IFQ723 Information Security Management Practice
To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.
Unit code: | IFQ723 |
---|---|
Equivalent(s): | IFN723, IFZ723 |
Credit points: | 12 |
Timetable | Details in HiQ, if available |
Availabilities |
|
CSP student contribution | $1,118 |
Domestic tuition unit fee | $3,528 |
Unit Outline: Session 1 2024, QUT Online, Online
Unit code: | IFQ723 |
---|---|
Credit points: | 12 |
Equivalent: | IFN723, IFZ723 |
Assumed Knowledge: | There is no assumed knowledge for this unit. |
Overview
This unit builds upon the concepts introduced in Cyber Security Fundamentals (IFQ722), exploring information security management in a business setting. In this unit, you will learn how to manage the use of information assets securely, supporting the goals and objectives of organizations through effective information security governance, risk management, and information security controls.
Our underlying theme is that information security in the modern organization is a management problem and not one that can be solved by technology alone. It is a problem that has consequences for which management is accountable. We explore relevant, real-world examples of information security vulnerabilities, threats and attacks and consider suitable controls to manage them. The unit provides essential knowledge and practices that cyber security professionals should understand to protect themselves and the organizations they work for and to advance their careers.
Learning Outcomes
On successful completion of this unit you will be able to:
- Analyse the impact of people, process and technology on information security at both individual and organisational level. (SALO1 and CLO1)
- Demonstrate an understanding of ethical and privacy considerations in an organisational context. (SALO1 and CLO1)
- Apply appropriate information security management frameworks for the organisational context. (SALO2 and CLO2)
- Conduct an information security risk assessment for an organisation. (SALO3 and CLO3, SALO6 and CLO6)
- Recommend and justify appropriate risk mitigation options. (SALO4 and CLO4,SALO6 and CLO6)
Content
This unit will explore aspects of organizational information security management. Topics will include:
- Security management models and frameworks
- Security governance and compliance
- Ethics in information security
- Risk management - assessing and treating risk
- Developing an organisational security program
- Planning for contingencies (incident management, business continuity, disaster recovery, crisis management)
- Security management practices (security performance measurement, benchmarking and baselining).
Learning Approaches
This unit is designed for asynchronous online study, with activities including numerous short videos, podcasts and exercises carefully chosen to reinforce key skills and concepts. Students will have the opportunity to participate in online discussions with peers and teaching staff.
Feedback on Learning and Assessment
You will receive automated feedback on some exercises and assessments, and written feedback on assignment task submissions. You may seek additional feedback from the teaching staff in the unit.
Assessment
Overview
The summative assessment items in this unit will allow you to demonstrate your ability to reason critically about security risks and their mitigation, and present findings in a professional manner (written reports) and confirm your understanding of specific issues relating to information security in organizations.
Unit Grading Scheme
S (Satisfactory) / U (Unsatisfactory)
Assessment Tasks
Assessment: Risk Management Report
Perform a risk assessment for a client organisation leading to risk management plan to address risks identified.
This is an assignment for the purposes of an extension.
Assessment: Disaster Recovery Task
This task will involve developing a disaster recovery response to a provided scenario.
This is an assignment for the purposes of an extension.
Academic Integrity
Students are expected to engage in learning and assessment at QUT with honesty, transparency and fairness. Maintaining academic integrity means upholding these principles and demonstrating valuable professional capabilities based on ethical foundations.
Failure to maintain academic integrity can take many forms. It includes cheating in examinations, plagiarism, self-plagiarism, collusion, and submitting an assessment item completed by another person (e.g. contract cheating). It can also include providing your assessment to another entity, such as to a person or website.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Further details of QUT’s approach to academic integrity are outlined in the Academic integrity policy and the Student Code of Conduct. Breaching QUT’s Academic integrity policy is regarded as student misconduct and can lead to the imposition of penalties ranging from a grade reduction to exclusion from QUT.
Resources
This unit is self-contained but the text Management of Information Security may be useful.
Resource Materials
Reference book(s)
Management Of Information Security, 6th edition,
Michael E. Whitman, Herbert J. Mattord
Publisher Cengage Learning
Place US
Year 2018
Risk Assessment Statement
No out of the ordinary risks are associated with this unit.
Course Learning Outcomes
This unit is designed to support your development of the following course/study area learning outcomes.IQ70 Graduate Certificate in Information Technology Practice (Study Area A)
- Demonstrate advanced, role-specific Information Technology (IT) discipline knowledge
Relates to: ULO1, ULO2 - Identify and employ appropriate industry relevant methods and approaches to address IT problems
Relates to: ULO3 - Apply design, problem solving and critical thinking skills to develop appropriate IT solutions
Relates to: ULO4 - Solve complex IT problems in both self-directed and collaborative contexts
Relates to: ULO5 - Demonstrate professional and career-oriented aptitude in the field of Information Technology
Relates to: ULO4, ULO5
Unit Outline: Session 3 2024, QUT Online, Online
Unit code: | IFQ723 |
---|---|
Credit points: | 12 |
Equivalent: | IFN723, IFZ723 |
Assumed Knowledge: | There is no assumed knowledge for this unit. |
Overview
This unit builds upon the concepts introduced in Cyber Security Fundamentals (IFQ722), exploring information security management in a business setting. In this unit, you will learn how to manage the use of information assets securely, supporting the goals and objectives of organizations through effective information security governance, risk management, and information security controls.
Our underlying theme is that information security in the modern organization is a management problem and not one that can be solved by technology alone. It is a problem that has consequences for which management is accountable. We explore relevant, real-world examples of information security vulnerabilities, threats and attacks and consider suitable controls to manage them. The unit provides essential knowledge and practices that cyber security professionals should understand to protect themselves and the organizations they work for and to advance their careers.
