Note: This unit version is currently being edited and is subject to change!

INFO5301: Information Security Management (2019 - Semester 2)

Download UoS Outline

Unit: INFO5301: Information Security Management (6 CP)
Mode: Normal-Evening
On Offer: Yes
Level: Postgraduate
Faculty/School: School of Computer Science
Unit Coordinator/s: Thilakarathna, Kanchana
Session options: Semester 1, Semester 2
Versions for this Unit:
Campus: Camperdown/Darlington
Pre-Requisites: None.
Brief Handbook Description: This unit of study gives a broad view of the management aspects of information security. We emphasise corporate governance for information security, organisational structures within which information security is managed, risk assessment, and control structures. Planning for security, and regulatory issues, are also addressed.
Assumed Knowledge: This unit of study assumes foundational knowledge of Information systems management. Two year IT industry exposure and a breadth of IT experience will be preferable.
Lecturer/s: Mr. Sardesai, Sandeep
Timetable: INFO5301 Timetable
Time Commitment:
# Activity Name Hours per Week Sessions per Week Weeks per Semester
1 Lecture 2.00 1 13
2 Tutorial 1.00 1 13
3 Independent Study 6.00 13
T&L Activities: Tutorial: Tutorial

Independent Study: Student should spend about 6 hours/week on private study, doing assignments, etc.

Attributes listed here represent the key course goals (see Course Map tab) designated for this unit. The list below describes how these attributes are developed through practice in the unit. See Learning Outcomes and Assessment tabs for details of how these attributes are assessed.

Attribute Development Method Attribute Developed
Understand technical and managerial aspects of information security. (2) Engineering/ IT Specialisation (Level 4)
Communication: explain issues to both managers and technical staff. (6) Communication and Inquiry/ Research (Level 4)
Carry out sophisticated task in a small team. (7) Project and Team Skills (Level 4)
Understand professional roles and activities related to information security. (8) Professional Effectiveness and Ethical Conduct (Level 4)

For explanation of attributes and levels see Engineering & IT Graduate Outcomes Table 2018.

Learning outcomes are the key abilities and knowledge that will be assessed in this unit. They are listed according to the course goal supported by each. See Assessment Tab for details how each outcome is assessed.

(6) Communication and Inquiry/ Research (Level 4)
1. On successful completion of this unit, a student should be able to communicate on information security issues to both managers and technical staff
(2) Engineering/ IT Specialisation (Level 4)
2. On successful completion of this unit, a student should be able to list and outline major concerns and issues of managing information security
3. On successful completion of this unit, a student should be able to define, describe and discuss management and governance aspects of information security.
4. On successful completion of this unit, a student should be able to describe risk management methodology and control structures as applied to the management of information security
5. On successful completion of this unit, a student should be able to describe and characterise the attributes of information security management practices
Assessment Methods:
# Name Group Weight Due Week Outcomes
1 Assignment 1: Quiz and Essay Questions No 10.00 Week 5 2, 3,
2 Assignment 2: Case Study assignment* Yes 30.00 Week 11 1, 2, 3, 4, 5,
3 Final Exam* No 60.00 Exam Period 1, 2, 3, 4, 5,
Assessment Description: * indicates an assessment task which must be repeated if a student misses it due to special consideration.

Assignment 1: This is an individual assignment (typically online via USyd eLearning) that quizzes the knowledge of each student in the topics of weeks 1-4 with questions similar to those on the final exam.

Assignment 2*: In this practical assignment, students are asked to analyse a case-study and deliver a presentation of their analysis and recommendations.

Final Exam*: Final exam. Obtaining at least 40% of the available marks from the written exam is a requirement to pass INFO5301.

There may be statistically defensible moderation when combining the marks from each component to ensure consistency of marking between markers, and alignment of final grades with unit outcomes.

Tasks that are done in scheduled times cannot be submitted late, except if following the procedures for Special Consideration. For other tasks, a late penalty will be imposed as follows;

Consistent penalty of 5% per day late, e.g.:

- A good assignment that would normally get 9/10 and is 2 days late loses 10% of the full 10 marks, i.e. new mark = 8/10

- An average assignment that would normally get 5/10 and is 5 days late loses 25% of the full 10 marks, i.e. new mark = 2.5/10

Assignments more than 10 days late get 0.
Grading:
Grade Type Description
Standards Based Assessment Final grades in this unit are awarded at levels of HD for High Distinction, DI (previously D) for Distinction, CR for Credit, PS (previously P) for Pass and FA (previously F) for Fail as defined by University of Sydney Assessment Policy. Details of the Assessment Policy are available on the Policies website at http://sydney.edu.au/policies . Standards for grades in individual assessment tasks and the summative method for obtaining a final mark in the unit will be set out in a marking guide supplied by the unit coordinator.
Minimum Pass Requirement It is a policy of the School of Computer Science that in order to pass this unit, a student must achieve at least 40% in the written examination. For subjects without a final exam, the 40% minimum requirement applies to the corresponding major assessment component specified by the lecturer. A student must also achieve an overall final mark of 50 or more. Any student not meeting these requirements may be given a maximum final mark of no more than 45 regardless of their average.
Policies & Procedures: IMPORTANT: School policy relating to Academic Dishonesty and Plagiarism.

