COMMGMT 7025OL - Information Risks, Threats & Controls (M)

Online - Online Teaching 5 - 2022

The course Information Risks, Threats, & Controls consider a broad perspective of organisational vulnerabilities of the digital age, including Enterprise Risk Assessment. Topics addressed include recognition, analysis, and synthesis of risks, threats, and vulnerabilities, and measures to mitigate them, including policy, control, and implementation. Risk management and assurance are critical to all aspects of all businesses and on a broad level. While this course acknowledges the need to recognise and analyse risks, threats, and vulnerabilities across and within the various disciplinary structures of an organisation, (including fiscal risk, brand and reputation, production, operations, legal, and OH&S) it does so from the perspective of the responsibility for Information and Cyber Security plans to support and ensure the risk management of other departments and disciplines. The focus, throughout, is specifically on Information & Cyber Security and Data Privacy.

  • General Course Information
    Course Details
    Course Code COMMGMT 7025OL
    Course Information Risks, Threats & Controls (M)
    Coordinating Unit Adelaide Business School
    Term Online Teaching 5
    Level Postgraduate Coursework
    Location/s Online
    Units 3
    Available for Study Abroad and Exchange N
    Prerequisites COMMGMT 7023OL, COMP SCI 7210OL OR POLIS 7024OL
    Incompatible COMMGMT 2507
    Restrictions Students must be enrolled in one the following programs to undertake this course:
    Course Description The course Information Risks, Threats, & Controls consider a broad perspective of organisational vulnerabilities of the digital age, including Enterprise Risk Assessment. Topics addressed include recognition, analysis, and synthesis of risks, threats, and vulnerabilities, and measures to mitigate them, including policy, control, and implementation. Risk management and assurance are critical to all aspects of all businesses and on a broad level. While this course acknowledges the need to recognise and analyse risks, threats, and vulnerabilities across and within the various disciplinary structures of an organisation, (including fiscal risk, brand and reputation, production, operations, legal, and OH&S) it does so from the perspective of the responsibility for Information and Cyber Security plans to support and ensure the risk management of other departments and disciplines. The focus, throughout, is specifically on Information & Cyber Security and Data Privacy.
    Course Staff

    Course Coordinator: Siyakha Mthunzi

    Course Timetable

    The full timetable of all activities for this course can be accessed from Course Planner.

  • Learning Outcomes
    Course Learning Outcomes
    Code Description
    CLO 1 Effectively communicate the differences between risk, threat and vulnerabilities, how they interrelate, and the principal means of recognising them.
    CLO 2 Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes.
    CLO 3 Demonstrate different methods of conducting risk analyses and impact assessments.
    CLO 4 Detail the core requirements of an Information Risk Assurace process for an SME and for a corporation or large business.
    CLO 5 Develop an Information Security Framework for a specified business
    University Graduate Attributes

    This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:

    University Graduate Attribute Course Learning Outcome(s)

    Attribute 1: Deep discipline knowledge and intellectual breadth

    Graduates have comprehensive knowledge and understanding of their subject area, the ability to engage with different traditions of thought, and the ability to apply their knowledge in practice including in multi-disciplinary or multi-professional contexts.

    CLO 1, 2, 3, 4

    Attribute 2: Creative and critical thinking, and problem solving

    Graduates are effective problems-solvers, able to apply critical, creative and evidence-based thinking to conceive innovative responses to future challenges.

    CLO 5

    Attribute 3: Teamwork and communication skills

    Graduates convey ideas and information effectively to a range of audiences for a variety of purposes and contribute in a positive and collaborative manner to achieving common goals.

    CLO 3

    Attribute 4: Professionalism and leadership readiness

    Graduates engage in professional behaviour and have the potential to be entrepreneurial and take leadership roles in their chosen occupations or careers and communities.

    CLO 1, 2, 3, 4, 5

    Attribute 5: Intercultural and ethical competency

    Graduates are responsible and effective global citizens whose personal values and practices are consistent with their roles as responsible members of society.

    CLO 3, 4
  • Learning Resources
    Required Resources
    Stallings, W 2019, Effective cybersecurity: a guide to using best practices and standards (Links to an external site.), Addison-Wesley Professional.

