Students
COMP3320 – Cyber Security Management in Practice
2025 – Session 1, Online-scheduled-weekday
General Information
Download as PDF
| Unit convenor and teaching staff |
Unit convenor and teaching staff
Unit Convenor, Lecturer, SGTA lead, marker
Milton Baar
Contact via 04 1927 9847
By arrangement
|
|---|---|
| Credit points |
Credit points
10
|
| Prerequisites |
Prerequisites
130cp at 1000 level or above and COMP1300 and COMP1350 and COMP2300
|
| Corequisites |
Corequisites
|
| Co-badged status |
Co-badged status
comp6325
|
| Unit description |
Unit description
This unit provides a practical introduction to cyber security management. It tackles GRC (Governance, Risk Management, Compliance) and incident response. As such, it covers a range of topics including legal and ethical issues, human factor and security culture, legacy systems, security supply chain, regulatory frameworks and policy development, incident triage and business recovery. Effective communication to non-technical audiences plays also a key role in this unit. Learning in this unit enhances student understanding of global challenges identified by the United Nations Sustainable Development Goals (UNSDGs) Industry, Innovation and Infrastructure |
Important Academic Dates
Information about important academic dates including deadlines for withdrawing from units are available at https://www.mq.edu.au/study/calendar-of-dates
Learning Outcomes
On successful completion of this unit, you will be able to:
- ULO1: Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- ULO2: Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- ULO3: Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
General Assessment Information
General Faculty Policy on assessment submission deadlines and late submissions:
In-class activities, scheduled tests and exams must be undertaken at the time indicated in the unit guide. Should these activities be missed due to illness or misadventure, students may apply for Special Consideration.
All other assessments must be submitted by 2355 on their due date.
Should these assessments be missed due to illness or misadventure, students should apply for Special Consideration.
Assessments not submitted by the due date will receive a mark of zero unless late submissions are specifically allowed as indicated in the unit guide or on iLearn.
Late Assessment Submission
Late assessments are not accepted in this unit unless a Special Consideration has been submitted and approved.
Requirements to Pass this Unit
To pass this unit you must:
1. Attempt all assessments, and
2. Achieve a total mark equal to or greater than 50%
Module Examinations
Module Examinations will be scheduled during the second hour of the weekly lecture in weeks 5, 9 and 13, and will replace that week's second hour of lectures; there is no SGTA scheduled for Weeks 05/09/13 but they may take place should there be sufficient interest. Your attention is drawn to the university's 'Fit to Sit' policy, which states that by commencing an examination you are certifying yourself as fit to sit that examination. In particular, if you commence a Module Examination late, with insufficient time to finish it, you will not be offered a Supplementary Examination. It is the responsibility of students to make sure that they are aware of the time at which the Module Exam will commence.
Supplementary Examinations
Applications for Supplementary Examinations under the Disruption to Studies Policy must be made via ConnectMQ. If this is approved, the Unit Convenor will attempt to schedule an examination at a time convenient to the student and will notify the student of the date and time of the examination in a timely fashion.
Special Consideration
The Special Consideration Policy aims to support students who have been impacted by short-term circumstances or events that are serious, unavoidable and significantly disruptive, and which may affect their performance in assessment. If you experience circumstances or events that affect your ability to complete the assessments in this unit on time, please inform the convenor and submit a Special Consideration request through connect.mq.edu.au
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Module Exam #1 | 15% | No | Week 5 in second half of scheduled lecture |
| Module Exam #2 | 15% | No | Week 9 in second half of scheduled lecture |
| Module Exam #3 | 15% | No | Week 13 in second half of scheduled lecture |
| Assignment 1 | 35% | No |
2355 Sunday end of Week 06 |
| Assignment 2 | 20% | No | 2355 Sunday end of Week 12 |
Module Exam #1
Assessment Type 1: Examination Indicative Time on Task 2: 7 hours Due: Week 5 in second half of scheduled lecture, Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 1 to 4.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
Module Exam #2
Assessment Type 1: Examination Indicative Time on Task 2: 7 hours Due: Week 9 in second half of scheduled lecture, Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 5 to 8.
On successful completion you will be able to:
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
Module Exam #3
Assessment Type 1: Examination Indicative Time on Task 2: 7 hours Due: Week 13 in second half of scheduled lecture, Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 9 to 12.
On successful completion you will be able to:
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Assignment 1
Assessment Type 1: Project Indicative Time on Task 2: 24 hours Due: 2355 Sunday end of Week 06 Weighting: 35%, released and available on iLearn from Week 0.
In this assignment, the student will be set a written task based on the material covered in Module 1 and Module 2. The assignment is worth 35%.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
1 If you need help with your assignment, please contact:
- the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
- the Writing Centre for academic skills support.
