Information on this page, including unit offerings, is from the 2020 academic year.
Information Security Policy and Governance (ICT380)
|Organisational Unit||Information Technology, Mathematics and Statistics|
|Availability||MURDOCH: S1-internal, S1-external
DUBAI-ISC: TJD-internal, TSD-internal
KAPLAN-SGP: TJA-internal, TSA-internal
|Teaching Timetables||Murdoch S1
|Description||This unit covers the advanced study of Information Security Policy and Governance at an organisational level. Students will gain an understanding of standards and policies as well as international, national and local regulatory requirements governing organisational information technology systems. The unit will address relevant data protection legislation, industry best practices, risk management techniques and develop the necessary skills to evaluate and measure organisational compliance and to determine appropriate organisational strategy to best support the information security needs.|
|Unit Learning Outcomes||On successful completion of the unit you should be able to:
1. Describe and discuss the importance and the key characteristics of information security, as well as the principal components of information security system implementation planning in the organizational planning scheme.
2. Explain the need for contingency planning and discuss how an organization would prepare and execute a test of contingency plans.
3. Define what an information security policy is; describe the major types of information security policy and discuss the major components of each.
4. Discuss how to plan and staff an organization's information security program based on its size; recommend an information security management model and explain how it can be customized to meet the needs of a particular organization; identify the skills and requirements for information security positions.
5. Define risk management and explain how risk is assessed based on the likelihood of adverse events and the possible effects on information assets.
6. Describe the types of intrusion detection systems and the strategies on which they are based; discuss security practices used to control employee behaviour and prevent misuse of information; explain ethical and legal issues associated with the management of information security.
7. Understand and discuss the importance of information security governance and its implementation mechanisms; outline the basic components of the COBIT model.
8. Demonstrate an awareness of information security standards in high-risk industry sectors.
|Timetabled Learning Activities||Workshop: 1 x 3 hours per week.
All offerings of this unit include the equivalent of 30 hours of structured learning.
|Unit Learning Experiences||You will be exposed to a wide range of industry techniques and case studies to highlight the breadth and diversity in the domain of Information Security. Throughout the unit, an active learning approach is fostered in order to equip students with the critical analysis and independent research skills as a successful industry practitioner. In lectures, you will be briefed on the theoretical foundations and in tutorials and self-study you will then apply this knowledge to solve real world security case studies. Students will be expected to work both in groups and individually.|
|Assessment||Students will participate in tutorials and submit worksheets (10%). There will also be a Security Policy Case study worth 15% and a research paper investigating implementation of Governance and Security Policy Exemplars worth 35%. The final exam is worth 40%.|
|Prerequisites||ICT284 Systems Analysis and Design OR ICT287 Computer Security OR ICT378 Cyber Forensics and Information Technology OR ICT379 Security Architecture and Systems Administration.|
|Exclusions||ICT357 Information Security Management|
|Appears in these Courses/Majors:
see individual structures for context
|Appears in these Minors||Computer Forensics and Information Security Policy
|Internet Access Requirements||Murdoch units normally include an online component comprising materials, discussions, lecture recordings and assessment activities. All students, regardless of their location or mode of study, need to have access to and be able to use computing devices with browsing capability and a connection to the Internet via Broadband (Cable, ADSL or Mobile) or Wireless. The Internet connection should be readily available and allow large amounts of data to be streamed or downloaded (approximately 100MB per lecture recording). Students also need to be able to enter into online discussions and submit assignments online.|
Dr Florence Mwagwabi
Lecturer in Information Technology (Singapore)
|No contacts found|