成人大片

COMMGMT 7025OL - Information Risks, Threats & Controls (M)

Online - Online Teaching 1 - 2025

The course Information Risks, Threats, & Controls consider a broad perspective of organisational vulnerabilities of the digital age, including Enterprise Risk Assessment. Topics addressed include recognition, analysis, and synthesis of risks, threats, and vulnerabilities, and measures to mitigate them, including policy, control, and implementation. Risk management and assurance are critical to all aspects of all businesses and on a broad level. While this course acknowledges the need to recognise and analyse risks, threats, and vulnerabilities across and within the various disciplinary structures of an organisation, (including fiscal risk, brand and reputation, production, operations, legal, and OH&S) it does so from the perspective of the responsibility for Information and Cyber Security plans to support and ensure the risk management of other departments and disciplines. The focus, throughout, is specifically on Information & Cyber Security and Data Privacy.

  • General Course Information
    Course Details
    Course Code COMMGMT 7025OL
    Course Information Risks, Threats & Controls (M)
    Coordinating Unit Management
    Term Online Teaching 1
    Level Postgraduate Coursework
    Location/s Online
    Units 3
    Available for Study Abroad and Exchange N
    Prerequisites COMMGMT 7023 or COMMGMT 7023OL and (COMP SCI 7210OL or POLIS 7024OL)
    Incompatible COMMGMT 2507, COMMGMT 7025
    Restrictions Restricted to students in Grad. Cert. in Cyber Security (Online), Grad Dip. in Cyber Security (Online) or Master of Cyber Security (Online) only
    Assessment Quiz, Projects and reflective journal
    Course Staff

    Course Coordinator: Abebe Diro

    Course Timetable

    The full timetable of all activities for this course can be accessed from .

  • Learning Outcomes
    Course Learning Outcomes

    CLO1 Effectively communicate the differences between risk, threat and vulnerabilities, how they interrelate, and the principal means of recognising them.
    CLO2 Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes.
    CLO3 Demonstrate different methods of conducting risk analyses and impact assessments.
    CLO4 Detail the core requirements of an Information Risk Assurace process for an SME and for a corporation or large business.
    CLO5 Develop an Information Security Framework for a specified business.



    University Graduate Attributes

    This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:

    University Graduate Attribute Course Learning Outcome(s)

    Attribute 1: Deep discipline knowledge and intellectual breadth

    Graduates have comprehensive knowledge and understanding of their subject area, the ability to engage with different traditions of thought, and the ability to apply their knowledge in practice including in multi-disciplinary or multi-professional contexts.

    CLO 1, 2, 3, 4

    Attribute 2: Creative and critical thinking, and problem solving

    Graduates are effective problems-solvers, able to apply critical, creative and evidence-based thinking to conceive innovative responses to future challenges.

    CLO 5

    Attribute 3: Teamwork and communication skills

    Graduates convey ideas and information effectively to a range of audiences for a variety of purposes and contribute in a positive and collaborative manner to achieving common goals.

    CLO 3

    Attribute 4: Professionalism and leadership readiness

    Graduates engage in professional behaviour and have the potential to be entrepreneurial and take leadership roles in their chosen occupations or careers and communities.

    CLO 1, 2, 3, 4, 5

    Attribute 5: Intercultural and ethical competency

    Graduates are responsible and effective global citizens whose personal values and practices are consistent with their roles as responsible members of society.

    CLO 3, 4
  • Learning Resources
    Required Resources
    Stallings, W 2019, Effective cybersecurity: a guide to using best practices and standards (Links to an external site.), Addison-Wesley Professional.

    Santos, O & Greene, S 2018, Developing cybersecurity programs and policies (Links to an external site.), Pearson. 