2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation
Assignment 2
Assessment Type 1: Project Indicative Time on Task 2: 5 hours Due: 2355 Sunday end of Week 12 Weighting: 20%, released and available on iLearn from Week 0.
In this assignment, the student will be set a written task based on the Ethics and Governance material covered in Module 1, Module 2 and Module 3. The assignment is worth 20%.
On successful completion you will be able to:
- Demonstrate an understanding of the prctical application of international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system
- Demonstrate an understanding of the ethical and governance implications of implementing legal and regulatory compliance processes.
1 If you need help with your assignment, please contact:
- the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
- the Writing Centre for academic skills support.
2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation
Assessment Tasks
| Name | Weighting | Hurdle | Due |
|---|---|---|---|
| Module Exam #1 | 15% | No | Second hour of lecture Week 05 |
| Module Exam #2 | 15% | No | Second hour of lecture Week 09 |
| Module Exam #3 | 15% | No | Second hour of lecture Week 13 |
| Assignment 1 | 35% | No | 2355 Sunday of Week 06 |
| Assignment on ethics and governance | 20% | No | 2355 Sunday of Week 12 |
Module Exam #1
Assessment Type 1: Examination
Indicative Time on Task 2: 7 hours
Due: Second hour of lecture Week 05
Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 1 to 4.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
Module Exam #2
Assessment Type 1: Examination
Indicative Time on Task 2: 7 hours
Due: Second hour of lecture Week 09
Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 5 to 8.
On successful completion you will be able to:
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
Module Exam #3
Assessment Type 1: Examination
Indicative Time on Task 2: 7 hours
Due: Second hour of lecture Week 13
Weighting: 15%
A 50 minutes long online examination worth 15% that will test your understanding of material covered in weeks 9 to 12.
On successful completion you will be able to:
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
Assignment 1
Assessment Type 1: Project
Indicative Time on Task 2: 24 hours
Due: 2355 Sunday of Week 06
Weighting: 35%
In this assignment, the student will be set a written task based on the material covered in Module 1 and Module 2. The assignment is worth 35%.
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
Assignment on ethics and governance
Assessment Type 1: Project
Indicative Time on Task 2: 5 hours
Due: 2355 Sunday of Week 12
Weighting: 20%
This assignment covers the ethics and governance compliance aspects of cyber security
On successful completion you will be able to:
- Use international frameworks and Standards to develop cyber security policies, standards and procedures as part of an information security management system, including legal and regulatory compliance.
- Use qualitative and quantitative risk assessment techniques to both manage cyber security risk by selecting controls and to communicate risk management strategies to business stakeholders.
- Manage operational security by developing plans to support business continuity and cyber incident response, including digital forensics and evidence management.
1 If you need help with your assignment, please contact:
- the academic teaching staff in your unit for guidance in understanding or completing this type of assessment
- the Writing Centre for academic skills support.
2 Indicative time-on-task is an estimate of the time required for completion of the assessment task and is subject to individual variation
Delivery and Resources
Participation in Learning Activities
This unit is online only. Lectures will be streamed live *or* may be pre-recorded and uploaded. The Lectures are not interactive so questions via Zoom may not be answered in real-time. SGTAs are real-time and SGTAs, iLearn, email and phone call are the mechanism to interact with the Lecturer.
ALL Lecture and SGTA material for the whole 13-week unit is available from Week 00 so that students may read ahead and also be prepared, in advance, for active participation in SGTAs. Both Assignments are available from Week 00 and students are encouraged to participate in the SGTAs to ask any questions regarding any course material.
The Unit Convenor is also the Lecturer, SGTA presenter and marker for all assessment tasks.
Week 1 classes
This unit is delivered online only. Lectures and SGTA commence in Week 01 and all students are encouraged to participate in the Lectures and SGTA. The Lectures and SGTAs will be later uploaded to iLearn and will be available via Echo360.
Textbooks and Readings
Each lecture will require the student to read a provided text selected from a range of cyber security frameworks, Standards, textbooks, guides to best practice, blogs and other sources. Readings will be posted on iLearn and must be completed before the tutorial workshop, as the workshops are highly interactive.
A suggested (and highly recommended) textbook for cyber security studies generally is Smith, Richard E., Elementary Information Security, 3rd ed., Jones & Bartlett Learning, 2020.
Relevant international Standards have been purchased by the University Library and placed in Reserve for use by COMP3320/6325 students.
Lectures
The lecture content of this unit will be delivered online only - please check the timetables page for details. There will be approximately two hours of lecture content each week, which students can view at their own pace if they are unable to view live at the scheduled time.
Small Group Teaching Activities (SGTA)
Students should participate in weekly SGTA online; these activities vary between workshops, practical tasks and tutorials.
