CLO1	Effectively communicate the differences between risk, threat and vulnerabilities, how they interrelate, and the principal means of recognising them.
CLO2	Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes.
CLO3	Demonstrate different methods of conducting risk analyses and impact assessments.
CLO4	Detail the core requirements of an Information Risk Assurace process for an SME and for a corporation or large business.
CLO5	Develop an Information Security Framework for a specified business.

Stallings, W 2019, Effective cybersecurity: a guide to using best practices and standards (Links to an external site.), Addison-Wesley Professional.

Santos, O & Greene, S 2018, Developing cybersecurity programs and policies (Links to an external site.), Pearson. 

Online Sections
Developing cybersecurity programs and policies
BOOK CHAPTER Understanding cybersecurity policy and governance. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]2 - 37

Developing cybersecurity programs and policies
BOOK CHAPTER [Extracted from] Cybersecurity framework. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]72 - 102

Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER Best practices, standards, and a plan of action. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]3 - 28

Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Extracted from] Security governance. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]50 - 56

Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Exctacted from] Information risk assessment. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]75 - 80

Effective cybersecurity : understanding and using standards and best practices
BOOK CHAPTER [Extracted from] Threat and incident management. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]558 - 597
Complete Check holdings

Securing an IT Organization through Governance, Risk Management, and Audit
BOOK CHAPTER Cybersecurity Risk Management. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications 20163 - 29

Beginning Ethical Hacking with Kali Linux
BOOK CHAPTER Information Assurance Model. Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

Module 1
At the nexus of cybersecurity and public policy : some basic concepts and issues. Clark, David,; Berson, Thomas,; Lin, Herbert S.,Washington, District of Columbia :The National Academies Press2014.Total Pages 1 online resource (149 p.)

Module 1

North Korean hackers target coronavirus vaccine developers. CNN Nine News28 November, 2020

'State actor' makes cyber-attack on Australian political parties. Michelle Grattan The Conversation18 February 2019

National Vulnerability Database. National Institute of Standards and Technology

Threat update: COVID-19 malicious cyber activity. Australian Cyber Security Centre Australian Signals Directorate20 April 2020

Common Vulnerabilities and Exposures

 Module 2
ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security Centre Australian Signals Directorate2020

Australian community attitudes to privacy survey 2017. Office of the Australian Information CommissionerAustralian Government14 May 2017

Module 3
ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security CentreAustralian Signals Directorate, 2020

Diagnosing the healthcare sector's cybersecurity ailments in 2020

The cyber threat impact of COVID-19 to global business. IntSights, IntSights Defend Forward, 2020

An exercise in cyber-crime incident response. 

Cybersecurity - Attack and Defense Strategies. Diogenes, Yuri,Ozkaya, Erdal,1st edition, Birmingham Packt Publishing, 2018.

Module 4
Securing an IT Organization through Governance, Risk Management, and Audit. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications20163 - 29

Australian Government Information Security Manual. Australian Cyber Security CentreAustralian Signals DirectorateFebruary 2021

ACSC Annual Cyber Threat Report July 2019 to June 2020. 

ISO 31000:2018(en) Risk management — Guidelines

Framework for Improving Critical Infrastructure Cybersecurity

Cybersecurity Risk Management Framework (RMF)

Case study: Making future defence bases safer and smarter. Cyber Security Cooperative Research Centre
Complete

Case study: Threat hunting in critical infrastructure. Cyber Security Cooperative Research Centre

Australian agriculture start-ups making their mark in data science. Department of Industry, Science, Energy and ResourcesDecember 2018

Module 5
A Model of Information Assurance Benefits. Ezingeard, Jean-Noël ; McFadzean, Elspeth ; Birchall, DavidInformation systems management22(2)2005-03-0120 - 29

Fundamental Concepts of IT Security Assurance

Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel. Dittmer, J

Ransomware Case Studies & Forensics Analysis

An Introduction to Information Security. Note: NIST Special Publication 800-12Revision 1

ISO/IEC TR 15443-1:2012(en)

Security policy framework: protecting government assets

Verizon 2020 Data Breach Investigations Report

Beginning Ethical Hacking with Kali Linux, Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

Security Management Systems, Harmening, James2014Total Pages 47-55

Module 6
Case study: third-party cyber risk assessment velocity increased 400%. Imarn Jaswal, Shay Colson & Brian TwardoskiKroll16 May 2019

Deloitte Digital case study: secure cyber. Deloitte

NIST cybersecurity framework : a pocket guide. Calder, Alan,Cambridgeshire :IT Governance Publishing[2018]Total Pages 1 online resource (78 pages)

Uses and Benefits of the Framework

Helping organizations to better understand and improve their management of cybersecurity risk

Cyber security

Australian Government Information Security Manual (ISM)

The Protective Security Policy Framework

CERT Australia

The Royal Australian College of General Practitioners (RACGP)

ISO/IEC 27001:2013

COBIT® 5

NIST SP 800-53 Revision 4

ISA 62443-3-3:2013 (ISA 62443)

Centre for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CSC)

MQTT and the NIST Cybersecurity Framework Version 1.0. Note: Please read Appendix A: Example Implementation.

