COMMGMT 7026 - Policies & Procedures in Organisational Cyber Security (M)

North Terrace Campus - Semester 1 - 2021

The risks and costs of cyber-attacks that threaten organisations grow exponentially every year, yet the discipline of cyber security is so young that most organisations (and governments) still do not have adequate cyber security policies or procedures. There is an urgent and ongoing need for personnel who understand the core principles of organisational cyber security, and have the knowledge and skills to research policies and procedures as they develop and tailor them to specific industry needs; and to develop policies and procedures where they do not yet exist. This course addresses the necessary knowledge and skill-set for researching, developing and tailoring cyber security policies and procedures, standards and guidelines, appropriate to specific industries and organisations.

  • General Course Information
    Course Details
    Course Code COMMGMT 7026
    Course Policies & Procedures in Organisational Cyber Security (M)
    Coordinating Unit Adelaide Business School
    Term Semester 1
    Level Postgraduate Coursework
    Location/s North Terrace Campus
    Units 3
    Contact Up to 3 hours per week
    Available for Study Abroad and Exchange N
    Incompatible COMMGMT 2509
    Course Description The risks and costs of cyber-attacks that threaten organisations grow exponentially every year, yet the discipline of cyber security is so young that most organisations (and governments) still do not have adequate cyber security policies or procedures. There is an urgent and ongoing need for personnel who understand the core principles of organisational cyber security, and have the knowledge and skills to research policies and procedures as they develop and tailor them to specific industry needs; and to develop policies and procedures where they do not yet exist. This course addresses the necessary knowledge and skill-set for researching, developing and tailoring cyber security policies and procedures, standards and guidelines, appropriate to specific industries and organisations.
    Course Staff

    Course Coordinator: Dr Cate Jerram

    Dr Cate Jerram
    10.34 Nexus 10
    cate.jerram@adelaide.edu.au
    #8313 4757
    Course Timetable

    The full timetable of all activities for this course can be accessed from Course Planner.

  • Learning Outcomes
    Course Learning Outcomes
    On successful completion of this course, students will be able to:
    1. Identify policy needs (incorporating procedures, standards, and guidelines) to address cyber security requirements for a specific organisation and prioritise realistically.
    2. Research national and international policies for organisational cyber security, identifying the most relevant contextually.
    3. Interpret cyber security policies, identifying nuances; evaluate their relevance and appropriateness for a specific industry or organisation; and adopt and adapt them to specifically address identified organisational needs.
    4. Draft and polish core cyber security policies, procedures and guidelines (compliant with standards), and accompanying documentation, for a specific industry or organisation and phrase and present them to a professional standard.
    5. Log, analyse, and report on, interaction with clients, demonstrating reflection that leads to planned change.
    University Graduate Attributes

    This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:

    University Graduate Attribute Course Learning Outcome(s)
    Deep discipline knowledge
    • informed and infused by cutting edge research, scaffolded throughout their program of studies
    • acquired from personal interaction with research active educators, from year 1
    • accredited or validated against national or international standards (for relevant programs)
    1 - 4
    Critical thinking and problem solving
    • steeped in research methods and rigor
    • based on empirical evidence and the scientific approach to knowledge development
    • demonstrated through appropriate and relevant assessment
    1 - 5
    Teamwork and communication skills
    • developed from, with, and via the SGDE
    • honed through assessment and practice throughout the program of studies
    • encouraged and valued in all aspects of learning
    -
    Career and leadership readiness
    • technology savvy
    • professional and, where relevant, fully accredited
    • forward thinking and well informed
    • tested and validated by work based experiences
    1 - 5
    Intercultural and ethical competency
    • adept at operating in other cultures
    • comfortable with different nationalities and social contexts
    • able to determine and contribute to desirable social outcomes
    • demonstrated by study abroad or with an understanding of indigenous knowledges
    2 - 5
    Self-awareness and emotional intelligence
    • a capacity for self-reflection and a willingness to engage in self-appraisal
    • open to objective and constructive feedback from supervisors and peers
    • able to negotiate difficult social situations, defuse conflict and engage positively in purposeful debate
    4, 5
  • Learning Resources
    Required Resources
    Students will be researching and sourcing material.
    Recommended Resources
    A Vaseashta, P Susmann, & E Braman. Cyber Security and Resiliency Policy Framework. IOS Press. 2014-09-19 (Free download through ProQuest Ebook Central, via University of Adelaide Library)

