject enables personal reflection on ethical considerations of cybersecurity management in contemporary Australia.

Subject learning objectives (SLOs)

Upon successful completion of this subject students should be able to:

1. Compare and contrast technologies and procedures used to achieve cybersecurity outcomes.
2. Design approaches to mitigate identified cybersecurity threats.
3. Communicate research findings and implementations in written and oral form to technical audiences.
4. Identify cultural and historical contexts and privacy relevant to Aboriginal and Torres Strait Islander’s cyber security.

Course intended learning outcomes (CILOs)

This subject also contributes specifically to the development of the following Course Intended Learning Outcomes (CILOs):

  • Historically and Culturally Informed about Indigenous Knowledge Systems: FEIT graduates are culturally and historically well informed, able to co-design projects as respectful professionals when working in and with Aboriginal and Torres Strait Islander communities. (A.1)
  • Design Oriented: FEIT graduates apply problem solving, design thinking and decision-making methodologies in new contexts or to novel problems, to explore, test, analyse and synthesise complex ideas, theories or concepts. (C.1)
  • Technically Proficient: FEIT graduates apply theoretical, conceptual, software and physical tools and advanced discipline knowledge to research, evaluate and predict future performance of systems characterised by complexity. (D.1)
  • Collaborative and Communicative: FEIT graduates work as an effective member or leader of diverse teams, communicating effectively and operating autonomously within cross-disciplinary and cross-cultural contexts in the workplace. (E.1)

Teaching and learning strategies

This subject has six modules delivered online over a period of six weeks. Students work through each module at their own pace and momentum is maintained through weekly interactive activity attached to each theme and/or concept within the modules. IModules are delivered in CANVAS through a combination of learning materials, questions/activities and short video presentation. Over the six weeks, there are 3 synchronous one hour online interactive sessions, facilitated by teaching staff, that discuss the module and provide opportunities for task-based group activity, discussion on subject materials, feedback on learning progress and Q & A sessions. The research project, report and presentation build upon knowledge gained in the quizzes, allowing students to reflect on the quiz feedback to inform their later assessment tasks.

Content (topics)

Module 1: Introduction to Cybersecurity and Cyber Risk assessment

  • A review on recent cybersecurity incidents
  • Security goals
  • Organisational context on cybersecurity and security policy
  • The role and importance of Cybersecurity and privacy for Indigenous Australians
  • Security Risk assessment strategy
  • Introduction to Virtual Machine (VM) Labs

Module 2: Web security Vulnerabilities

  • Web browser vulnerabilities
  • Cache Poisoning
  • DNS security
  • Cross-site Request Forgery (CSRF)
  • Cross-site Scripting (XSS)
  • Database security
  • Lab exercises on SQL injection and DNS cache poisoning

Module 3: Security issues at Transport layer

  • Transport Layer Security (TLS)
  • TCP vulnerabilities
  • DoS and DDoS attack
  • Lab exercises on certification and TCP SYNC flooding attack

Module 4: Intrusion Detection and Prevention scheme

  • Intrusion Detection System
  • Intrusion Prevention System
  • Lab exercises on TCP session hijacking attack and COW attack

Module 5: Access control and Mobile device security

  • Access control principle
  • Wireless security
  • Cloud security
  • IoT security

Module 6: Cyber Threat Intelligence (CTI) and secure coding

  • Cyber Threat Intelligence (CTI) principle
  • Intelligence collection
  • Common CTI pitfalls
  • Secure Coding and software security

Students will also have the opportunity to learn and improve their professional communication skills.

Assessment

Assessment task 1: Quiz 1

Intent:

The aim of this assessment is for students to receive feedback on their learning of module 1.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

D.1

Type: Quiz/test
Groupwork: Individual
Weight: 10%
Length:

30 minutes

Assessment task 2: Quiz 2

Intent:

The aim of this assessment is for students to receive feedback on their learning of modules 2-5.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1 and 2

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

C.1 and D.1

Type: Quiz/test
Groupwork: Individual
Weight: 20%
Length:

30 minutes

Assessment task 3: Research Project and Report

Intent:

The aim of this assessment is for students to demonstrate their ability to research a recent cybersecurity incident and develop a plan to implement cyber defence strategy.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2, 3 and 4

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

A.1, C.1, D.1 and E.1

Type: Report
Groupwork: Individual
Weight: 40%
Length:

3000 words

Assessment task 4: Research Presentation

Intent:

The aim of this assessment is for students to demonstrate their professional communication and presentation skills by presenting their research findings and implementation strategy.

Objective(s):

This assessment task addresses the following subject learning objectives (SLOs):

1, 2 and 3

This assessment task contributes to the development of the following Course Intended Learning Outcomes (CILOs):

C.1, D.1 and E.1

Type: Presentation
Groupwork: Individual
Weight: 30%
Length:

20 minutes

Minimum requirements

In order to pass the subject, a student must achieve an overall mark of 50% or more.

Required texts

Stallings, William. (2014). Network security essentials: applications and standards (5th edition/6th edition). Pearson. ISBN: 9780133370430 (5th ed) / 9781292154855 (6th ed).

Recommended texts

  1. Stallings, William & Brown, Lawrie Brown (2018). Computer security: principles and practice (4th edition). Pearson. Global Edition. ISBN: 9781292220611.
  2. Du, Wenliang (2017). Computer security: a hands-on approach (1st edition). CreateSpace. ISBN: 9781548367947.