The Cybersecurity Framework in action: an Intel use case

Cybersecurity in digital transformation : scope and applications. Möller, Dietmar,1st ed. 2020.Cham, Switzerland :Springer[2020]Total Pages 1 online resource (XIX, 114 p. 22 illus.)

This course is 100% online. Within the parameters of weekly requirements, course activity is conducted as self-paced learning.

Module 1
Complete practice quizzes to check your understanding of key concepts
Participate in discussions with other students around activities and findings
Participate in a tutorial to engage with this week’s content
Complete the Self-Diagnostic Report, which forms Part A of Assessment 1.

Module 2
Watch an introductory video on information risk assessment
Consider thinking points and record your responses as new concepts are introduced to apply these to your own workplace or industry
Complete a series of activities and discussions on risk assessment, engaging with and responding to your peers
Participate in a Zoom session to carry out a risk assessment in a real-life setting.

Module 3
Watch a video detailing how government agencies believe China is behind ongoing cyber attacks on Australian institutions to give you a Perspective of cyber threats, and help you prepare for Assessment 1 and 2
Read and analyse key reports in the cyber-security sector
Research and analyse real-world cyber events and incidents
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts.

Module 4
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Research and analyse real-world cyber events and incidents.

Module 5
Participate in discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Analyse case studies and apply information assurance principles.

Module 6
Participate in activities and discussions based on your reading and analysis of key issues
Complete practice quizzes to check your understanding of key concepts
Analyse real-world cyber events and incidents.

Assessment 1
Part A - Self-Diagnostic Report
Due: Due end of Week 1, Sunday 11.59 pm
Percentage of grade: 5%

Part B - Research Report
Due: Due end of Week 3, Sunday 11.59 pm
Percentage of grade: 15%

Assessment 2: Investigation of Information Risk Management Frameworks
Due: Due end of Week 4, Sunday 11.59 pm
Percentage of grade: 40%

Assessment 3: Develop an Information Security Framework
Due: Due end of Week 6, Sunday 11.59 pm
Percentage of grade: 40%

Each assessment task will have an 'Assessment task discussion board' to post your questions about the assessment. Your tutor will host a Zoom session specifically addressing the assessment in the week preceding the assessment due date. All assessments adhere to the University of Adelaide Assessment for Coursework Programs PolicyLinks to an external site. When you submit an assessment via the online submission page, you declare that your submission is entirely your own work.

Assessment 1
Part A - Self-Diagnostic Report
Your task is to write a 250- to 500-word report that addresses the following question: If security is important for a modern-day interconnected society, what risks, threats and controls are unique to cyber security?
When answering the above question, you may choose to draw on the following thinking points:

Do you agree/disagree with the proposition that security is important to an interconnected society? Why/why not?
From your analysis, have you identified risks, threats and controls that you deem unique to cyber security? If so, what are they and why are they unique?

Due: Due end of Week 1, Sunday 11.59 pm
Percentage of grade: 5%

Part B - Research Report
Your task is to write an 800-word research report that addresses the following question: How do cyber-security threats and vulnerabilities affect information security risk assessment?

When answering the above question, you may choose to draw on some or all of the following thinking points:
Given the prevalence of cyber threats, what factors shape an individual’s choices when navigating interconnected technologies?
What are the most common cyber threats?
Who are common threat actors, and what are their motivations?
What are the unique factors that influence senior management’s commitment to managing information security risk?

Due: Due end of Week 3, Sunday 11.59 pm
Percentage of grade: 15%

Assessment 2: Investigation of Information Risk Management Frameworks
You are required to research and critically analyse two or more risk management frameworks and submit a research report articulating your findings. Your task is to provide this client with a well-considered report and provide recommendations. Consider the following as you develop your report:
Cyber risks are likely to affect an organisation
Common strategies can organisations employ to manage such risks.
Factors likely to influence the choice of risk management frameworks?
Similarities and differences among risk management frameworks
Strengths and weaknesses of each framework? For example, you may consider the business type or domain, which framework is most/least suitable to a particular environment, etc.

Due: Due end of Week 4, Sunday 11.59 pm
Percentage of grade: 40%

Assessment 3: Develop an Information Security Framework
Based on your knowledge of cyber threats, risks and controls, and risk assessment (Assessment 1), the analysis of risk management frameworks (Assessment 2) and your knowledge of cyber-security frameworks, you are to develop a cyber-security risk management program for one of Australimatrix’s clients. This should provide the basis for an organisation-wide cyber-security awareness strategy
that:
Has the least impact to the business
Utilises fewer resources
Aligns with industry standards
Provides a quantitative/qualitative view of risk
Can be standardised
Integrates existing tools and capabilities
Provides specific and actionable recommendations.

Due: Due end of Week 6, Sunday 11.59 pm
Percentage of grade: 40%

Counselling for Fully Online Postgraduate Students

Fully online students can access counselling services here:

Phone: 1800 512 155 (24/7) 

SMS service: 0439 449 876 (24/7) 

Email: info@assureprograms.com.au

Go to the Study Smart Hub to learn more, or speak to your Student Success Advisor (SSA) on 1300 296 648 (Monday to Thursday, 8.30am–5pm ACST/ACDT, Friday, 8.30am–4.30pm ACST/ACDT)