Students

COMP3320 – Cyber Security Management in Practice

2021 – Session 2, Special circumstances

Session 2 Learning and Teaching Update

The decision has been made to conduct study online for the remainder of Session 2 for all units WITHOUT mandatory on-campus learning activities. Exams for Session 2 will also be online where possible to do so.

This is due to the extension of the lockdown orders and to provide certainty around arrangements for the remainder of Session 2. We hope to return to campus beyond Session 2 as soon as it is safe and appropriate to do so.

Some classes/teaching activities cannot be moved online and must be taught on campus. You should already know if you are in one of these classes/teaching activities and your unit convenor will provide you with more information via iLearn. If you want to confirm, see the list of units with mandatory on-campus classes/teaching activities.

Visit the MQ COVID-19 information page for more detail.

General Information

Download as PDF
Unit convenor and teaching staff Unit convenor and teaching staff Lecturer & Tutor
Leslie Bell
Appointment slots published in iLearn
Credit points Credit points
10
Prerequisites Prerequisites
(130cp at 1000 level or above and (COMP1300 or COMP107) and (COMP1350 or ISYS114) and (COMP343 or COMP2300))
Corequisites Corequisites
Co-badged status Co-badged status
COMP6325
Unit description Unit description
This unit provides a practical introduction to cyber security management. It tackles GRC (Governance, Risk Management, Compliance) and incident response. As such, it covers a range of topics including legal and ethical issues, human factor and security culture, legacy systems, security supply chain, regulatory frameworks and policy development, incident triage and business recovery. Effective communication to non-technical audiences plays also a key role in this unit.

Important Academic Dates

Information about important academic dates including deadlines for withdrawing from units are available at https://students.mq.edu.au/important-dates

Learning Outcomes

On successful completion of this unit, you will be able to:

  • ULO1: Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
  • ULO2: Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
  • ULO3: Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.

General Assessment Information

Late Submission

No extensions will be granted without an approved application for Special Consideration. There will be a deduction of 10% of the total available marks made from the total awarded mark for each 24 hour period or part thereof that the submission is late. For example, 25 hours late in submission for an assignment worth 10 marks – 20% penalty or 2 marks deducted from the total.

Under no circumstances will submissions will be accepted after solutions have been posted.

Module Examinations

Module Examinations will be scheduled during tutorial timeslots in weeks 5, 9 and 13, and will generally replace that week's tutorial. Your attention is drawn to the university's 'Fit to Sit' policy, which states that by commencing an examination you are certifying yourself as fit to sit that examination. In particular, if you commence a Module Examination late, with insufficient time to finish it, you will not be offered a Supplementary Examination. It is the responsibility of students to make sure that they are aware of the time at which the Module Exam will commence.

Supplementary Examinations

Applications for Supplementary Examinations under the Disruption to Studies Policy must be made via AskMQ. If this is approved, the Unit Convenor will attempt to schedule an examination at a time convenient to the student and will notify the student of the date and time of the examination in a timely fashion.

Assessment Tasks

Name Weighting Hurdle Due
Weekly Tasks 10% No Weekly
Weekly lecture and worskhop discussion participation 15% No Weekly
Assignment 1 15% No Week 7
Assignment 2 15% No Week 13
Module Exam #1 15% No Week 5
Module Exam #2 15% No Week 9
Module Exam #3 15% No Week 13

Weekly Tasks

Assessment Type 1: Quiz/Test
Indicative Time on Task 2: 5 hours
Due: Weekly
Weighting: 10%

 

Each week material will be followed by a short quiz to test student understanding. The final mark will be calculated from the best 10 of 12 scores achieved by the student.

 


On successful completion you will be able to:
  • Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
  • Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
  • Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.

Weekly lecture and worskhop discussion participation

Assessment Type 1: Participatory task
Indicative Time on Task 2: 10 hours
Due: Weekly
Weighting: 15%

 

Participation in weekly discussion (in both lectures and workshops) relating contemporary topics - privacy legislation, security breaches, regulatory changes, etc. - to the methdologies introduced in the lectures and workshops. Discussion will take place in the classroom in the case of on-campus delivery, and for online delivery will be both via Zoom meeting (with participation recorded) and via iLearn discussion forum, so as to not disadvantage students who do not have webcam/microphone or sufficient bandwidth for Zoom, or who prefer written communication.

 


On successful completion you will be able to:
  • Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
  • Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
  • Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.

Assignment 1

Assessment Type 1: Project
Indicative Time on Task 2: 7 hours
Due: Week 7
Weighting: 15%

 

In this assignment, the student will be required to write a draft issue-specific enterprise security policy, based upon the frameworks and Standards examined in Module 1.

