INF30020 Unit Outline 2 2019 v1 PDF

Preview

Summary

Download INF30020 Unit Outline 2 2019 v1 PDF

Description

Faculty of Business and Law

Unit Outline INF30020 Information Systems Risk and Security Semester 2, 2019

Please read this Unit Outline carefully. It includes:

PART A

Unit summary

PART B

Your Unit in more detail

PART C

Further information

PART A:

Unit Summary

Aims This unit of study introduces students to information risk and security management in contemporary enterprise. The unit engages students with the knowledge and techniques applied by organisations to manage risks and provide for information security. This includes the implementation of appropriate information management plans, assurance processes, standards and frameworks. Students will learn about the legal, professional and ethical responsibilities of information risk and security management through real-world case based scenarios and become familiar with approaches to information governance and assurance including the automated tools and approaches that are used by organisations.

INF30020_S2_2019

Page 2 of 9

Unit Learning Outcomes (ULO) After successfully completing this unit, you will be able to: 1 Describe the importance of information security and risks management in achieving organisational goals and objectives 2 Assess and apply information systems risk and security management standards and frameworks to real-word case based scenarios 3 Analyse major theories, concepts and methodologies for managing risks and assuring the integrity and security of information assets 4 Evaluate appropriate governance, assurance and internal control techniques for managing information risks and security 5 Communicate effectively as a professional and function as an effective leader or member of a diverse team.

Key Generic Skills      

teamwork skills analysis skills problem solving skills communication skills ability to tackle unfamiliar problems ability to work independently

Content         

An introduction to Information Systems risk and security Risk management, assessment and mitigation Information security management, governance and assurance The role of policies and standards in IS risk and security management Contingency planning, including incident management, business continuity and disaster recovery planning Fraud and forensic auditing: Fraud, cybercrime, forensic auditing and continuous monitoring Compliance frameworks and legal, professional and ethical issues in IS security and risk management Major Theories, concepts and methodologies for managing information systems and assuring the integrity and security of information assets The socio-technological dimensions (human and organisational factors) in IS security and risk management

INF30020_S2_2019

Page 3 of 9

PART B:

Your Unit in more detail

Unit Improvements Recent improvements include: • • •

Improved weighting for assignments, Reduction in total number of assessments, Extended focus on business continuity management.

Unit Teaching Staff Name

Role

Room

Phone

Email

Sharmini Thurairasa

Convenor & Lecturer

BA1010

9214-8405 [email protected]

Abbas Siddiqui

Tutor

TBA

TBA

[email protected]

Consultation Times By appointment. Email to arrange a mutually convenient time

TBA

Learning and Teaching Structure Activity

Total Hours

Hours per Week

Teaching Period Weeks

Lectures

24 hours

2 hours

Weeks 1 to 12

Tutorials

12 hours

1 hour

Weeks 1 to 12

Lectures will introduce students to the topics and resources, but students will be expected to explore the issues through their own reading and to share their knowledge and ideas through participation in lecture/tutorial discussions. Attendance at weekly classes is a requirement in this Unit of Study In a Semester, you should normally expect to spend, on average, twelve and a half hours of total time (formal contact time plus independent study time) a week on a 12.5 credit point unit of study. Other notes or observations regarding class attendance and preparation: The workload of this subject is based upon the expectation that a minimum of 3-4 hours outside preparation per week is required. Students are expected to:    

attend punctually all scheduled classes for the subject, conduct themselves with consideration for their fellow students in lectures & tutorials, keep up with the reading, attend all tutorials and to come prepared by having reviewed notes from the previous lecture and having read and prepared the current scheduled assessment.

INF30020_S2_2019

Page 4 of 9

Week by Week Schedule Please note that this schedule may be changed without consultation

Week

Week Beginning

Teaching and Learning Activity

1

05 August

2

12 August

3

19 August

Risk Management: Identifying and assessing IS risks (Part B)

Tutorial activity

4

26 August

Information Security: Assessing security and establishing Internal Control

Impact Statement #2 Due

5

02 September

Information Security and Risk Mitigation Frameworks

Challenge Test 1 in class

6

09 September

IS Risk Governance, assurance and strategic alignment

Impact Statement #3 Due

Introduction and Overview: IS risk and security Risk Management: Identifying and assessing IS risks (Part A)

Student Task or Assessment Tutorial activity Impact Statement #1 Due Assignment 1 release Thursday 15th August

Mid Semester Break - Monday 16th September to Sunday 22nd September 7

23 September

Business Continuity Management: Business continuity planning and disaster recovery planning

Tutorial activity Assignment 1 Due Thursday 26th September

8

30 September

Communicating Information Risk Management: Incident and contingency planning

Tutorial activity

9

07 October

Cyber Review: Current issues in information risk and security management, e.g. cloud computing

Impact Statement #4 Due

10

14 October

Fraud and forensic auditing: Fraud, cybercrime, forensic auditing and continuous monitoring

Tutorial activity Assignment 2 Due Thursday 17th October.

