IFB240 Cyber Security


To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.


Unit Outline: Semester 1 2024, Gardens Point, Internal

Unit code:IFB240
Credit points:12
Equivalent:ITD240
Equivalent:CAB240
Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

Cybersecurity breaches, from database hacking to malware campaigns, are increasing. The interconnectedness of information systems means the actions of individuals impact many others. This unit is important in developing an understanding of the challenges involved in protecting information assets, introducing fundamental information security concepts. Security goals including confidentiality, integrity, availability, authentication and non-repudiation are defined. Threats to information and vulnerabilities that could be exploited are identified. Technical and non-technical measures to provide security for information are discussed in areas including access control, cryptography, and network communications. Security management standards and guidelines on best practice implementation are reviewed. You can take this unit as a stand-alone course to raise your information security awareness, or as a pathway into information security units, including network security and cryptography. 

Learning Outcomes

On successful completion of this unit you will be able to:

  1. Define major information security goals and identify those which relate to the strategic goals of an organisation.
  2. Conduct a risk analysis of the security of information assets in a range of practical situations and determine the ethical and information security implications.
  3. Apply appropriate industry standard methods to IT Systems for addressing information security risks.
  4. Collaborate with others in a team environment to write a risk report for a client.
  5. Explain the information security management standards that organisations need to follow to safeguard stakeholder privacy and other legal rights.

Content

This unit introduces fundamental information security concepts (aspects of the protection of information assets) and explains why you must understand information security principles and how they can be applied. Information security goals including confidentiality, integrity, availability, authentication and non-repudiation are defined. Risk factors impacting on the security of information assets are identified and discussed. Methods of protecting information are outlined, including both technical and human-centered approaches, in areas such as access control, cryptography (symmetric and asymmetric) and network security. Security management standards are also reviewed. Discussions of information security issues emphasize the high standard of ethical conduct expected of those working in areas which affect information security.

We will discuss real world cases of threats, vulnerabilities and security incidents, and examine the consequences and impact from the perspectives of multiple stakeholders. We consider the role of people, processes and technology - vulnerabilities in any of these aspects can be exploited to cause harm. Security is a team sport, and increased diversity in a team provides the opportunity to examine a situation from multiple perspectives, enabling a stronger organisational response.

Learning Approaches

This unit is available for you to study in either on-campus or online mode. You should expect to spend, on average, 10 hours per week involved in preparing for and attending scheduled classes, preparing and completing assessment tasks as well as in independent study to consolidate your learning.

You are responsible for your academic progression through this unit. Unit staff will provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all of the learning activities offered in this unit.

The content of the unit is delivered through weekly pre-recorded lectures and activities, and tutorial sessions, and through the QUT Learning Management System. During the weekly sessions, theory on various topics in information security will be presented and examples showing how this theory can be applied will be given. Tutorial sessions will focus on promoting your understanding of the presented material. Questions related to the presented material will be provided; your answers to these questions will direct your focus and aid your preparation for unit assessment items.

Your participation in the learning activities provides opportunities for you to self-assess and to obtain feedback from unit staff and your peers, further developing your interpersonal and oral communication skills.

You must be able to manage your time and prioritise activities in order to complete the required unit activities. You are expected to complete all pre-tutorial activities prior to attending your tutorial to maximise your learning.

The unit coordinator will use email and the unit's QUT Learning Management System to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Learning Management System regularly. 

Feedback on Learning and Assessment

You can obtain feedback on your progress throughout the unit through the following mechanisms:

• self-assess your responses to provided question sets and presented material
• peer-assessment of your tutorial preparation
• ask the teaching staff for advice and assistance during tutorial sessions
• review your assessment items during scheduled review sessions
• have a private consultation with teaching staff.

Feedback will be received on assessment tasks prior to the submission of the next task.

Assessment

Overview

This unit introduces foundational concepts and principles, so its assessment is largely based around the knowledge acquired throughout the semester.

You should be able to work both independently and as a productive and cooperative team member. Independent work is required to complete some assessment items. For these items, although you may discuss the assessment topics with others, the work you submit for assessment must be your own individual effort. It is your responsibility to ensure that your work is completed in a timely manner. For group assessment tasks it is the responsibility of all group members to ensure the work is completed. 

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Quiz/Test

Multiple Choice Quiz

Weight: 20
Length: 1 Hour
Individual/Group: Individual
Due (indicative): Week 4
Related Unit learning outcomes: 1, 2
Related Standards: EASTG1CMP: 1, 1.2, 1.3, 3, 3.1, 3.4

Assessment: Risk Report

Information Security Assignment

A major assignment comprising a series of practical tasks each requiring you to identify security vulnerabilities, select and apply appropriate control measures to mitigate the vulnerabilities, and demonstrate the use of industry standard tools applicable in this design.

This assignment is eligible for the 48-hour late submission period and assignment extensions.

Weight: 40
Individual/Group: Group
Due (indicative): Part A - Project Scope document - Week 6 Part B - Risk Report and Self and Peer evaluation Week 12
Related Unit learning outcomes: 1, 2, 3, 4, 5
Related Standards: EASTG1CMP: 1, 1.3, 1.5, 1.6, 2, 2.1, 2.3, 3, 3.1, 3.2, 3.4, 3.6

Assessment: Examination (written)

Individual Final Written Exam

Weight: 40
Individual/Group: Individual
Due (indicative): End of Semester
Related Unit learning outcomes: 1, 2, 3, 4
Related Standards: EASTG1CMP: 1, 1.2, 1.3, 1.5, 1.6, 3, 3.1, 3.4

Assessment: Online Ethics Module Part 2

In this self-contained online Ethics module (Part 2) you will learn how to identify challenges when faced with ethical decision-making and how to apply the principles of ethical behaviour. You will then need to pass an online quiz to test your knowledge of the topics covered. You must pass the quiz in order to pass this unit, however, you may attempt the quiz an unlimited number of times until you pass.

