Students
ITEC663 – Cyber Security Management in Practice
2019 – S2 Day
General Information
Download as PDF
| Unit convenor and teaching staff |
Unit convenor and teaching staff
Les Bell
By appointment
|
|---|---|
| Credit points |
Credit points
4
|
| Prerequisites |
Prerequisites
Admission to MInfoTech(Cyber Sec)
|
| Corequisites |
Corequisites
|
| Co-badged status |
Co-badged status
|
| Unit description |
Unit description
This unit provides a practical introduction to cyber security management. It tackles GRC (Governance, Risk Management, Compliance) and incident response. As such, it covers a range of topics including legal and ethical issues, human factor and security culture, legacy systems, security supply chain, regulatory frameworks and policy development, incident triage and business recovery. Effective communication to non-technical audiences plays also a key role in this unit.
|
Important Academic Dates
Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates
Learning Outcomes
On successful completion of this unit, you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
General Assessment Information
Late Submission
No extensions will be granted without an approved application for Special Consideration. There will be a deduction of 10% of the total available marks made from the total awarded mark for each 24 hour period or part thereof that the submission is late. For example, 25 hours late in submission for an assignment worth 10 marks – 20% penalty or 2 marks deducted from the total. No submission will be accepted after solutions have been posted.
Supplementary Examination
If you receive Special Consideration for the final exam, a supplementary exam will be scheduled after the normal exam period, following the release of marks. By making a special consideration application for the final exam you are declaring yourself available for a resit during the supplementary examination period and will not be eligible for a second special consideration approval based on pre-existing commitments.
Please ensure you are familiar with the policy prior to submitting an application.
Approved applicants will receive an individual notification one week prior to the exam with the exact date and time of their supplementary examination.
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Module Examination 1 | 20% | No | Week 5 |
| Module Examination 2 | 20% | No | Week 9 |
| Module Examination 3 | 20% | No | During examination period |
| Weekly Tutorial Quizzes | 10% | No | Each week |
| Assignment 1 | 15% | No | Week 8 |
| Assignment 2 | 15% | No | Week 13 |
Module Examination 1
Due: Week 5
Weighting: 20%
This examination will cover the topics in weeks 1 - 4.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
Module Examination 2
Due: Week 9
Weighting: 20%
This examination will cover the topics in weeks 5 - 8.
On successful completion you will be able to:
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
Module Examination 3
Due: During examination period
Weighting: 20%
This examination will cover the topics in weeks 9 - 12.
On successful completion you will be able to:
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Weekly Tutorial Quizzes
Due: Each week
Weighting: 10%
Each week's material will be followed by a short quiz to test student understanding. The final mark will be calculated from the best 10 of 12 scores achieved by the student.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Assignment 1
Due: Week 8
Weighting: 15%
In this assignment, the student will be required to write a draft issue-specific enterprise security policy, based upon the frameworks and Standards examined in Module 1.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
Assignment 2
Due: Week 13
Weighting: 15%
Students are required to present the results of a risk assessment, along with suggested mitigation strategies, in order for a business stakeholder (typically a risk or asset owner) to decide upon the appropriate strategy.
On successful completion you will be able to:
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
Delivery and Resources
Textbooks and Readings
There is no suitable textbook. However, each lecture will require the student to read a provided text selected from a range of cyber security frameworks, Standards, textbooks, guides to best practice, blogs and other sources. Readings will be posted on iLearn and must be completed before the lecture, as the lectures are highly interactive workshops.
Relevant international Standards have been purchased by the University Library and placed in Reserve for use by ITEC663 students.
Lectures
The lectures for this unit will be workshop-based, and students are expected to come prepared for discussion of the issues and challenges posed by the readings. Cyber security management is, in large part, about communicating threats and risks to business executives and understanding how to achieve the enterprise's goals while dealing with those threats and risks. Students should therefore expect to develop and make use of their speaking skills during the workshop sessions.
In addition, guest lecturers will provide 'real-world' case studies and examples.
Unit Schedule
The unit comprises three major modules, each separately examinable.
