COMMGMT 7025OL - Information Risks, Threats & Controls (M)
Online - Online Teaching 1 - 2024
-
General Course Information
Course Details
Course Code COMMGMT 7025OL Course Information Risks, Threats & Controls (M) Coordinating Unit Management Term Online Teaching 1 Level Postgraduate Coursework Location/s Online Units 3 Available for Study Abroad and Exchange N Prerequisites COMMGMT 7023 or COMMGMT 7023OL and (COMP SCI 7210OL or POLIS 7024OL) Incompatible COMMGMT 2507, COMMGMT 7025 Restrictions Restricted to students in Grad. Cert. in Cyber Security (Online), Grad Dip. in Cyber Security (Online) or Master of Cyber Security (Online) only Assessment Quiz, Projects and reflective journal Course Staff
Course Coordinator: Siyakha Mthunzi
Course Timetable
The full timetable of all activities for this course can be accessed from .
-
Learning Outcomes
Course Learning Outcomes
CLO1 Effectively communicate the differences between risk, threat and vulnerabilities, how they interrelate, and the principal means of recognising them. CLO2 Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes. CLO3 Demonstrate different methods of conducting risk analyses and impact assessments. CLO4 Detail the core requirements of an Information Risk Assurace process for an SME and for a corporation or large business. CLO5 Develop an Information Security Framework for a specified business.
University Graduate Attributes
This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:
University Graduate Attribute Course Learning Outcome(s) Attribute 1: Deep discipline knowledge and intellectual breadth
Graduates have comprehensive knowledge and understanding of their subject area, the ability to engage with different traditions of thought, and the ability to apply their knowledge in practice including in multi-disciplinary or multi-professional contexts.
CLO 1, 2, 3, 4 Attribute 2: Creative and critical thinking, and problem solving
Graduates are effective problems-solvers, able to apply critical, creative and evidence-based thinking to conceive innovative responses to future challenges.
CLO 5 Attribute 3: Teamwork and communication skills
Graduates convey ideas and information effectively to a range of audiences for a variety of purposes and contribute in a positive and collaborative manner to achieving common goals.
CLO 3 Attribute 4: Professionalism and leadership readiness
Graduates engage in professional behaviour and have the potential to be entrepreneurial and take leadership roles in their chosen occupations or careers and communities.
CLO 1, 2, 3, 4, 5 Attribute 5: Intercultural and ethical competency
Graduates are responsible and effective global citizens whose personal values and practices are consistent with their roles as responsible members of society.
CLO 3, 4 -
Learning Resources
Required Resources
Stallings, W 2019, Effective cybersecurity: a guide to using best practices and standards (Links to an external site.), Addison-Wesley Professional.
Santos, O & Greene, S 2018, Developing cybersecurity programs and policies (Links to an external site.), Pearson.
Online Sections
Developing cybersecurity programs and policies
BOOK CHAPTER Understanding cybersecurity policy and governance. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]2 - 37
Developing cybersecurity programs and policies
BOOK CHAPTER [Extracted from] Cybersecurity framework. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]72 - 102
Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER Best practices, standards, and a plan of action. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]3 - 28
Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Extracted from] Security governance. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]50 - 56
Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Exctacted from] Information risk assessment. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]75 - 80
Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Extracted from] Threat and incident management. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]558 - 597
Complete Check holdings
Securing an IT Organization through Governance, Risk Management, and Audit
BOOK CHAPTER Cybersecurity Risk Management. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications 20163 - 29
Beginning Ethical Hacking with Kali Linux
BOOK CHAPTER Information Assurance Model. Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290
Recommended Resources
Module 1
At the nexus of cybersecurity and public policy : some basic concepts and issues. Clark, David,; Berson, Thomas,; Lin, Herbert S.,Washington, District of Columbia :The National Academies Press2014.Total Pages 1 online resource (149 p.)
Module 3
Cybersecurity - Attack and Defense Strategies, Diogenes, Yuri,2018.
Module 4
Cybersecurity operations handbook [electronic resource]. Rittinghouse, John W.Hancock, Bill,Amsterdam ;; Boston :Elsevier Digital Pressc2003.Total Pages 1 online resource (1331 p.)
Module 6
Cybersecurity in digital transformation : scope and applications. MoÌ聢ller, Dietmar,1st ed. 2020.Cham, SwitzerlandOnline Learning
Module 1
North Korean hackers target coronavirus vaccine developers. CNN Nine News28 November, 2020
'State actor' makes cyber-attack on Australian political parties. Michelle Grattan The Conversation18 February 2019
National Vulnerability Database. National Institute of Standards and Technology
Threat update: COVID-19 malicious cyber activity. Australian Cyber Security Centre Australian Signals Directorate20 April 2020
Common Vulnerabilities and Exposures
Module 2
ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security Centre Australian Signals Directorate2020
Australian community attitudes to privacy survey 2017. Office of the Australian Information CommissionerAustralian Government14 May 2017
Module 3
ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security CentreAustralian Signals Directorate, 2020
Diagnosing the healthcare sector's cybersecurity ailments in 2020
The cyber threat impact of COVID-19 to global business. IntSights, IntSights Defend Forward, 2020
An exercise in cyber-crime incident response.