    Online Sections
    Developing cybersecurity programs and policies
    BOOK CHAPTER Understanding cybersecurity policy and governance. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]2 - 37

    Developing cybersecurity programs and policies
    BOOK CHAPTER [Extracted from] Cybersecurity framework. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]72 - 102

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER Best practices, standards, and a plan of action. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]3 - 28

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Extracted from] Security governance. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]50 - 56

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Exctacted from] Information risk assessment. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]75 - 80

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Extracted from] Threat and incident management. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]558 - 597
    Complete Check holdings

    Securing an IT Organization through Governance, Risk Management, and Audit
    BOOK CHAPTER Cybersecurity Risk Management. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications 20163 - 29

    Beginning Ethical Hacking with Kali Linux
    BOOK CHAPTER Information Assurance Model. Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

     
    Recommended Resources
    Module 1
    At the nexus of cybersecurity and public policy : some basic concepts and issues. Clark, David,; Berson, Thomas,; Lin, Herbert S.,Washington, District of Columbia :The National Academies Press2014.Total Pages 1 online resource (149 p.)

    Module 3
    Cybersecurity - Attack and Defense Strategies, Diogenes, Yuri,2018. 

    Module 4
    Cybersecurity operations handbook [electronic resource]. Rittinghouse, John W.Hancock, Bill,Amsterdam ;; Boston :Elsevier Digital Pressc2003.Total Pages 1 online resource (1331 p.)

    Module 6
    Cybersecurity in digital transformation : scope and applications. MoÌ聢ller, Dietmar,1st ed. 2020.Cham, Switzerland
    Online Learning
    Module 1

    North Korean hackers target coronavirus vaccine developers. CNN Nine News28 November, 2020

    'State actor' makes cyber-attack on Australian political parties. Michelle Grattan The Conversation18 February 2019

    National Vulnerability Database. National Institute of Standards and Technology

    Threat update: COVID-19 malicious cyber activity. Australian Cyber Security Centre Australian Signals Directorate20 April 2020

    Common Vulnerabilities and Exposures

     Module 2
    ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security Centre Australian Signals Directorate2020

    Australian community attitudes to privacy survey 2017. Office of the Australian Information CommissionerAustralian Government14 May 2017

    Module 3
    ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security CentreAustralian Signals Directorate, 2020

    Diagnosing the healthcare sector's cybersecurity ailments in 2020

    The cyber threat impact of COVID-19 to global business. IntSights, IntSights Defend Forward, 2020

    An exercise in cyber-crime incident response. 

    Cybersecurity - Attack and Defense Strategies. Diogenes, Yuri,Ozkaya, Erdal,1st edition, Birmingham Packt Publishing, 2018.

    Module 4
    Securing an IT Organization through Governance, Risk Management, and Audit. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications20163 - 29

    Australian Government Information Security Manual. Australian Cyber Security CentreAustralian Signals DirectorateFebruary 2021

    ACSC Annual Cyber Threat Report July 2019 to June 2020. 

    ISO 31000:2018(en) Risk management — Guidelines

    Framework for Improving Critical Infrastructure Cybersecurity

    Cybersecurity Risk Management Framework (RMF)

    Case study: Making future defence bases safer and smarter. Cyber Security Cooperative Research Centre
    Complete

    Case study: Threat hunting in critical infrastructure. Cyber Security Cooperative Research Centre

    Australian agriculture start-ups making their mark in data science. Department of Industry, Science, Energy and ResourcesDecember 2018

    Module 5
    A Model of Information Assurance Benefits. Ezingeard, Jean-Noël ; McFadzean, Elspeth ; Birchall, DavidInformation systems management22(2)2005-03-0120 - 29

    Fundamental Concepts of IT Security Assurance

    Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel. Dittmer, J

    Ransomware Case Studies & Forensics Analysis

    An Introduction to Information Security. Note: NIST Special Publication 800-12Revision 1

    ISO/IEC TR 15443-1:2012(en)

    Security policy framework: protecting government assets

    Verizon 2020 Data Breach Investigations Report

    Beginning Ethical Hacking with Kali Linux, Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

    Security Management Systems, Harmening, James2014Total Pages 47-55

    Module 6
    Case study: third-party cyber risk assessment velocity increased 400%. Imarn Jaswal, Shay Colson & Brian TwardoskiKroll16 May 2019