11

21 October

Legal, Professional and Ethical issues: Ethics, regulatory & legal issues, irregular & illegal acts

Impact Statement #5 Due

12

28 October

ISRS compliance frameworks

Challenge Test 2

Unit Revision

INF30020_S2_2019

Page 5 of 9

Assessment a)

Assessment Overview

Hurdle requirements Nil

b)

Minimum requirements to pass this Unit To pass this unit, you must achieve an overall mark for the unit of 50% or more

c)

Examinations There is no formal/official final exam for this unit.

d) Submission Requirements Please ensure you keep a copy of all assessments that are submitted. An Assessment Cover Sheet must be submitted with your assignment. The standard Assessment Cover Sheet is available from the Current Students web site (see Part C).

e)

Extensions and Late Submission Late Submissions - Unless an extension has been approved, late submissions will result in a penalty. You will be penalised 10% of the assessment’s worth for each calendar day the task is late, up to a maximum of 5 working days. After 5 working days a zero result will be recorded.

f)

Referencing To avoid plagiarism, you are required to provide a reference whenever you include information from other sources in your work. Further details regarding plagiarism are available in Section C of this document. Referencing conventions required for this unit are: Harvard Referencing Style Helpful information on referencing can be found at http://www.swinburne.edu.au/library/referencing/   

INF30020_S2_2019

Page 6 of 9

g) Groupwork Guidelines A group assignment is the collective responsibility of the entire group, and if one member is temporarily unable to contribute, the group should be able to reallocate responsibilities to keep to schedule. In the event of longer-term illness or other serious problems involving a member of group, it is the responsibility of the other members to immediately notify the Unit Convenor or relevant tutor. There is a peer evaluation form that may be completed by every member of the team on allocation of work should an issue arise within the group. This will be used to reassess the final grade allocation. Group submissions must be submitted with an Assessment Declaration Statement, signed by all members of the group. All group members must be satisfied that the work has been correctly submitted. Any penalties for late submission will generally apply to all group members, not just the person who submitted.

Reference Materials Students are advised to check the unit outline in the relevant teaching period for appropriate textbooks and further reading

Required Textbook(s) It is recommended that you purchase the following textbook for this Unit of Study. E-book also available from Library. Gibson, Darril, Managing Risk in Information Systems. Jones & Bartlett Learning, Burlington, MA, U.S.A., 2015 A list of required weekly readings will be provided in Canvas. Readings will be available through the library and/or as publicly accessible online resource.

Recommended Reading Materials The Library has a large collection of resource materials, both texts and current journals. Listed below are some references that will provide valuable supplementary information to this unit. It is also recommended that you explore other sources to broaden your understanding.            

Alberts, C & Dorofee, A, Managing Information Security Risks. Boston, Addison Wesley, 2003. Calder, A. & Watkins, S., IT Governance: A Manager’s Guide to Data Security and ISO27001/ISO27002. Kogan Page, 2008. Easttom, C, Computer Security Fundamentals (2nd Ed.). Indiana, Pearson 2012. Glass, RL, Software Runaways: Lessons Learned from Massive Software Project Failures. Upper Saddle River, N.J., Prentice Hall, 1998. Hall, James A. Information Technology Auditing and Assurance (3rd Ed.) South-Western Cengage Learning, 2010. Jordan, E & Silcock, L; Chichester, Beating IT Risks, John Wiley & Sons Australia, Ltd., 2006. Mather, T., Kumaraswamy, S., and Latif S., Cloud Security and Privacy: An Enterprise Perspective on Risks & Compliance. O’Reilly Media, 2009. Peltier, TR, Information Security Risk Analysis, 2nd edn, Auerbach Publications, 2005. Raval, Vasant & Fichadia, Ashok, Risks, Controls and Security, John Wiley & Sons, Inc. 2007 Slay, Jill & Koronios, A.., Information Technology: Security & Risk Management, John Wiley & Sons, Inc 2006 Tipton, H.F. and Krause, M., Information Security Management Handbook (6th Ed.), CRC Press, 2007. Whitman, M.E. and Mattord, H.J. Management of Information Security, Thomson, 2008

INF30020_S2_2019

Page 7 of 9

PART C:

FURTHER INFORMATION

For further information on any of the below topics, refer to Swinburne’s Current Students web page http://www.swinburne.edu.au/student/.

Student Charter Please familiarise yourself with Swinburne’s Student Charter. The charter describes what students can reasonably expect from Swinburne in order to enjoy a quality learning experience. As students contribute to their own learning experience to that of their fellow students, the charter also defines the University's expectations of students.