    Santos, O & Greene, S 2018, Developing cybersecurity programs and policies (Links to an external site.), Pearson. 

    Online Sections
    Developing cybersecurity programs and policies
    BOOK CHAPTER Understanding cybersecurity policy and governance. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]2 - 37

    Developing cybersecurity programs and policies
    BOOK CHAPTER [Extracted from] Cybersecurity framework. in: Developing cybersecurity programs and policies by Santos, Omar,[London, United Kingdom] :Pearson Education Inc[2019]72 - 102

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER Best practices, standards, and a plan of action. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]3 - 28

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Extracted from] Security governance. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]50 - 56

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Exctacted from] Information risk assessment. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]75 - 80

    Effective cybersecurity : understanding and using standards and best practices
    BOOK CHAPTER [Extracted from] Threat and incident management. in: Effective cybersecurity : understanding and using standards and best practices by Stallings, William,Upper Saddle River, NJ :Addison-Wesley[2019]558 - 597
    Complete Check holdings

    Securing an IT Organization through Governance, Risk Management, and Audit
    BOOK CHAPTER Cybersecurity Risk Management. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications 20163 - 29

    Beginning Ethical Hacking with Kali Linux
    BOOK CHAPTER Information Assurance Model. Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

     
    Recommended Resources
    Module 1
    At the nexus of cybersecurity and public policy : some basic concepts and issues. Clark, David,; Berson, Thomas,; Lin, Herbert S.,Washington, District of Columbia :The National Academies Press2014.Total Pages 1 online resource (149 p.)

    Module 3
    Cybersecurity - Attack and Defense Strategies, Diogenes, Yuri,2018. 

    Module 4
    Cybersecurity operations handbook [electronic resource]. Rittinghouse, John W.Hancock, Bill,Amsterdam ;; Boston :Elsevier Digital Pressc2003.Total Pages 1 online resource (1331 p.)

    Module 6
    Cybersecurity in digital transformation : scope and applications. Möller, Dietmar,1st ed. 2020.Cham, Switzerland
    Online Learning
    Module 1

    North Korean hackers target coronavirus vaccine developers. CNN Nine News28 November, 2020

    'State actor' makes cyber-attack on Australian political parties. Michelle Grattan The Conversation18 February 2019

    National Vulnerability Database. National Institute of Standards and Technology

    Threat update: COVID-19 malicious cyber activity. Australian Cyber Security Centre Australian Signals Directorate20 April 2020

    Common Vulnerabilities and Exposures

     Module 2
    ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security Centre Australian Signals Directorate2020

    Australian community attitudes to privacy survey 2017. Office of the Australian Information CommissionerAustralian Government14 May 2017

    Module 3
    ACSC annual cyber threat report July 2019 to June 2020. Australian Cyber Security CentreAustralian Signals Directorate, 2020

    Diagnosing the healthcare sector's cybersecurity ailments in 2020

    The cyber threat impact of COVID-19 to global business. IntSights, IntSights Defend Forward, 2020

    An exercise in cyber-crime incident response. 

    Cybersecurity - Attack and Defense Strategies. Diogenes, Yuri,Ozkaya, Erdal,1st edition, Birmingham Packt Publishing, 2018.

    Module 4
    Securing an IT Organization through Governance, Risk Management, and Audit. Sigler, Ken E ; Rainey III, James Lin Securing an IT Organization through Governance, Risk Management, and Auditby Sigler, Ken E ; Rainey III, James LAuerbach Publications20163 - 29

    Australian Government Information Security Manual. Australian Cyber Security CentreAustralian Signals DirectorateFebruary 2021

    ACSC Annual Cyber Threat Report July 2019 to June 2020. 