    Deloitte Digital case study: secure cyber. Deloitte

    NIST cybersecurity framework : a pocket guide. Calder, Alan,Cambridgeshire :IT Governance Publishing[2018]Total Pages 1 online resource (78 pages)

    Uses and Benefits of the Framework

    Helping organizations to better understand and improve their management of cybersecurity risk

    Cyber security

    Australian Government Information Security Manual (ISM)

    The Protective Security Policy Framework

    CERT Australia

    The Royal Australian College of General Practitioners (RACGP)

    ISO/IEC 27001:2013

    COBIT® 5

    NIST SP 800-53 Revision 4

    ISA 62443-3-3:2013 (ISA 62443)

    Centre for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CSC)

    MQTT and the NIST Cybersecurity Framework Version 1.0. Note: Please read Appendix A: Example Implementation.

    The Cybersecurity Framework in action: an Intel use case

    Cybersecurity in digital transformation : scope and applications. Mo脤聢ller, Dietmar,1st ed. 2020.Cham, Switzerland :Springer[2020]Total Pages 1 online resource (XIX, 114 p. 22 illus.)

  • Learning & Teaching Activities
    Learning & Teaching Modes
    This course is 100% online. Within the parameters of weekly requirements, course activity is conducted as self-paced learning.
    Workload

    No information currently available.

    Learning Activities Summary
    Module 1
    Complete practice quizzes to check your understanding of key concepts
    Participate in discussions with other students around activities and findings
    Participate in a tutorial to engage with this week’s content
    Complete the Self-Diagnostic Report, which forms Part A of Assessment 1.

    Module 2
    Watch an introductory video on information risk assessment
    Consider thinking points and record your responses as new concepts are introduced to apply these to your own workplace or industry
    Complete a series of activities and discussions on risk assessment, engaging with and responding to your peers
    Participate in a Zoom session to carry out a risk assessment in a real-life setting.

    Module 3
    Watch a video detailing how government agencies believe China is behind ongoing cyber attacks on Australian institutions to give you a Perspective of cyber threats, and help you prepare for Assessment 1 and 2
    Read and analyse key reports in the cyber-security sector
    Research and analyse real-world cyber events and incidents
    Participate in discussions based on your reading and analysis of key issues
    Complete practice quizzes to check your understanding of key concepts.

    Module 4
    Participate in discussions based on your reading and analysis of key issues
    Complete practice quizzes to check your understanding of key concepts
    Research and analyse real-world cyber events and incidents.

    Module 5
    Participate in discussions based on your reading and analysis of key issues
    Complete practice quizzes to check your understanding of key concepts
    Analyse case studies and apply information assurance principles.

    Module 6
    Participate in activities and discussions based on your reading and analysis of key issues
    Complete practice quizzes to check your understanding of key concepts
    Analyse real-world cyber events and incidents.


  • Assessment

    The University's policy on Assessment for Coursework Programs is based on the following four principles:

    1. Assessment must encourage and reinforce learning.
    2. Assessment must enable robust and fair judgements about student performance.
    3. Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
    4. Assessment must maintain academic standards.

    Assessment Summary
    Assessment 1
    Part A - Self-Diagnostic Report
    Due: Due end of Week 1, Sunday 11.59 pm
    Percentage of grade: 5%

    Part B - Research Report
    Due: Due end of Week 3, Sunday 11.59 pm
    Percentage of grade: 15%

    Assessment 2: Investigation of Information Risk Management Frameworks
    Due: Due end of Week 4, Sunday 11.59 pm
    Percentage of grade: 40%

    Assessment 3: Develop an Information Security Framework
    Due: Due end of Week 6, Sunday 11.59 pm
    Percentage of grade: 40%
    Assessment Detail
    Each assessment task will have an 'Assessment task discussion board' to post your questions about the assessment. Your tutor will host a Zoom session specifically addressing the assessment in the week preceding the assessment due date. All assessments adhere to the 成人大片 Assessment for Coursework Programs PolicyLinks to an external site. When you submit an assessment via the online submission page, you declare that your submission is entirely your own work.