In assessing a piece of submitted work, the School of Computer Science may reproduce it entirely, may provide a copy to another member of faculty, and/or to an external plagiarism checking service or in-house computer program and may also maintain a copy of the assignment for future checking purposes and/or allow an external service to do so.

Other policies

See the policies page of the faculty website at http://sydney.edu.au/engineering/student-policies/ for information regarding university policies and local provisions and procedures within the Faculty of Engineering and Information Technologies.
Recommended Reference/s: Note: References are provided for guidance purposes only. Students are advised to consult these books in the university library. Purchase is not required.

Note that the "Weeks" referred to in this Schedule are those of the official university semester calendar https://web.timetable.usyd.edu.au/calendar.jsp

Week Description
Week 1 Nature and scope of Information System Security
Unit of Study introduction.
Week 2 Introduction to Technical Systems in Information Security
Week 3 Network Security and overview of cryptography
Week 4 Formal Aspects of Information Systems Security, Security Policy, Authority/responsibility structures
Week 5 Planning and designing for information security
Assessment Due: Assignment 1: Quiz and Essay Questions
Week 6 Risk Management for Information Systems Security
Week 7 Corporate Governance for Information Systems Security
Week 8 Importance of Information Security culture
Week 9 Informal Aspects of Information Systems Security
Week 10 Overview of Information Systems Security Standards
Week 11 Legal aspects of Information Systems Security
Assessment Due: Assignment 2: Case Study assignment*
Week 12 Overview of Computer Forensics
Week 13 Unit Review
Exam Period Assessment Due: Final Exam*

Course Relations

The following is a list of courses which have added this Unit to their structure.

Course Year(s) Offered
Master of Professional Engineering (Software) 2013, 2014, 2015, 2016, 2017
Software Mid-Year 2016, 2017, 2018, 2019, 2020
Software/ Project Management 2019, 2020
Software 2015, 2016, 2017, 2018, 2019, 2020
Software / Arts 2016, 2017, 2018, 2019, 2020
Software / Commerce 2016, 2017, 2018, 2019, 2020
Software / Medical Science 2016, 2017
Software / Music Studies 2016, 2017
Software / Project Management 2016, 2017, 2018
Software / Science 2016, 2017, 2018, 2019, 2020
Software/Science (Health) 2018, 2019, 2020
Software / Law 2016, 2017, 2018, 2019, 2020
Software Engineering (till 2014) 2010, 2011, 2012, 2013, 2014
Software Engineering / Arts 2011, 2012, 2013, 2014
Software Engineering / Commerce 2010, 2011, 2012, 2013, 2014
Software Engineering / Medical Science 2011, 2012, 2013, 2014
Software Engineering / Project Management 2012, 2013, 2014
Software Engineering / Science 2011, 2012, 2013, 2014
Bachelor of Information Technology (Computer Science) 2014 and earlier 2011
Graduate Certificate in Information Technology 2015, 2016, 2017, 2018, 2019, 2020
Graduate Certificate in Information Technology Management 2015, 2016, 2017, 2018, 2019, 2020
Graduate Diploma in Computing 2015, 2016, 2017, 2018, 2019, 2020
Graduate Diploma in Information Technology 2015, 2016, 2017, 2018, 2019, 2020
Graduate Diploma in Information Technology Management 2015, 2016, 2017, 2018, 2019, 2020
Graduate Certificate in Information Technology Management (till 2014) 2013, 2014
Graduate Certificate in Information Technology (till 2014) 2012, 2013, 2014
Graduate Diploma in Information Technology Management (till 2014) 2013, 2014
Graduate Diploma in Information Technology (till 2014) 2012, 2013, 2014
Master of Data Science 2016, 2017, 2018, 2019, 2020
Master of Information Technology 2015, 2016, 2017, 2018, 2019, 2020
Master of Information Technology Management 2015, 2016, 2017, 2018, 2019, 2020
Master of IT/Master of IT Management 2015, 2016, 2017, 2018, 2019, 2020
Master of Information Technology Management (till 2014) 2011, 2012, 2013, 2014
Master of Information Technology (till 2014) 2014
Software/Science (Medical Science Stream) 2018, 2019, 2020

Course Goals

This unit contributes to the achievement of the following course goals:

Attribute Practiced Assessed
(8) Professional Effectiveness and Ethical Conduct (Level 4) Yes 0%
(7) Project and Team Skills (Level 4) Yes 0%
(6) Communication and Inquiry/ Research (Level 4) Yes 18%
(2) Engineering/ IT Specialisation (Level 4) Yes 82%

These goals are selected from Engineering & IT Graduate Outcomes Table 2018 which defines overall goals for courses where this unit is primarily offered. See Engineering & IT Graduate Outcomes Table 2018 for details of the attributes and levels to be developed in the course as a whole. Percentage figures alongside each course goal provide a rough indication of their relative weighting in assessment for this unit. Note that not all goals are necessarily part of assessment. Some may be more about practice activity. See Learning outcomes for details of what is assessed in relation to each goal and Assessment for details of how the outcome is assessed. See Attributes for details of practice provided for each goal.