Student behaviour and wellbeing Swinburne has a range of policies and procedures that govern how students are expected to conduct themselves throughout the course of their relationship with the University. These include policies on expected standards of behaviour and conduct which cover interaction with fellow students, staff and the wider University community, in addition to following the health and safety requirements in the course of their studies and whilst using University facilities. All students are expected to familiarise themselves with University regulations, policies and procedures and have an obligation to abide by the expected guidelines. Any student found to be in breach may be subject to relevant disciplinary processes. Some examples of relevant expected behaviours are: 

Not engaging in student misconduct



Ensuring compliance with the University’s Anti-Discrimination, Bullying and Violence and Sexual Harassment requirements

Complying with all Swinburne occupational health and safety requirements, including following emergency and evacuation procedures and following instructions given by staff/wardens or emergency response. In teaching areas, it is expected that students conduct themselves in a manner that is professional and not disruptive to others. In all Swinburne laboratories, there are specific safety procedures which must be followed, such as wearing appropriate footwear and safety equipment, not acting in a manner which is dangerous or disruptive (e.g. playing computer games), and not bringing in food or drink. 

Canvas You should regularly access the Swinburne Course Management System (Canvas) available via http://ilearn.swin.edu.au. Canvas is regularly updated with important Unit information and communications .

Communication All communication will be via your Swinburne email address. If you access your email through a provider other than Swinburne, then it is your responsibility to ensure that your Swinburne email is redirected to your private email address.

Plagiarism Plagiarism is the action or practice of taking and submitting or presenting the thoughts, writings or other work of someone else as though it is your own work. Plagiarism includes any of the following, without full and appropriate acknowledgment to the original source(s):  

  

The use of the whole or part of a computer program written by another person; the use, in essays or other assessable work, of the whole or part of a written work from any source including but not limited to a book, journal, newspaper article, set of lecture notes, current or past student’s work, any other person’s work, a website or database; The paraphrasing of another’s work; The use of musical composition, audio, visual, graphic and photographic models, The use of realia that is objects, artefacts, costumes, models and the like.

Plagiarism also includes the preparation or production and submission or presentation of assignments or other work in conjunction with another person or other people when that work should be your own independent work.

INF30020_S2_2019

Page 8 of 9

This remains plagiarism whether or not it is with the knowledge or consent of the other person or people. It should be noted that Swinburne encourages its students to talk to staff, fellow students and other people who may be able to contribute to a student’s academic work but that where independent assignment is required, submitted or presented work must be the student’s own. Enabling plagiarism contributes to plagiarism and therefore will be treated as a form of plagiarism by the University. Enabling plagiarism means allowing or otherwise assisting another student to copy or otherwise plagiarise work by, for example, allowing access to a draft or completed assignment or other work. Swinburne University uses plagiarism detection software (such as Turnitin) for assignments submitted electronically via Canvas. Your Convenor will provide further details. The penalties for plagiarism can be severe ranging from a zero grade for an assessment task through to expulsion from the unit and in the extreme, exclusion from Swinburne. Consequently you need to avoid plagiarism by providing a reference whenever you include information from other sources in your work.

Student support You should talk to your Unit Convenor or Student Services, for information on academic support services available for Swinburne students.

Special consideration If your studies have been adversely affected due to serious and unavoidable circumstances outside of your control (e.g. severe illness or unavoidable obligation) you may be able to apply for special consideration (SPC). Applications for Special Consideration will be submitted via the SPC online tool normally no later than 5.00pm on the third working day after the submission/sitting date for the relevant assessment component.

Special needs Sometimes students with a disability, a mental health or medical condition or significant carer responsibilities require reasonable adjustments to enable full access to and participation in education. Your special needs can be addressed by Swinburne's Disability Services, who can negotiate and distribute an 'Education Access Plan' that outlines recommendations for university teaching and examination staff. You must notify the University Disability Liaison Officer of your disability or condition within one week after the commencement of a unit of study to allow the University to make reasonable adjustments.

Review of marks An independent marker reviews all fail grades for major assessment tasks. In addition, a review of assessment is undertaken if your final result is between 45 and 49 or within 2 marks of any grade threshold. If you are not satisfied with the result of an assessment you can ask the Unit Convenor to review the result. Your request must be made in writing within 10 working days of receiving the result. The Unit Convenor will review your result to determine if your result is appropriate. If you are dissatisfied with the outcomes of the review you can lodge a formal complaint.

Feedback, complaints and suggestions In the first instance you may discuss any issues with your Unit Convenor. If you are dissatisfied with the outcome of the discussions with the Unit Convenor or would prefer not to deal with your Unit Convenor, then you can complete a feedback form.

Advocacy You are advised to seek advice from the staff at the Swinburne Student Amenities Association (SSAA) if you require assistance with any academic issues.

INF30020_S2_2019

Page 9 of 9...