ITEC854: Information Security Management
Semester 2, 2011
Faculty: Science; Department: Computing
General Information
Credit points: 4
Convenor: Milton Baar
Prerequisites: None.
Students should read this unit guide carefully at the start of semester. It contains important information about the unit. If anything in it is unclear, please consult one of the teaching staff in the unit.
About This Unit
Description
The intent of this course is to provide students with a
working knowledge of commercial information security
governance requirements, tools and techniques. The
course has a practical focus with Tutorial and Lab work
that will include aspects of physical security and
hacking, Information Security Architectures and the
creation of a dummy company on which the tools and
techniques will be developed and tested. At the
end of the unit, "companies" will present to a panel of
industry experts and receive valuable feedback on their
performance.
The unit does not have a technical focus, not is there
any assumed technical knowledge. There is,
however, group work undertaken as part of the tutorial
process but students are awarded marks individually, not
as part of the group. There is no textbook for the
unit, all required readings are supplied on
Blackboard. This is a four credit point unit ans
as such, students are expected to undertake eight hours
work for this unit in addition to the weekly four hours
of face-to-face time. The assignments and tutorial
work will need the eight hours.
Teaching Staff
| Role | Name | Room | Office hours | |
|---|---|---|---|---|
| Convener, Lecturer | Milton Baar | milton.baar@mq.edu.au |
All emails related to this unit should contain ITEC854 in the subject and must include your full name and your student id number.
Teaching and Learning
Classes
Each week you should attend two hours of lectures, and two hours of practical/lab. For details of days, times and rooms consult the timetables webpage.
Note that Tutorials/Practicals commence in week 2.
Please note it is to your benefit to
attend most of the tutorials/practicals, although many
or most of these may be undertaken outside the scheduled
lab times.
Resources to assist your learning
iLecture
Digital recordings of lectures are available. Read these instructions for details.
Textbook
There is no textbook for this unit.
Unit material
Material for the unit can be found at http://ilearn.mq.edu.au.
Technology
Students are expected to make use of MS Word, MS Excel
and MS Powerpoint or any other tools they wish.
Websites
The web page for this unit can be found at http://www.comp.mq.edu.au/units/ITEC854/
Staff-Student Liaison Committee
The Department has established a Staff-Student Liaison
Committee at each level to provide all students studying
a Computing unit the opportunity to discuss related
issues or problems with both students and staff.
If you have exhausted all other avenues, then you should consult the Director of Teaching (Dr. Christophe Doche) or the Head of Department (Assoc. Prof. Bernard Mans). You are entitled to have your concerns raised, discussed and resolved.
Student Support Services
Macquarie University provides a range of Academic Student Support Services. Details of these services can accessed at http://www.student.mq.edu.au.
Assumed knowledge
This is reflected in the prerequisites for ITEC854.
Topic List
|
Week/ Date/ Lecturer |
Lecture Topic |
Reading material |
|
Week 1
|
Introduction
and Course Outline
|
Senior
Executives Commitment to Information Security -
from Motivation to Responsibility |
|
Week 2
|
Standards
& Governance
|
ISO27001,
ISO27002, ISO17799, PCIDSS, Sarbanes Oxley Act,
COBIT |
|
Week 3
|
Information
Risk Management Concepts
|
AS/NZS4360,
HB231:2004, A Novel Security Risk Evaluation for
Information Systems, Measuring the risk based
value of IT Security solutions, Quantitative
assessment of enterprise security system |
|
Week 4
|
Threat
Workshop
|
AS/NZS4360,
HB231:2004, A Novel Security Risk Evaluation for
Information Systems, BSI Handbook v1007, Security
Usability Principles for Vulnerability
Analysis and Risk Assessment |
|
Week 5
|
Controls
Workshop
|
AS/NZS4360,
HB231:2004, A Novel Security Risk Evaluation for
Information Systems, BSI Handbook v1007 |
|
Week 6 |
Business Continuity Planning and DRP
|
ISO27001, ISO17799, BSI Handbook v1007, Veritas DR Executive Summary |
|
Week 7
|
Creating an Enterprise Information
Security Framework
|
|
|
Week 8 |
Information Classification and
Exposures
|
ISO27001, Senior Executives Commitment
to Information Security - from Motivation to
Responsibility |
|
Week 9 |
Practical Hacking
|
Open Source Security Testing
Methodology Manual |
|
Week 10
|
Incident
Response & Server Hardening
|
ISO27001,
Combining ITIL, COBIT and ISO/IEC 27002 in Order
to Design a Comprehensive IT Framework in
Organizations, |
|
Week 11
|
Evidence
Collection
|
HB171 Guidelines for the management of evidence, Computer Forensics for Lawyers |
|
Week 12
|
Physical
Security Reviews |
|
|
Week 13 |
Industry
presentation |
Teaching and Learning Strategy
ITEC854 is taught via lectures and mixed-classes in the laboratory. The feedback that you receive plays also a crucial role in your learning.