Cybersecurity - Attack and Defense Strategies. Diogenes, Yuri,Ozkaya, Erdal,1st edition, Birmingham Packt Publishing, 2018.
Module 4
Securing an IT Organization through Governance, Risk Management, and Audit. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications20163 - 29
Australian Government Information Security Manual. Australian Cyber Security CentreAustralian Signals DirectorateFebruary 2021
ACSC Annual Cyber Threat Report July 2019 to June 2020.
ISO 31000:2018(en) Risk management — Guidelines
Framework for Improving Critical Infrastructure Cybersecurity
Cybersecurity Risk Management Framework (RMF)
Case study: Making future defence bases safer and smarter. Cyber Security Cooperative Research Centre
Complete
Case study: Threat hunting in critical infrastructure. Cyber Security Cooperative Research Centre
Australian agriculture start-ups making their mark in data science. Department of Industry, Science, Energy and ResourcesDecember 2018
Module 5
A Model of Information Assurance Benefits. Ezingeard, Jean-Noël ; McFadzean, Elspeth ; Birchall, DavidInformation systems management22(2)2005-03-0120 - 29
Fundamental Concepts of IT Security Assurance
Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel. Dittmer, J
Ransomware Case Studies & Forensics Analysis
An Introduction to Information Security. Note: NIST Special Publication 800-12Revision 1
ISO/IEC TR 15443-1:2012(en)
Security policy framework: protecting government assets
Verizon 2020 Data Breach Investigations Report
Beginning Ethical Hacking with Kali Linux, Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290
Security Management Systems, Harmening, James2014Total Pages 47-55
Module 6
Case study: third-party cyber risk assessment velocity increased 400%. Imarn Jaswal, Shay Colson & Brian TwardoskiKroll16 May 2019
Deloitte Digital case study: secure cyber. Deloitte
NIST cybersecurity framework : a pocket guide. Calder, Alan,Cambridgeshire :IT Governance Publishing[2018]Total Pages 1 online resource (78 pages)
Uses and Benefits of the Framework
Helping organizations to better understand and improve their management of cybersecurity risk
Cyber security
Australian Government Information Security Manual (ISM)
The Protective Security Policy Framework
CERT Australia
The Royal Australian College of General Practitioners (RACGP)
ISO/IEC 27001:2013
COBIT® 5
NIST SP 800-53 Revision 4
ISA 62443-3-3:2013 (ISA 62443)
Centre for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CSC)
MQTT and the NIST Cybersecurity Framework Version 1.0. Note: Please read Appendix A: Example Implementation.
The Cybersecurity Framework in action: an Intel use case
Cybersecurity in digital transformation : scope and applications. Mo脤聢ller, Dietmar,1st ed. 2020.Cham, Switzerland :Springer[2020]Total Pages 1 online resource (XIX, 114 p. 22 illus.)
-
Learning & Teaching Activities
Learning & Teaching Modes
This course is 100% online. Within the parameters of weekly requirements, course activity is conducted as self-paced learning.Workload
No information currently available.
Learning Activities Summary
Module 1
Complete practice quizzes to check your understanding of key concepts
Participate in discussions with other students around activities and findings
Participate in a tutorial to engage with this week’s content
Complete the Self-Diagnostic Report, which forms Part A of Assessment 1.
Module 2
Watch an introductory video on information risk assessment
Consider thinking points and record your responses as new concepts are introduced to apply these to your own workplace or industry
Complete a series of activities and discussions on risk assessment, engaging with and responding to your peers
Participate in a Zoom session to carry out a risk assessment in a real-life setting.
Module 3
Watch a video detailing how government agencies believe China is behind ongoing cyber attacks on Australian institutions to give you a Perspective of cyber threats, and help you prepare for Assessment 1 and 2
Read and analyse key reports in the cyber-security sector
Research and analyse real-world cyber events and incidents
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts.
Module 4
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Research and analyse real-world cyber events and incidents.
Module 5
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Analyse case studies and apply information assurance principles.
Module 6
Participate in activities and discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Analyse real-world cyber events and incidents.
-
Assessment
The University's policy on Assessment for Coursework Programs is based on the following four principles:
- Assessment must encourage and reinforce learning.
- Assessment must enable robust and fair judgements about student performance.
- Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
- Assessment must maintain academic standards.