This Ethics Module Part 2 has as a prerequisite Ethics Module Part 1 which you will normally have completed as part of an earlier unit IFB105. However, if you haven't already completed Module Part 1 then you will need to complete this first before completing Part 2.

Threshold Assessment:

As an IT professional you will be legally bound by a code of ethics and professional conduct. Knowledge of these codes is therefore essential for all IT graduates. You must pass this Online Ethics Module in order to pass this unit, i.e. regardless of how well you do in the other assessment items, you cannot pass this unit if you fail this assessment item. You may however attempt this assessment items an unlimited number of times until you pass

Weight: 0
Individual/Group: Individual
Due (indicative): Week 13 Sunday
Unlimited attempts to pass by the Sunday of Week 13
Related Unit learning outcomes: 2
Related Standards: EASTG1CMP: 1, 1.6, 3, 3.1

Academic Integrity

Students are expected to engage in learning and assessment at QUT with honesty, transparency and fairness. Maintaining academic integrity means upholding these principles and demonstrating valuable professional capabilities based on ethical foundations.

Failure to maintain academic integrity can take many forms. It includes cheating in examinations, plagiarism, self-plagiarism, collusion, and submitting an assessment item completed by another person (e.g. contract cheating). It can also include providing your assessment to another entity, such as to a person or website.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Further details of QUT’s approach to academic integrity are outlined in the Academic integrity policy and the Student Code of Conduct. Breaching QUT’s Academic integrity policy is regarded as student misconduct and can lead to the imposition of penalties ranging from a grade reduction to exclusion from QUT.

Resources

No extraordinary charges or costs are associated with the requirements for this unit.
Required text There is no required text for this unit.

No textbook is necessary. There are many useful online sources of material on information security. However, if you want a hardcopy reference book, consider purchasing either (not both) of the following recommended texts. (Browse in the library or the bookshop to see which writing style you prefer.)

Resource Materials

Recommended text(s)

1. Matt Bishop. Introduction to Computer Security. Addison Wesley, 2008.

2. Michael Whitman and Herbert Mattord. Principles of Information Security. Thomson, 2012.

Risk Assessment Statement

There are no unusual health or safety risks associated with this unit.

Standards/Competencies

This unit is designed to support your development of the following standards\competencies.

Engineers Australia Stage 1 Competency Standard for Professional Engineer

1: Knowledge and Skill Base


  1. Relates to: Quiz/Test, Examination (written)

  2. Relates to: Quiz/Test, Risk Report, Examination (written)

  3. Relates to: Risk Report, Examination (written)

  4. Relates to: Risk Report, Examination (written), Online Ethics Module Part 2

2: Engineering Application Ability


  1. Relates to: Risk Report

  2. Relates to: Risk Report

3: Professional and Personal Attributes


  1. Relates to: Quiz/Test, Risk Report, Examination (written), Online Ethics Module Part 2

  2. Relates to: Risk Report

  3. Relates to: Quiz/Test, Risk Report, Examination (written)

  4. Relates to: Risk Report

Course Learning Outcomes

This unit is designed to support your development of the following course/study area learning outcomes.

EN01 Bachelor of Engineering (Honours)

  1. Make decisions ethically within the social, cultural, and organisational contexts of professional engineering practice.
    Relates to: Quiz/Test, Risk Report, Examination (written)
  2. Engage stakeholders professionally and communicate the outcomes of your work effectively to expert and non-expert audiences using appropriate modes.
    Relates to: Risk Report
  3. Display leadership, creativity, and initiative in both self-directed and collaborative contexts of professional engineering practice.
    Relates to: Risk Report
  4. Manage projects to solve complex engineering problems, using appropriate information, engineering methods, and technologies.
    Relates to: Risk Report, Examination (written)
  5. Engage with and apply regulatory requirements relating to safety, risk management, and sustainability in professional engineering practice.
    Relates to: Quiz/Test, Risk Report, Examination (written)

EV01 Bachelor of Engineering (Honours)

  1. Make decisions ethically within the social, cultural, and organisational contexts of professional engineering practice.
    Relates to: Quiz/Test, Risk Report, Examination (written)
  2. Engage stakeholders professionally and communicate the outcomes of your work effectively to expert and non-expert audiences using appropriate modes.
    Relates to: Risk Report
  3. Display leadership, creativity, and initiative in both self-directed and collaborative contexts of professional engineering practice.
    Relates to: Risk Report
  4. Manage projects to solve complex engineering problems, using appropriate information, engineering methods, and technologies.
    Relates to: Risk Report, Examination (written)
  5. Engage with and apply regulatory requirements relating to safety, risk management, and sustainability in professional engineering practice.
    Relates to: Quiz/Test, Risk Report, Examination (written)

IN01 Bachelor of Information Technology

  1. Demonstrate well-developed IT discipline knowledge
    Relates to: Quiz/Test, Risk Report, Examination (written)
  2. Employ appropriate IT Methods
    Relates to: Risk Report, Examination (written)
  3. Work independently and within effective teams
    Relates to: Risk Report
  4. Purposefully appraise personal values, attitudes and performance in your continuing professional development
    Relates to: Quiz/Test, Risk Report, Examination (written)