 


On successful completion you will be able to:
  • Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.

Assignment 2

Assessment Type 1: Project
Indicative Time on Task 2: 8 hours
Due: Week 13
Weighting: 15%

 

Students are required to present the results of a risk assessment, along with suggested mitigation strategies, in order for a business stakeholder (typically a risk or asset owner) to decide upon the appropriate strategy.

 


On successful completion you will be able to:
  • Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.

Module Exam #1

Assessment Type 1: Examination
Indicative Time on Task 2: 7 hours
Due: Week 5
Weighting: 15%

 

A 50 minutes long written examination worth 20% that will be held in week 5 during practical class. This will test your understanding of material covered in weeks 1 to 4.

 


On successful completion you will be able to:
  • Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.

Module Exam #2

Assessment Type 1: Examination
Indicative Time on Task 2: 7 hours
Due: Week 9
Weighting: 15%

 

A 50 minutes long written examination worth 20% that will be held in week 9 during practical class. This will test your understanding of material covered in weeks 5 to 8.

 


On successful completion you will be able to:
  • Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.

Module Exam #3

Assessment Type 1: Examination
Indicative Time on Task 2: 6 hours
Due: Week 13
Weighting: 15%

 

A 50 minutes long written examination worth 20% that will be held in week 13 during practical class. This will test your understanding of material covered in weeks 9 to 12.

 


On successful completion you will be able to:
  • Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.

1 If you need help with your assignment, please contact:

  • the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
  • the Learning Skills Unit for academic skills support.

2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation

Delivery and Resources

Textbooks and Readings

Each lecture will require the student to read a provided text selected from a range of cyber security frameworks, Standards, textbooks, guides to best practice, blogs and other sources. Readings will be posted on iLearn and must be completed before the tutorial workshop, as the workshops are highly interactive.

A suggested (and highly recommended) textbook for cyber security studies generally is Smith, Richard E., Elementary Information Security, 3rd ed., Jones & Bartlett Learning, 2020.

Relevant international Standards have been purchased by the University Library and placed in Reserve for use by COMP3320/6325 students.

Lectures

The lecture content of this unit will be delivered in the form of short videos elaborating on the concepts introduced in the readings. Guest lecturers and interview subjects will provide 'real-world' case studies and examples. There will be approximate two hours of lecture content each week, which students can view at their own pace.

Tutorial Workshops

Students will be expected to participate in weekly tutorial workshops, which will be offered in both on campus (face-to-face) and online (Zoom meeting) format.

Cyber security management is, in large part, about communicating threats and risks to business executives and understanding how to achieve the enterprise's goals while dealing with those threats and risks. Students should therefore expect to develop and make use of their speaking skills during the workshop sessions, and/or their writing skills during post-workshop discussions on iLearn. The importance of engaging in this is reflected in the allocation of 15% of the total assessment to these activities.

Unit Schedule

The unit comprises three major modules, each separately examinable.

Module 1: Governance and Compliance

  • Introduction and Overview
  • Business and security operations
  • Governance, legal and regulatory, frameworks, standards and compliance
  • Security architecture, authentication and access control models
  • The Human Factor: Policies, culture and communication

Module 2 - Information Risk Management

  • Introduction to Information Risk Management
  • Threat Intelligence, Qualitative Risk Management
  • Estimation, Calibration and Quantitative Risk Management
  • Advanced Risk Management

Module 3 - Security Operations

  • Business Continuity and Disaster Recovery Planning
  • The Incident Response Cycle
  • Incident Analysis, logs and SIEM
  • Digital Forensics and Evidence Management

Policies and Procedures

Macquarie University policies and procedures are accessible from Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central). Students should be aware of the following policies in particular with regard to Learning and Teaching:

Students seeking more policy resources can visit the Student Policy Gateway (https://students.mq.edu.au/support/study/student-policy-gateway). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.

If you would like to see all the policies relevant to Learning and Teaching visit Policy Central (https://staff.mq.edu.au/work/strategy-planning-and-governance/university-policies-and-procedures/policy-central).

Student Code of Conduct

Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/admin/other-resources/student-conduct

Results

Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit ask.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au

Student Support

Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/

Learning Skills

Learning Skills (mq.edu.au/learningskills) provides academic writing resources and study strategies to help you improve your marks and take control of your study.

The Library provides online and face to face support to help you find and use relevant information resources. 

Student Enquiry Service

For all student enquiries, visit Student Connect at ask.mq.edu.au

If you are a Global MBA student contact globalmba.support@mq.edu.au

Equity Support

Students with a disability are encouraged to contact the Disability Service who can provide appropriate help with any issues that arise during their studies.

IT Help

For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/

When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.