Module 1: Governance and Compliance
- Introduction and Overview
- Business and security operations
- Governance, legal and regulatory, frameworks, standards and compliance
- Security architecture
- The Human Factor: Policies, culture and communication
Module 2 - Risk Management
- Introduction to Information Risk Management
- Threat Intelligence, Qualitative Risk Management
- Estimation, Calibration and Quantitative Risk Management
- Advanced Risk Management
Module 3 - Security Operations
- Business Continuity and Disaster Recovery Planning
- The Incident Response Cycle
- Incident Analysis, logs and SIEM
- Digital Forensics and Evidence Management
Policies and Procedures
Macquarie University policies and procedures are accessible from Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central). Students should be aware of the following policies in particular with regard to Learning and Teaching:
- Academic Appeals Policy
- Academic Integrity Policy
- Academic Progression Policy
- Assessment Policy
- Fitness to Practice Procedure
- Grade Appeal Policy
- Complaint Management Procedure for Students and Members of the Public
- Special Consideration Policy (Note: The Special Consideration Policy is effective from 4 December 2017 and replaces the Disruption to Studies Policy.)
Undergraduate students seeking more policy resources can visit the Student Policy Gateway (https://students.mq.edu.au/support/study/student-policy-gateway). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.
If you would like to see all the policies relevant to Learning and Teaching visit Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central).
Student Code of Conduct
Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/study/getting-started/student-conduct
Results
Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit ask.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au
Student Support
Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/
Learning Skills
Learning Skills (mq.edu.au/learningskills) provides academic writing resources and study strategies to improve your marks and take control of your study.
Student Services and Support
Students with a disability are encouraged to contact the Disability Service who can provide appropriate help with any issues that arise during their studies.
Student Enquiries
For all student enquiries, visit Student Connect at ask.mq.edu.au
If you are a Global MBA student contact globalmba.support@mq.edu.au
IT Help
For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/.
When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.
Graduate Capabilities
Creative and Innovative
Our graduates will also be capable of creative thinking and of creating knowledge. They will be imaginative and open to experience and capable of innovation at work and in the community. We want them to be engaged in applying their critical, creative thinking.
This graduate capability is supported by:
Learning outcome
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Capable of Professional and Personal Judgement and Initiative
We want our graduates to have emotional intelligence and sound interpersonal skills and to demonstrate discernment and common sense in their professional and personal judgement. They will exercise initiative as needed. They will be capable of risk assessment, and be able to handle ambiguity and complexity, enabling them to be adaptable in diverse and changing environments.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Commitment to Continuous Learning
Our graduates will have enquiring minds and a literate curiosity which will lead them to pursue knowledge for its own sake. They will continue to pursue learning in their careers and as they participate in the world. They will be capable of reflecting on their experiences and relationships with others and the environment, learning from them, and growing - personally, professionally and socially.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Discipline Specific Knowledge and Skills
Our graduates will take with them the intellectual development, depth and breadth of knowledge, scholarly understanding, and specific subject content in their chosen fields to make them competent and confident in their subject or profession. They will be able to demonstrate, where relevant, professional technical competence and meet professional standards. They will be able to articulate the structure of knowledge of their discipline, be able to adapt discipline-specific knowledge to novel situations, and be able to contribute from their discipline to inter-disciplinary solutions to problems.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Critical, Analytical and Integrative Thinking
We want our graduates to be capable of reasoning, questioning and analysing, and to integrate and synthesise learning and knowledge from a range of sources and environments; to be able to critique constraints, assumptions and limitations; to be able to think independently and systemically in relation to scholarly activity, in the workplace, and in the world. We want them to have a level of scientific and information technology literacy.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Problem Solving and Research Capability
Our graduates should be capable of researching; of analysing, and interpreting and assessing data and information in various forms; of drawing connections across fields of knowledge; and they should be able to relate their knowledge to complex situations at work or in the world, in order to diagnose and solve problems. We want them to have the confidence to take the initiative in doing so, within an awareness of their own limitations.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Effective Communication
We want to develop in our students the ability to communicate and convey their views in forms effective with different audiences. We want our graduates to take with them the capability to read, listen, question, gather and evaluate information resources in a variety of formats, assess, write clearly, speak effectively, and to use visual communication and communication technologies as appropriate.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Engaged and Ethical Local and Global citizens
As local citizens our graduates will be aware of indigenous perspectives and of the nation's historical context. They will be engaged with the challenges of contemporary society and with knowledge and ideas. We want our graduates to have respect for diversity, to be open-minded, sensitive to others and inclusive, and to be open to other cultures and perspectives: they should have a level of cultural literacy. Our graduates should be aware of disadvantage and social justice, and be willing to participate to help create a wiser and better society.
This graduate capability is supported by:
Learning outcomes
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.