    Potentially helpful (not required):
    Michael N. Schmitt (Ed). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.
    Cambridge University Press, 2017.
  • Learning & Teaching Activities
    Learning & Teaching Modes
    This course is taught in seminars - weekly 3-hour classes.
    It is industry-based. In teams, students apply what they are learning in the course to real businesses who are their team client.
    INTEGRITY is critical in this class as clients must be able to expect absolute CONFIDENTIALITY.
    Timetables are worked around client need and interaction more than around normal 'semester timetable' or 'student expectations' - as students are being entrusted with the well-being of real businesses, it is necessary for students to understand the requirement to work to client need, not just classroom norms.

    Workload

    The information below is provided as a guide to assist students in engaging appropriately with the course requirements.

    Due to the nature of the course as a genuine team consultancy for real clients, the workload is demanding and erratic, as student teams have to be available and responsive to clients at need, and client needs are prioritized above normal university procedures, dates and deadlines.
    Learning Activities Summary
    Currently under revision. Complete table will be available in MyUni.
  • Assessment

    The University's policy on Assessment for Coursework Programs is based on the following four principles:

    1. Assessment must encourage and reinforce learning.
    2. Assessment must enable robust and fair judgements about student performance.
    3. Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
    4. Assessment must maintain academic standards.

    Assessment Summary

    Assessment Task

    Weighting

    Word Count / Time

    Due

    Learning Outcome

    1.     Preparation for Client Project

    15%

     

     

     

    Drafts for team management & documentation

    NDA research and draft

    Research and Draft basic templates for Generic Client Report components

     

    Due in class of week 3 seminar.

    15%

    n/a

    Class *Week 3

    1 - 4

    2.     Client Project

    55%

     

     

     

    Step 1: Client-specific Policy, Process & Procedures Situation Analysis, Needs Analysis, & Prioritization

    Step 2: Client-specific Research & Client Consultation Report First Draft – Policies

    Step 3: Client-specific Research & Client Consultation Report First Draft - Process & Procedures

    35%

    n/a

    Class *Week 7

    1 - 4

    Step 4: Policy, Procedures & Documentation – Complete & Final … submitted to academic for approval

    ..submitted to Client

    20%

    n/a

    Class Week 11

    Week 13

    1 - 4

    Note: Individual Contribution to Team Reports (& client & teacher observations) will modify all team and individual grades.

    3.     Peer Support, Mentoring & Contribution

    10%

     

     

     

    4.     Report Log & Reflective Journal

     

     

     

    20%

     

    13 entries

    300-800 words each

    Week 13+ (24 hours after final report to client)

    5

    Total

    100%

     

     

     

     

    Assessment Detail

    Rubrics available in MyUni.

    1.     Preparation for Client Project

    15%

     

    Drafts for team management & documentation

    NDA research and draft

    Research and Draft basic templates for Generic Client Report components

     

    Due in class of week 3 seminar.

    15%

    Individuals will research NDAs and write drafts of an NDA to potentially be customised and used for their team’s client, then draft basic templates to be used for each of the major components of the Policies & Procedures report their team will need to provide their client. Collaboration is accepted and expected, but final submitted work of these drafts must be individually completed and will be marked individually.

    2.     Client Project

    55%

     

    Step 1: Client-specific Policy, Process & Procedures Situation Analysis, Needs Analysis, & Prioritization

     

     

    Due at start of class of week 5 seminar.

     

     

     

     

     

    Step 2: Client-specific Research & Client Consultation Report First Draft – Policies

     

     

     

    Due at start of class of week 6 seminar.

     

     

     

     

    Step 3: Client-specific Research & Client Consultation Report First Draft - Process & Procedures

     

    Due at start of class of week 7 seminar.

