Students
COMP8300 – Security Management
2024 – Session 2, In person-scheduled-weekday, North Ryde
General Information
Download as PDF
| Unit convenor and teaching staff |
Unit convenor and teaching staff
Unit Convenor, Lecturer
Milton Baar
Contact via 04 1927 9847
|
|---|---|
| Credit points |
Credit points
10
|
| Prerequisites |
Prerequisites
ITEC602 or COMP6770
|
| Corequisites |
Corequisites
|
| Co-badged status |
Co-badged status
|
| Unit description |
Unit description
The intent of this unit is to provide students with a working knowledge of commercial information security governance requirements, tools and techniques.The unit has a practical focus with workshop and laboratory work that will include aspects of physical security and hacking, information security architectures and the creation of a dummy company on which the tools and techniques will be developed and tested. Topics include an introduction to information security, standard and governance, risk management concepts, security threats, controls, practical hacking, server hardening, evidence collection, business community planning and DRP, creating an enterprise information security framework, and EISF/ISMS certification. |
Important Academic Dates
Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates
Learning Outcomes
On successful completion of this unit, you will be able to:
- ULO1: Describe and explain the differences between security frameworks and standards
- ULO2: Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- ULO3: Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- ULO4: Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
General Assessment Information
Requirements to Pass this Unit
To pass this unit you must:
- Attempt all assessments, and
- Achieve a total mark equal to or greater than 50%, and
- Participate in the Industry Presentation at the end of Week 13
Late Assessment Submission
Late assessments are not accepted in this unit unless a Special Consideration has been submitted and approved.
Special Consideration
The Special Consideration Policy aims to support students who have been impacted by short-term circumstances or events that are serious, unavoidable and significantly disruptive, and which may affect their performance in assessment.
Written Assessments: If you experience circumstances or events that affect your ability to complete the written assessments in this unit on time, please inform the convenor and submit a Special Consideration request through ask.mq.edu.au.
Weekly practice-based tasks: To pass the unit you need to demonstrate ongoing development of skills and application of knowledge in all the weekly practical classes. If you miss a weekly practical lass due to a serious, unavoidable and significant disruption, contact your convenor ASAP and the other members of your practical group.
Note that a Special Consideration should only be applied for if you miss more than two of the weekly practical classes.
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Quiz 1 | 10% | No | Immediately after the end of the Week 04 lecture |
| Mid-semester workbook assessment | 40% | No | 2355 Sunday Week 08 |
| Quiz 2 | 10% | No | Immediately after the end of the Week 09 lecture |
| Industry Presentation | 40% | Yes | 0830-1300 Saturday 2-NOV-2024 on-campus in lecture room |
Quiz 1
Assessment Type 1: Quiz/Test Indicative Time on Task 2: 10 hours Due: Immediately after the end of the Week 04 lecture Weighting: 10%
A multiple choice quiz covering material from weeks 1-4
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Mid-semester workbook assessment
Assessment Type 1: Practice-based task Indicative Time on Task 2: 40 hours Due: 2355 Sunday end of Week 08 Weighting: 40%
Review and assessment of the workbook content that contains results from tasks undertaken from weeks 1-8.
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Quiz 2
Assessment Type 1: Quiz/Test Indicative Time on Task 2: 10 hours Due: Immediately after the end of the Week 09 lecture Weighting: 10%
A short-answer quiz covering material from weeks 5-9
On successful completion you will be able to:
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Industry Presentation
Assessment Type 1: Viva/oral examination Indicative Time on Task 2: 40 hours Due: 0830-1300 Saturday 2-NOV-2024 on-campus in lecture room Weighting: 40% This is a hurdle assessment task (see assessment policy for more information on hurdle assessment tasks)
Presentation of completed tasks to an external panel of Industry Experts
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Quiz 1 | 10% | No | In Week 04 SGTA |
| Mid-semester workbook assessment | 40% | No | 2355 Sunday end of Week 08 |
| Quiz 2 | 10% | No | In Week 09 SGTA |
| Industry Presentation | 40% | Yes | From 0830 to 1330 Saturday 2-NOV-2024 |
Quiz 1
Assessment Type 1: Quiz/Test
Indicative Time on Task 2: 10 hours
Due: In Week 04 SGTA
Weighting: 10%
A multiple choice quiz covering material from weeks 1-4
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Mid-semester workbook assessment
Assessment Type 1: Practice-based task
Indicative Time on Task 2: 40 hours
Due: 2355 Sunday end of Week 08
Weighting: 40%
Students will individually submit workbooks that contain results from group tasks to which they contribute.