Assessment Summary
Assessment 1
Part A - Self-Diagnostic Report
Due: Due end of Week 1, Sunday 11.59 pm
Percentage of grade: 5%
Part B - Research Report
Due: Due end of Week 3, Sunday 11.59 pm
Percentage of grade: 15%
Assessment 2: Investigation of Information Risk Management Frameworks
Due: Due end of Week 4, Sunday 11.59 pm
Percentage of grade: 40%
Assessment 3: Develop an Information Security Framework
Due: Due end of Week 6, Sunday 11.59 pm
Percentage of grade: 40%Assessment Detail
Each assessment task will have an 'Assessment task discussion board' to post your questions about the assessment. Your tutor will host a Zoom session specifically addressing the assessment in the week preceding the assessment due date. All assessments adhere to the 成人大片 Assessment for Coursework Programs PolicyLinks to an external site. When you submit an assessment via the online submission page, you declare that your submission is entirely your own work.
Assessment 1
Part A - Self-Diagnostic Report
Your task is to write a 250- to 500-word report that addresses the following question: If security is important for a modern-day interconnected society, what risks, threats and controls are unique to cyber security?
When answering the above question, you may choose to draw on the following thinking points:
Do you agree/disagree with the proposition that security is important to an interconnected society? Why/why not?
From your analysis, have you identified risks, threats and controls that you deem unique to cyber security? If so, what are they and why are they unique?
Due: Due end of Week 1, Sunday 11.59 pm
Percentage of grade: 5%
Part B - Research Report
Your task is to write an 800-word research report that addresses the following question: How do cyber-security threats and vulnerabilities affect information security risk assessment?
When answering the above question, you may choose to draw on some or all of the following thinking points:
Given the prevalence of cyber threats, what factors shape an individual’s choices when navigating interconnected technologies?
What are the most common cyber threats?
Who are common threat actors, and what are their motivations?
What are the unique factors that influence senior management’s commitment to managing information security risk?
Due: Due end of Week 3, Sunday 11.59 pm
Percentage of grade: 15%
Assessment 2: Investigation of Information Risk Management Frameworks
You are required to research and critically analyse two or more risk management frameworks and submit a research report articulating your findings. Your task is to provide this client with a well-considered report and provide recommendations. Consider the following as you develop your report:
Cyber risks are likely to affect an organisation
Common strategies can organisations employ to manage such risks.
Factors likely to influence the choice of risk management frameworks?
Similarities and differences among risk management frameworks
Strengths and weaknesses of each framework? For example, you may consider the business type or domain, which framework is most/least suitable to a particular environment, etc.
Due: Due end of Week 4, Sunday 11.59 pm
Percentage of grade: 40%
Assessment 3: Develop an Information Security Framework
Based on your knowledge of cyber threats, risks and controls, and risk assessment (Assessment 1), the analysis of risk management frameworks (Assessment 2) and your knowledge of cyber-security frameworks, you are to develop a cyber-security risk management program for one of Australimatrix’s clients. This should provide the basis for an organisation-wide cyber-security awareness strategy
that:
Has the least impact to the business
Utilises fewer resources
Aligns with industry standards
Provides a quantitative/qualitative view of risk
Can be standardised
Integrates existing tools and capabilities
Provides specific and actionable recommendations.
Due: Due end of Week 6, Sunday 11.59 pm
Percentage of grade: 40%Submission
No information currently available.
Course Grading
Grades for your performance in this course will be awarded in accordance with the following scheme:
M10 (Coursework Mark Scheme) Grade Mark Description FNS Fail No Submission F 1-49 Fail P 50-64 Pass C 65-74 Credit D 75-84 Distinction HD 85-100 High Distinction CN Continuing NFE No Formal Examination RP Result Pending Further details of the grades/results can be obtained from Examinations.
Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.
Final results for this course will be made available through .
-
Student Feedback
The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.
SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.
-
Student Support
- Academic Integrity for Students
- Academic Support with Maths
- Academic Support with writing and study skills
- Careers Services
- Library Services for Students
- LinkedIn Learning
- Student Life Counselling Support - Personal counselling for issues affecting study
- Students with a Disability - Alternative academic arrangements
Counselling for Fully Online Postgraduate Students
Fully online students can access counselling services here:
Phone: 1800 512 155 (24/7)
SMS service: 0439 449 876 (24/7)
Email: info@assureprograms.com.au
Go to the to learn more, or speak to your Student Success Advisor (SSA) on 1300 296 648 (Monday to Thursday, 8.30am–5pm ACST/ACDT, Friday, 8.30am–4.30pm ACST/ACDT)
-
Policies & Guidelines
This section contains links to relevant assessment-related policies and guidelines - all university policies.
- Academic Credit Arrangements Policy
- Academic Integrity Policy
- Academic Progress by Coursework Students Policy
- Assessment for Coursework Programs Policy
- Copyright Compliance Policy
- Coursework Academic Programs Policy
- Intellectual Property Policy
- IT Acceptable Use and Security Policy
- Modified Arrangements for Coursework Assessment Policy
- Reasonable Adjustments to Learning, Teaching & Assessment for Students with a Disability Policy
- Student Experience of Learning and Teaching Policy
- Student Grievance Resolution Process
-
Fraud Awareness
Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student鈥檚 disciplinary procedures.
The 成人大片 is committed to regular reviews of the courses and programs it offers to students. The 成人大片 therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.