    Steps 1 - 3 are MARKED after week 7 submission.

    35%

    Step 1: Cyber Security Policy, Process & Procedures Situation Analysis, Policy Needs Analysis & Prioritization

    In teams, students will research the needs of the client, and present a Situation Analysis (broad brush) that outlines the organisation’s cyber security status compared to existing appropriate national or international policies and known current threats.

    Building on the Situation Analysis, teams will then conduct a Needs Analysis (focused and specific) of the most critical cyber security policy, process & procedural needs of the organisation, and prioritize them in terms of urgency of need and value to the organisation.

    Note: team management and documentation are a required part of the marked process.

     

    Step 2: Client-specific Research & Client Consultation Report First Draft – Policies

    Students will (in consultation with the client) select two or three of the most critical policy needs, and research how best to address them (in terms of adapting a known policy or developing a new policy) – to be specific to that organisation’s situation and needs. The report will summarise the research conducted and the client consultation process, and final decisions made collaboratively between client and students. Note: team management and documentation are a required part of the marked process.

     

    Step 3: Client-specific Research & Client Consultation Report First Draft - Process & Procedures

    Teams will research the most appropriate procedures to address the policies created for the client, prioritize them in consultation with the client, and then develop the procedures and documentation to support them. Note: team management and documentation are a required part of the marked process.

     

    Step 4 A: Policy, Procedures & Documentation – Complete & Final … submitted to academic for approval

    Due at start of class of week 12 seminar.

     

     

     

     

     

     

    Step 4 B: ...submitted to Client

    Week 13.

    Submission

    Critical: all work for clients must be cleared with the Course Coordinator before being submitted to the client.

    20%

    Teams are responsible to ensure (& document) that their Policies & Procedures ensure that their client is enabled to meet their requisite industry and government Standards.

    Teams will rework and polish their documented Policies, Processes and Procedures selected in consultation with the client, ensuring that they are written in such a way that Policies and Procedures are implementable. Teams will accompany their Policies & Procedures with supporting documentation for client implementation (eg: posters, employee handouts or handbooks…)

     

    Teams will, after marking and feedback, be able to submit their finalised Policies & Procedures, with support documentation, to their client.

    3.     Peer Support, Mentoring & Contribution

     

    10%

     

     

     

    Students are expected to support and mentor other students – not only in their own team, but across the class. On-campus students are expected to support and encourage online students and it is expected that students from different disciplines will encourage and mentor students from other disciplines, and be willing to be mentored and supported in return.

    4.     Reflective Log & Journal

     

    20%

     

     

     

    13 entries, 300-800 words each.

    Each week students will be expected to log their interaction with clients and write 300 – 800 words of analysis and reflection on that week’s learning. This includes reflection on the work involved in polishing and submitting the final Policies Procedures and Documentation for and to their client during weeks 12/13.

     

    Logs & Journals are to be entered and updated weekly on assigned Journal Pages in MyUni completed each week before the following week’s class. Students may be called upon to show their up-to-date log & journal at any class throughout the semester.

     

    For final submission, all weekly entries are to be collated into a single document and uploaded into the assignment submissions page.

     

     

    Submission

    No information currently available.

    Course Grading

    Grades for your performance in this course will be awarded in accordance with the following scheme:

    M10 (Coursework Mark Scheme)
    Grade Mark Description
    FNS   Fail No Submission
    F 1-49 Fail
    P 50-64 Pass
    C 65-74 Credit
    D 75-84 Distinction
    HD 85-100 High Distinction
    CN   Continuing
    NFE   No Formal Examination
    RP   Result Pending

    Further details of the grades/results can be obtained from Examinations.

    Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.

    Final results for this course will be made available through Access Adelaide.

  • Student Feedback

    The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.

    SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.

  • Student Support
  • Policies & Guidelines
  • Fraud Awareness

    Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student’s disciplinary procedures.

The University of Adelaide is committed to regular reviews of the courses and programs it offers to students. The University of Adelaide therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.