Cyber security management is, in large part, about communicating threats and risks to business executives and understanding how to achieve the enterprise's goals while dealing with those threats and risks. Students should therefore expect to develop and make use of their speaking skills during the sessions, and their writing skills during post-workshop discussions on iLearn.
Methods of Communication
We will communicate with you via your university email and through announcements on iLearn. Queries to convenors can either be placed on the iLearn discussion board or sent to the unit convenor via the contact email on iLearn.
Unit Schedule
The unit comprises three major modules, each separately examinable.
Module 1: Governance and Compliance
- Introduction and Overview
- Business and security operations
- Governance, legal and regulatory, frameworks, standards and compliance
- Security architecture, authentication and access control models
- The Human Factor: Policies, culture and communication
Module 2 - Information Risk Management
- Introduction to Information Risk Management
- Threat Intelligence, Qualitative Risk Management
- Estimation, Calibration and Quantitative Risk Management
- Advanced Risk Management
Module 3 - Security Operations
- Business Continuity and Disaster Recovery Planning
- The Incident Response Cycle
- Incident Analysis, logs and SIEM, Security Orchestration and Response
- Digital Forensics and Evidence Management, Crisis Management and Crisis Communications
Policies and Procedures
Macquarie University policies and procedures are accessible from Policy Central (https://policies.mq.edu.au). Students should be aware of the following policies in particular with regard to Learning and Teaching:
- Academic Appeals Policy
- Academic Integrity Policy
- Academic Progression Policy
- Assessment Policy
- Fitness to Practice Procedure
- Assessment Procedure
- Complaints Resolution Procedure for Students and Members of the Public
- Special Consideration Policy
Students seeking more policy resources can visit Student Policies (https://students.mq.edu.au/support/study/policies). It is your one-stop-shop for the key policies you need to know about throughout your undergraduate student journey.
To find other policies relating to Teaching and Learning, visit Policy Central (https://policies.mq.edu.au) and use the search tool.
Student Code of Conduct
Macquarie University students have a responsibility to be familiar with the Student Code of Conduct: https://students.mq.edu.au/admin/other-resources/student-conduct
Results
Results published on platform other than eStudent, (eg. iLearn, Coursera etc.) or released directly by your Unit Convenor, are not confirmed as they are subject to final approval by the University. Once approved, final results will be sent to your student email address and will be made available in eStudent. For more information visit connect.mq.edu.au or if you are a Global MBA student contact globalmba.support@mq.edu.au
Academic Integrity
At Macquarie, we believe academic integrity – honesty, respect, trust, responsibility, fairness and courage – is at the core of learning, teaching and research. We recognise that meeting the expectations required to complete your assessments can be challenging. So, we offer you a range of resources and services to help you reach your potential, including free online writing and maths support, academic skills development and wellbeing consultations.
Student Support
Macquarie University provides a range of support services for students. For details, visit http://students.mq.edu.au/support/
The Writing Centre
The Writing Centre provides resources to develop your English language proficiency, academic writing, and communication skills.
- Workshops
- Chat with a WriteWISE peer writing leader
- Access StudyWISE
- Upload an assignment to Studiosity
- Complete the Academic Integrity Module
The Library provides online and face to face support to help you find and use relevant information resources.
Student Services and Support
Macquarie University offers a range of Student Support Services including:
- IT Support
- Accessibility and disability support with study
- Mental health support
- Safety support to respond to bullying, harassment, sexual harassment and sexual assault
- Social support including information about finances, tenancy and legal issues
- Student Advocacy provides independent advice on MQ policies, procedures, and processes
Student Enquiries
Got a question? Ask us via the Service Connect Portal, or contact Service Connect.
IT Help
For help with University computer systems and technology, visit http://www.mq.edu.au/about_us/offices_and_units/information_technology/help/.
When using the University's IT, you must adhere to the Acceptable Use of IT Resources Policy. The policy applies to all who connect to the MQ network including students.
Changes from Previous Offering
We value student feedback to be able to continually improve the way we offer our units. As such we encourage students to provide constructive feedback via student surveys, to the teaching staff directly, or via the FSE Student Experience & Feedback link in the iLearn page. Student feedback from the previous offering of this unit was very positive overall, with students pleased with the clarity around assessment requirements and the level of support from teaching staff.
This unit is now online only with no face-to-face component and this alteration was made based on students clearly expressing their preference for this method of delivery.
The Weekly Quizzes worth 20% total were replaced by the addition of Assignment 2 which explores students' understanding of ethics and governance in Cybersecurity Management.
Changes since First Published
| Date | Description |
|---|---|
| 10/02/2025 | Change ask.mq.edu.au to connect.mq.edu.au |
Unit information based on version 2025.04 of the Handbook