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Quiz 2
Assessment Type 1: Quiz/Test
Indicative Time on Task 2: 10 hours
Due: In Week 09 SGTA
Weighting: 10%
A short-answer quiz covering material from weeks 4-8
On successful completion you will be able to:
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
Industry Presentation
Assessment Type 1: Viva/oral examination
Indicative Time on Task 2: 40 hours
Due: From 0830 to 1330 Saturday 2-NOV-2024
Weighting: 40%
This is a hurdle assessment task (see assessment policy for more information on hurdle assessment tasks)
Presentation of completed tasks to an external panel of Industry Experts
On successful completion you will be able to:
- Describe and explain the differences between security frameworks and standards
- Describe and demonstrate how to manage commercial risk, and unmitigated and mitigated risk
- Identify and assess commercial threats and types of threats and statutory requirements in a commercial environment
- Identify and analyse basic risk management errors and information exposures; assess various techniques and their suitability as controls
1 If you need help with your assignment, please contact:
- the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
- the Writing Centre for academic skills support.
2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation
Delivery and Resources
This unit is delivered face-to-face, although the lectures are recorded and available on iLearn.
The practical tasks start in Week 01 and builds, week upon week, to a single deliverable assessed on the Saturday of Week 13 by a panel of Industry Experts. The work undertaken on the practical task and its deliverable is usually undertaken by students, sometimes working in groups, off-campus at a time and location that suits them.
Each week, based on the lecture and workshop materials provided, you will gradually build an Information Security Management System (ISMS) that used the ISO/IEC:27001 standards as the framework. In Week 08, the documentation you have created will be reviewed by the Unit Convenor and, if significant changes are required, you will work with the Unit Convenor to modify what you are doing and how you are doing it.
This unit is very heavily front-loaded, that means that the first eight weeks require significant individual work to ensure that you are able to produce the documents required for the Week 13 presentation.
Methods of Communication
We will communicate with you via your university email and through announcements on iLearn. Queries to convenors can either be placed on the iLearn discussion board or sent to the unit convenor via the contact email on iLearn.
COVID Information
For the latest information on the University’s response to COVID-19, please refer to the Coronavirus infection page on the Macquarie website: https://www.mq.edu.au/about/coronavirus-faqs. Remember to check this page regularly in case the information and requirements change during semester. If there are any changes to this unit in relation to COVID, these will be communicated via iLearn.
Unit Schedule
The unit is divided into three modules, Governance (Weeks 01-04), Risk (Weeks 05-08) and Operations (Weeks 09-12).
- Quiz 1 in Week 04 covers Module 1
- Quiz 2 in Week 09 covers Module 2
- There is no Quiz for Module 3 as all modules will be covered as part of your Industry Presentation.
- Introduction
- Standards & Governance
- ISMS
- Information Classification
- Risk Management
- Qualitative Risk
- Quantitative Risk
- Loss Calculations
- Threats and Controls
- BCP/DRP
- Incident Management
- Forensics
- Industry Panel preparation
Policies and Procedures
Macquarie University policies and procedures are accessible from Policy Central (https://policies.mq.edu.au). Students should be aware of the following policies in particular with regard to Learning and Teaching:
- Academic Appeals Policy
- Academic Integrity Policy
- Academic Progression Policy
- Assessment Policy
- Fitness to Practice Procedure
- Assessment Procedure
- Complaints Resolution Procedure for Students and Members of the Public
- Special Consideration Policy
Students seeking more policy resources can visit Student Policies (https://students.mq.edu.au/support/study/policies). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.
To find other policies relating to Teaching and Learning, visit Policy Central (https://policies.mq.edu.au) and use the search tool.
Student Code of Conduct
Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/admin/other-resources/student-conduct
Results
Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit connect.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au
Academic Integrity
At Macquarie, we believe academic integrity – honesty, respect, trust, responsibility, fairness and courage – is at the core of learning, teaching and research. We recognise that meeting the expectations required to complete your assessments can be challenging. So, we offer you a range of resources and services to help you reach your potential, including free online writing and maths support, academic skills development and wellbeing consultations.
Student Support
Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/
The Writing Centre
The Writing Centre provides resources to develop your English language proficiency, academic writing, and communication skills.
- Workshops
- Chat with a WriteWISE peer writing leader
- Access StudyWISE
- Upload an assignment to Studiosity
- Complete the Academic Integrity Module
The Library provides online and face to face support to help you find and use relevant information resources.
Student Services and Support
Macquarie University offers a range of Student Support Services including:
- IT Support
- Accessibility and disability support with study
- Mental health support
- Safety support to respond to bullying, harassment, sexual harassment and sexual assault
- Social support including information about finances, tenancy and legal issues
- Student Advocacy provides independent advice on MQ policies, procedures, and processes
Student Enquiries
Got a question? Ask us via the Service Connect Portal, or contact Service Connect.
IT Help
For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/.
When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.
Changes from Previous Offering
We value student feedback to be able to continually improve the way we offer our units. As such we encourage students to provide constructive feedback via student surveys, to the teaching staff directly, or via the FSE Student Experience & Feedback link in the iLearn page.
Student feedback from the previous offering of this unit was very positive overall, with students pleased with the clarity around assessment requirements and the level of support from teaching staff. As such, no change to the delivery of the unit is planned, however we will continue to strive to improve the level of support and the level of student engagement.
However, to improve the learning and assessment processes, alterations to the weeks in which content is deliverd was made to more closely align to a modularised structure.
Unit information based on version 2024.03 of the Handbook