    Assessment 1
    Part A - Self-Diagnostic Report
    Your task is to write a 250- to 500-word report that addresses the following question: If security is important for a modern-day interconnected society, what risks, threats and controls are unique to cyber security?
    When answering the above question, you may choose to draw on the following thinking points:

    Do you agree/disagree with the proposition that security is important to an interconnected society? Why/why not?
    From your analysis, have you identified risks, threats and controls that you deem unique to cyber security? If so, what are they and why are they unique?

    Due: Due end of Week 1, Sunday 11.59 pm
    Percentage of grade: 5%

    Part B - Research Report
    Your task is to write an 800-word research report that addresses the following question: How do cyber-security threats and vulnerabilities affect information security risk assessment?

    When answering the above question, you may choose to draw on some or all of the following thinking points:
    Given the prevalence of cyber threats, what factors shape an individual’s choices when navigating interconnected technologies?
    What are the most common cyber threats?
    Who are common threat actors, and what are their motivations?
    What are the unique factors that influence senior management’s commitment to managing information security risk?

    Due: Due end of Week 3, Sunday 11.59 pm
    Percentage of grade: 15%

    Assessment 2: Investigation of Information Risk Management Frameworks
    You are required to research and critically analyse two or more risk management frameworks and submit a research report articulating your findings. Your task is to provide this client with a well-considered report and provide recommendations. Consider the following as you develop your report:
    Cyber risks are likely to affect an organisation
    Common strategies can organisations employ to manage such risks.
    Factors likely to influence the choice of risk management frameworks?
    Similarities and differences among risk management frameworks
    Strengths and weaknesses of each framework? For example, you may consider the business type or domain, which framework is most/least suitable to a particular environment, etc.

    Due: Due end of Week 4, Sunday 11.59 pm
    Percentage of grade: 40%

    Assessment 3: Develop an Information Security Framework
    Based on your knowledge of cyber threats, risks and controls, and risk assessment (Assessment 1), the analysis of risk management frameworks (Assessment 2) and your knowledge of cyber-security frameworks, you are to develop a cyber-security risk management program for one of Australimatrix’s clients. This should provide the basis for an organisation-wide cyber-security awareness strategy
    that:
    Has the least impact to the business
    Utilises fewer resources
    Aligns with industry standards
    Provides a quantitative/qualitative view of risk
    Can be standardised
    Integrates existing tools and capabilities
    Provides specific and actionable recommendations.

    Due: Due end of Week 6, Sunday 11.59 pm
    Percentage of grade: 40%
    Submission

    No information currently available.

    Course Grading

    Grades for your performance in this course will be awarded in accordance with the following scheme:

    M10 (Coursework Mark Scheme)
    Grade Mark Description
    FNS   Fail No Submission
    F 1-49 Fail
    P 50-64 Pass
    C 65-74 Credit
    D 75-84 Distinction
    HD 85-100 High Distinction
    CN   Continuing
    NFE   No Formal Examination
    RP   Result Pending

    Further details of the grades/results can be obtained from Examinations.

    Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.

    Final results for this course will be made available through .

  • Student Feedback

    The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.

    SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.

  • Student Support

    Counselling for Fully Online Postgraduate Students

    Fully online students can access counselling services here:

    Phone: 1800 512 155 (24/7) 

    SMS service: 0439 449 876 (24/7) 

    Email: info@assureprograms.com.au

    Go to the  to learn more, or speak to your Student Success Advisor (SSA) on 1300 296 648 (Monday to Thursday, 8.30am–5pm ACST/ACDT, Friday, 8.30am–4.30pm ACST/ACDT)

  • Policies & Guidelines
  • Fraud Awareness

    Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student鈥檚 disciplinary procedures.

The 成人大片 is committed to regular reviews of the courses and programs it offers to students. The 成人大片 therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.