    ISO 31000:2018(en) Risk management — Guidelines

    Framework for Improving Critical Infrastructure Cybersecurity

    Cybersecurity Risk Management Framework (RMF)

    Case study: Making future defence bases safer and smarter. Cyber Security Cooperative Research Centre
    Complete

    Case study: Threat hunting in critical infrastructure. Cyber Security Cooperative Research Centre

    Australian agriculture start-ups making their mark in data science. Department of Industry, Science, Energy and ResourcesDecember 2018

    Module 5
    A Model of Information Assurance Benefits. Ezingeard, Jean-Noël ; McFadzean, Elspeth ; Birchall, DavidInformation systems management22(2)2005-03-0120 - 29

    Fundamental Concepts of IT Security Assurance

    Implementing an Information Assurance Awareness Program: A case study for the Twenty Critical Security Controls at Consulting Firm X for IT Personnel. Dittmer, J

    Ransomware Case Studies & Forensics Analysis

    An Introduction to Information Security. Note: NIST Special Publication 800-12Revision 1

    ISO/IEC TR 15443-1:2012(en)

    Security policy framework: protecting government assets

    Verizon 2020 Data Breach Investigations Report

    Beginning Ethical Hacking with Kali Linux, Sinha, Sanjibin Beginning Ethical Hacking with Kali Linuxby Sinha, Sanjib. Berkeley, CAA press2018-11-30283 - 290

    Security Management Systems, Harmening, James2014Total Pages 47-55

    Module 6
    Case study: third-party cyber risk assessment velocity increased 400%. Imarn Jaswal, Shay Colson & Brian TwardoskiKroll16 May 2019

    Deloitte Digital case study: secure cyber. Deloitte

    NIST cybersecurity framework : a pocket guide. Calder, Alan,Cambridgeshire :IT Governance Publishing[2018]Total Pages 1 online resource (78 pages)

    Uses and Benefits of the Framework

    Helping organizations to better understand and improve their management of cybersecurity risk

    Cyber security

    Australian Government Information Security Manual (ISM)

    The Protective Security Policy Framework

    CERT Australia

    The Royal Australian College of General Practitioners (RACGP)

    ISO/IEC 27001:2013

    COBIT® 5

    NIST SP 800-53 Revision 4

    ISA 62443-3-3:2013 (ISA 62443)

    Centre for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense (CSC)

    MQTT and the NIST Cybersecurity Framework Version 1.0. Note: Please read Appendix A: Example Implementation.

    The Cybersecurity Framework in action: an Intel use case

    Cybersecurity in digital transformation : scope and applications. Möller, Dietmar,1st ed. 2020.Cham, Switzerland :Springer[2020]Total Pages 1 online resource (XIX, 114 p. 22 illus.)

  • Learning & Teaching Activities
    Learning & Teaching Modes

    No information currently available.

    Workload

    No information currently available.

    Learning Activities Summary

    No information currently available.

  • Assessment

    The University's policy on Assessment for Coursework Programs is based on the following four principles:

    1. Assessment must encourage and reinforce learning.
    2. Assessment must enable robust and fair judgements about student performance.
    3. Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
    4. Assessment must maintain academic standards.

    Assessment Summary

    No information currently available.

    Assessment Detail

    No information currently available.

    Submission

    No information currently available.

    Course Grading

    Grades for your performance in this course will be awarded in accordance with the following scheme:

    M10 (Coursework Mark Scheme)
    Grade Mark Description
    FNS   Fail No Submission
    F 1-49 Fail
    P 50-64 Pass
    C 65-74 Credit
    D 75-84 Distinction
    HD 85-100 High Distinction
    CN   Continuing
    NFE   No Formal Examination
    RP   Result Pending

    Further details of the grades/results can be obtained from Examinations.

    Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.

    Final results for this course will be made available through Access Adelaide.

  • Student Feedback

    The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.

    SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.

  • Student Support

    Counselling for Fully Online Postgraduate Students

    Fully online students can access counselling services here:

    Phone: 1800 512 155 (24/7) 

    SMS service: 0439 449 876 (24/7) 

    Email: info@assureprograms.com.au

    Go to the Study Smart Hub to learn more, or speak to your Student Success Advisor (SSA) on 1300 296 648 (Monday to Thursday, 8.30am–5pm ACST/ACDT, Friday, 8.30am–4.30pm ACST/ACDT)

  • Policies & Guidelines
  • Fraud Awareness

    Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student’s disciplinary procedures.

The University of Adelaide is committed to regular reviews of the courses and programs it offers to students. The University of Adelaide therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.