Lectures are used to introduce new material, give
examples of the management issues and put them in a
wider context.
You learn by processing concepts, not just by hearing them. Mixed classes are small group classes which give you the opportunity to do exactly that by interacting with a tutor who has a sound knowledge of the subject and with your peers. This also gives you a chance to practice your information security management skills.
You have many opportunities to seek for and to receive feedback. During lectures, you are encouraged to ask the lecturer questions to clarify anything you might not be sure of. Each week, you will be given tasks to undertake in the Mixed Classes and you will have to present solutions during the unit. The comments provided will help you to understand the material in the unit, prepare you for the work in assignments as well as for the final exam. It is important that you keep up with these tasks every week. Assignments have been especially designed to deliver relevant feedback on your work.
Each week you should:
- Attend lectures, take notes, ask questions
- Attend your Mixed Class and seek feedback on your work
- Start working on any assignments immediately after they have been released.
Lecture notes are made available each week but these
notes are intended as an outline of the lecture only and
are not a substitute for your own notes or reading
additional material.
ITEC854 is a 4-credit point unit and therefore it is
expected that a student will spend approximately 12 hrs
per week on this unit throughout the semester. Each week
you should attend 4 hours of a mix of lectures and
practical, this means you can expect to spend around 8
hrs working on ITEC854 outside of a class.
Learning outcomes
It is expected that on completion of this unit/topic, students will have:- An ability to understand the differences between security frameworks and standards;
- An understanding of commercial risk and unmitigated and mitigated risk;
- An ability to define risk scenarios for an experimental company;
- An understanding of commerical threats and types of threats and statutory requiements in a commercial environment;
- An understanding of basic configuration errors and basic exposures;
- An understanding of hacking/hardening techniques and their suitability as controls;
- An understanding of the value of BCP/DERP; and
- A thorough analysis and understanding of security
related standards.
See the different standards corresponding to these learning outcomes.
Graduate Capabilities
All academic programs at Macquarie University seek to develop a range of graduate capabilities. One of the aims of this unit is that students develop their skills in the following:
- Discipline Specific Knowledge and skills
- Effective Communication
- Problem Solving and Research Capability
- Creativity and Innovativity
- Commitment to Continuous Learning
Assessment
The new assessment policy and the associated code of practice imply the use of standards based assessment. In this context, the learning outcomes are aligned with the assessment tasks and the performance of each student is evaluated according to different standards.
Assessment tasks
The following tables summarizes the different aspects of the assessment in this unit. In particular, it links each task to the learning outcomes of the unit.
| Task | Due Date | Workload | Feedback | LO assessed | Weight |
|---|---|---|---|---|---|
| Quiz 1 (Early Diagnostic) | Week 4 | 1 hr | Within 1 week | LO1, LO2 |
10% |
| Quiz 2 |
Week 8 |
1 hr |
Within 1 week | LO3, LO4 |
10% |
| Quiz 3 |
Week 12 |
1 hr | Within 1 week | LO6, LO6 |
10% |
| Assignment (Individual) | Week 13 | 24 hrs | Within 2 weeks | All |
20% |
| Industry Presentation |
Week 13 |
39 hrs |
End of unit |
All | 10% |
| Final Exam |
TBA |
4 hrs |
End of unit |
All |
40% |
Note that a certain number of requirements
must be fulfilled in order to pass this unit.
If you cannot complete a piece of work please see the
convenor before the due date. Check also the special consideration
policy.
A more detailed description of each task is given below.
Assessment tasks explained
As the table above indicates, their will be five assessment tasks.
- One quiz of your understanding of issues covered in the first three weeks (Early Diagnostic).
- Two mid-unit quizzes.
- One individual assignment.
- A group presentation to an industry panel. The
presentation is the culmination of your practical/lab
work for the unit.
- One formal written examination.