Learning Outcomes
On successful completion of this unit you will be able to:
- Analyse the impact of people, process and technology on information security at both individual and organisational level. (SALO1 and CLO1)
- Demonstrate an understanding of ethical and privacy considerations in an organisational context. (SALO1 and CLO1)
- Apply appropriate information security management frameworks for the organisational context. (SALO2 and CLO2)
- Conduct an information security risk assessment for an organisation. (SALO3 and CLO3, SALO6 and CLO6)
- Recommend and justify appropriate risk mitigation options. (SALO4 and CLO4,SALO6 and CLO6)
Content
This unit will explore aspects of organizational information security management. Topics will include:
- Security management models and frameworks
- Security governance and compliance
- Ethics in information security
- Risk management - assessing and treating risk
- Developing an organisational security program
- Planning for contingencies (incident management, business continuity, disaster recovery, crisis management)
- Security management practices (security performance measurement, benchmarking and baselining).
Learning Approaches
This unit is designed for asynchronous online study, with activities including numerous short videos, podcasts and exercises carefully chosen to reinforce key skills and concepts. Students will have the opportunity to participate in online discussions with peers and teaching staff.
Feedback on Learning and Assessment
You will receive automated feedback on some exercises and assessments, and written feedback on assignment task submissions. You may seek additional feedback from the teaching staff in the unit.
Assessment
Overview
The summative assessment items in this unit will allow you to demonstrate your ability to reason critically about security risks and their mitigation, and present findings in a professional manner (written reports) and confirm your understanding of specific issues relating to information security in organizations.
In all of the Bootcamp units, including this one, we use a satisfactory/unsatisfactory grading schema. This approach has been taken to differentiate the assessment experience from more traditional methods and acknowledge the skills-based approach to learning, as well as acknowledge the steep learning trajectory that students take in this course. To pass the unit, it is necessary to achieve a satisfactory grade for all assignments. Students will be provided with the opportunity to re-submit Assignment 1 if they receive an unsatisfactory grade. This resubmission will be due 14 days from when the unsatisfactory grade is received.
Unit Grading Scheme
S (Satisfactory) / U (Unsatisfactory)
Assessment Tasks
Assessment: Risk Management Report
Perform a risk assessment for a client organisation leading to risk management plan to address risks identified.
The grading schema used in QUT bootcamps is satisfactory/unsatisfactory. Students are provided with the opportunity to re-submit Assessment 1 if they receive an unsatisfactory grade as explained in the special conditions of assessment in each unit learning site.
This is an assignment for the purposes of an extension.
Threshold Assessment:
In all of the Bootcamp units, including this one, we use a satisfactory/unsatisfactory grading schema. This approach has been taken to differentiate the assessment experience from more traditional methods and acknowledge the skills-based approach to learning, as well as acknowledge the steep learning trajectory that students take in this course.
Students will be provided with the opportunity to re-submit Assignment 1 if they receive an unsatisfactory grade. This resubmission will be due 14 days from when the unsatisfactory grade is received.
Assessment: Disaster Recovery Task
This task will involve developing a disaster recovery response to a provided scenario.
The grading schema used in QUT bootcamps is satisfactory/unsatisfactory.
This is an assignment for the purposes of an extension.
Threshold Assessment:
In all of the Bootcamp units, including this one, we use a satisfactory/unsatisfactory grading schema. This approach has been taken to differentiate the assessment experience from more traditional methods and acknowledge the skills-based approach to learning, as well as acknowledge the steep learning trajectory that students take in this course.
To pass the unit, it is necessary to achieve a satisfactory grade for all assignments. Students will be provided with the opportunity to re-submit Assignment 1 if they receive an unsatisfactory grade. This resubmission will be due 14 days from when the unsatisfactory grade is received.
Academic Integrity
Students are expected to engage in learning and assessment at QUT with honesty, transparency and fairness. Maintaining academic integrity means upholding these principles and demonstrating valuable professional capabilities based on ethical foundations.
Failure to maintain academic integrity can take many forms. It includes cheating in examinations, plagiarism, self-plagiarism, collusion, and submitting an assessment item completed by another person (e.g. contract cheating). It can also include providing your assessment to another entity, such as to a person or website.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Further details of QUT’s approach to academic integrity are outlined in the Academic integrity policy and the Student Code of Conduct. Breaching QUT’s Academic integrity policy is regarded as student misconduct and can lead to the imposition of penalties ranging from a grade reduction to exclusion from QUT.
Resources
This unit is self-contained but the text Management of Information Security may be useful.
Resource Materials
Reference book(s)
Management Of Information Security, 6th edition,
Michael E. Whitman, Herbert J. Mattord
Publisher Cengage Learning
Place US
Year 2018
Risk Assessment Statement
No out of the ordinary risks are associated with this unit.
Course Learning Outcomes
This unit is designed to support your development of the following course/study area learning outcomes.IQ70 Graduate Certificate in Information Technology Practice (Study Area A)
- Demonstrate advanced, role-specific Information Technology (IT) discipline knowledge
Relates to: ULO1, ULO2 - Identify and employ appropriate industry relevant methods and approaches to address IT problems
Relates to: ULO3 - Apply design, problem solving and critical thinking skills to develop appropriate IT solutions
Relates to: ULO4 - Solve complex IT problems in both self-directed and collaborative contexts
Relates to: ULO5 - Demonstrate professional and career-oriented aptitude in the field of Information Technology
Relates to: ULO4, ULO5