Units

---

Sample subject outline - Semester 1 2013

Note: Subject outlines often change before the semester begins. Below is a sample outline.

Rationale

Information is an important asset. Information systems are increasingly used to store, process and exchange information, with most sectors of the economy dependent on electronic and often automated information systems. Information systems are vital, but also vulnerable. Information security is about protecting information and the systems that use, store and transmit it.
This unit provides an introduction to information security, enabling you to identify and discuss fundamental information security issues with information systems ranging from single-user systems to those of large multinational organisations. The unit considers both technical and non-technical measures used to provide security for information systems, and examines guidelines on best practice implementation of information security measures.
The interconnectedness of many information systems means that the actions of individuals may impact on many others. This unit is important in developing an understanding of the challenges involved in providing appropriate protection for information, both for you as an individual member of a global community and as an IT professional.

Aims

This unit aims to give you an understanding of the fundamental concepts and major issues in information security. You will be able to identify critical information security concepts and determine the information security implications of interactions between entities. You will have knowledge of a range of techniques for protecting information, and understand the limitations of these techniques. You will be aware of international information security management standards.

Objectives

On completion of this unit you should be able to:
· Describe the dimensions of personal, corporate, national and global dependence on IT services, with an emphasis on the interactions between entities, and the security implications associated with this (GC1, GC3, GC6).
· Define major information security goals and identify those goals which relate to the strategic goals of an organisation (GC1, GC2).
· Recognise and describe threats to the security of information in a range of practical situations (GC1, GC2, GC3).
· Evaluate given information security scenarios, describe appropriate methods for addressing information security risks, and justify your choices (GC1, GC2, GC3, GC5).
· Discuss the major components of relevant information security management standards (GC1, GC3).

Key: Graduate Capabilities
GC1 - Knowledge and Skills
GC2 - Critical and Creative Thinking
GC3 - Communication
GC4 - Lifelong Learning
GC5 - Independence and Collaboration
GC6 - Social and Ethical Responsibility
GC7 - Leadership and Change

Content

This unit introduces fundamental information security concepts (aspects of the protection of information assets) and explains why IT professionals must understand information security and its applications. Information security goals including confidentiality, integrity, availability, authentication and non-repudiation are described. Risk factors impacting on the security of information assets are identified and discussed. Methods of protecting information are outlined including access control, cryptography, and network security mechanisms. Security management standards are also addressed. Discussions of information security issues emphasise the high standard of ethical conduct expected of an IT industry professional, particularly those working in the area of information security.

Approaches to Teaching and Learning

You are responsible for your academic progression through this unit. Unit staff provide a learning environment designed to maximise your learning experience. In order to realise your full potential, it is strongly recommended that you actively participate in all the learning activities offered in this unit.

The content of the unit is delivered through weekly lectures and workshop sessions and through the QUT Blackboard site. During the weekly sessions theory on various topics in information security will be presented and examples showing how this theory can be applied will also be given. These sessions will focus on promoting your understanding of the presented material. Questions related to the presented material will be provided; your answers to these questions will direct your focus and aid your preparation for unit assessment items. Your participation in the learning activities provides opportunities for you to self-assess and to obtain feedback from unit staff and your peers, further developing your interpersonal and oral communication skills.

You must be able to manage your time and prioritise activities in order to complete the required unit activities. You should be able to work both independently and as a productive and cooperative team member. Independent work is required to complete some of your assessment items. For these items, although you may discuss the assessment topics with others during preparation, the work you submit for assessment must be your own individual effort. For assessment items requiring group work, you must be prepared to cooperate with others and contribute appropriately. It is your responsibility to ensure that your work is completed in a timely manner.

The unit coordinator will use email and the unit's QUT Blackboard site to make announcements and post various types of information throughout the semester. It is your responsibility to access your email account and the unit's QUT Blackboard site regularly. You should also familiarise yourself with the Faculty of Science and Technology student Rules, Policies and Procedures available online at http://www.scitech.qut.edu.au/study/current/.

Concurrent Teaching
This unit is being taught concurrently with an undergraduate offering of the same subject. University policy permits postgraduate and undergraduate students to attend the same lectures. Separate tutorial sessions will be provided for undergraduate and postgraduates students where student numbers allow. As a postgraduate student you will be required to complete separate assessment tasks that reflect the advanced knowledge and understanding of the subject. For this unit that means your assessment will be of increased complexity but not necessarily of greater length or requiring greater effort. The assessment will, however, require you to show additional evidence of critical evaluation.

Assessment

You will be expected to undertake a number of assessments related to the learning outcomes of this unit (see below).You can obtain feedback on your progress throughout the unit through the following mechanisms:
· self-assess your responses to provided question sets and presented material
· peer-assessment of your workshop preparations
· ask the teaching staff for advice and assistance during workshop sessions
· review your assessment items during scheduled review sessions
· have a private consultation with teaching staff

Assessment name: Report
Description: Group written assignmentreport related to specific information security issue.
Relates to objectives: 2 to 5
Weight: 30%
Internal or external: Internal
Group or individual: Group
Due date: Late in the semester

Assessment name: Examination (Theory)
Description: Individual final written exam
Relates to objectives: 1 to 5.
Weight: 50%
Internal or external: Internal
Group or individual: Individual
Due date: Exam Period

Assessment name: Quiz/Test
Description: : Individual multiple choice examination.
Relates to objectives: 2 to 5.
Weight: 20%
Internal or external: Internal
Group or individual: Individual
Due date: Approx Mid Semester

Academic Honesty

QUT is committed to maintaining high academic standards to protect the value of its qualifications. To assist you in assuring the academic integrity of your assessment you are encouraged to make use of the support materials and services available to help you consider and check your assessment items. Important information about the university's approach to academic integrity of assessment is on your unit Blackboard site.

A breach of academic integrity is regarded as Student Misconduct and can lead to the imposition of penalties.

Resource materials

There is no required text for this unit.

Recommended Text:
There are many useful online sources of material on information security. However, if you want a hardcopy reference material, consider purchasing either (not both) of the following texts (Browse in the library or the bookshop to see which writing style you prefer).
1. Matt Bishop. Introduction to Computer Security. Addison Wesley, 2005.
OR
2. Michael Whitman and Herbert Mattord. Principles of Information Security. Thomson, 2005.

Risk assessment statement

There is minimal health and safety risk in this unit. It is your responsibility to familiarise yourself with the Health and Safety policies and procedures applicable within campus areas.

Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of semester.

Last modified: 24-Oct-2012