Your final grade will depend on your performance in each part separately. In particular:
- You must perform satisfactorily in the three quizzes
in order to pass this unit.
- You must perform satisfactorily in the formal written examination in order to pass this unit.
- You must submit a reasonable attempt to the assignment to pass this unit.
- Failure to appear at your presentation (without a very good reason) will count as 0.
All assignments should be handed in via the online Blackboard system at http://learn.mq.edu.au/ by the time specified in the assignment description.
All work submitted should be readable and well presented.
Late work will be accepted with a penalty of 10% of the marks for the assignment per day submitted late. Hence, an assignment submitted five days late will get at most half the marks. If you cannot submit on time because of illness or other circumstances, please contact the lecturer before the due date.
Standards
Four standards, namely HD, D, CR, P summarize as many
different levels of achievement.
At the end of the semester, you will receive a grade that reflects your achievement in the unit
- Fail (F): does not provide evidence of attainment of all learning outcomes. There is missing or partial or superficial or faulty understanding and application of the fundamental concepts in the field of study; and incomplete, confusing or lacking communication of ideas in ways that give little attention to the conventions of the discipline.
- Pass (P): provides sufficient evidence of the achievement of learning outcomes. There is demonstration of understanding and application of fundamental concepts of the field of study; and communication of information and ideas adequately in terms of the conventions of the discipline. The learning attainment is considered satisfactory or adequate or competent or capable in relation to the specified outcomes.
- Credit (Cr): provides evidence of learning that goes beyond replication of content knowledge or skills relevant to the learning outcomes. There is demonstration of substantial understanding of fundamental concepts in the field of study and the ability to apply these concepts in a variety of contexts; plus communication of ideas fluently and clearly in terms of the conventions of the discipline.
- Distinction (D): provides evidence of integration and evaluation of critical ideas, principles and theories, distinctive insight and ability in applying relevant skills and concepts in relation to learning outcomes. There is demonstration of frequent originality in defining and analysing issues or problems and providing solutions; and the use of means of communication appropriate to the discipline and the audience.
- High Distinction (HD): provides consistent evidence of deep and critical understanding in relation to the learning outcomes. There is substantial originality and insight in identifying, generating and communicating competing arguments, perspectives or problem solving approaches; critical evaluation of problems, their solutions and their implications; creativity in application.
In this unit, your final grade depends on your performance in each part of the assessment. For each task, you receive a mark that combines your standard of performance regarding each learning outcome assessed by this task. Then the different component marks are added up to determine your total mark out of 100. Your grade then depends on this total mark and your overall standards of performance.
In particular, in order to pass the unit, you must
- Have satisfactory performance for Assignment 1, Assignment 2 and presentation.
- Have satisfactory performance in the final examination.
This means that you will fail the unit if you do not submit satisfactory submissions for the assignments and/or do not perform satisfactorily in the exam.
Obtaining a grade higher than a Pass (P) in this unit will require a student to obtain (in addition to the above):
- the required total number of marks (Credit - 65, Distinction - 75, High Distinction - 85).
Administration
Macquarie is developing a number of policies in the area of learning and teaching. Approved policies and associated guidelines can be found at Policy Central. Refer to the Science Centre regarding the implementation of these policies (e.g. precise procedures, forms, deadlines, etc).
Special Consideration
Special Consideration is intended for a student who is
prevented by serious and unavoidable disruption from
completing any unit requirements in accordance with
their ability. This application
form needs to be filled and submitted to the
Science centre along with some evidence to support your
case. Depending on the circumstances presented, the
convenor may choose to give you an alternate assessment,
additional time for an assessment, make-up exam, etc.
If a Supplementary Examination is granted as a result of
the Special Consideration process the examination will
be scheduled after the conclusion of the official
examination period.
For details of the Special
Consideration policy specific to the Department of
Computing, see the Department's policy
page.
Grade Appeal
In case of problems arising with your final grade, the first step is to organise a review. The Department recommends that you request an appointment with the convenor of the unit in order to review your grade. If the review does not solve the problem, a formal Grade Appeal can be lodged. See the grade appeal policy.
Academic Honesty and Plagiarism
Plagiarism involves using the work of another person
and presenting it as one's own. The Department, in line
with University
policy, treats all cases seriously. In particular,
the Department, keeps a record of all plagiarism cases.
This record is referred to so that an appropriate
penalty can be applied to each case.
For concrete examples, see this page.