Year
2024Credit points
10Campus offering
Prerequisites
Nil
Incompatible
ITEC640 Information Systems Security
Teaching organisation
150 hours over a twelve-week semester or equivalent study period
Unit rationale, description and aim
This unit will cover the importance of cyber security, security threats, risk analysis and mitigation techniques. The unit demonstrates the basic cyber security concepts, security tools, cryptographic schemes, and the common architectures used as industry standards. Students will learn how to defend against cyber threats and attacks and study existing techniques for managing and mitigating security issues and maintaining the working environment. This unit introduces the broad discipline of cyber security and outlines how to ensure data confidentiality, privacy, integrity, authenticity, and availability of information. It also covers social, ethical, and legal issues in cyber-space to understand how cyber security affects legal compliance and solidarity in communities and society. The aim of this unit is to provide students with essential background knowledge in cyber security and develop practical skills, that will help them to understand advanced cyber security topics.
Learning outcomes
To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.
Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.
Explore the graduate capabilities.
Learning Outcome Number | Learning Outcome Description | Relevant Graduate Capabilities |
---|---|---|
LO1 | Synthetise vulnerabilities and potential security threats to information systems and analyse their consequences in real world scenarios in collaboration with peers | GC1, GC2, GC4, GC7 |
LO2 | Apply appropriate security tools to safeguard data, systems and networks from malicious attacks | GC1, GC2, GC8 |
LO3 | Critically evaluate the consequences of security threats in an organisation and propose appropriate security countermeasures to minimise the impacts or likelihood of risks. | GC1, GC2, GC7, GC8 |
LO4 | Appraise the impact of cyber security threats across societies and national borders | GC1, GC2, GC6, GC7 |
Content
Topics will include:
- Introduction to cyber security
- Cybersecurity cube (Multimode only)
- Threats, vulnerabilities, attacks
- Protecting secrets
- Risk assessment and management
- Ensuring Integrity
- Access control
- Protecting a CS domain (Multimode only)
- Becoming a CS specialist (Multimode only)
- Legal, privacy and ethical issues
- Impacts of cyber attacks
Learning and teaching strategy and rationale
Multimode
This unit will be delivered in multimode over a twelve-week semester or equivalent study period. Students will have access to all primary learning materials online, along with formative and summative assessments, all of which will be available online, to provide a learning experience beyond the classroom. While there are no formal classroom lectures for this unit, students will be required to attend weekly three-hour workshops, which will include a seminar and specific tasks related to achievement of the unit learning outcomes. Workshops facilitate learning by doing, which is particularly effective for information technology units as technical skills can be better learned through hands on practices.
ACU Online
This unit uses an active learning approach to support students in the exploration of knowledge essential to the discipline. Students are provided with choice and variety in how they learn. Students are encouraged to contribute to asynchronous weekly discussions. Active learning opportunities provide students with opportunities to practice and apply their learning in situations similar to their future professions. Activities encourage students to bring their own examples to demonstrate understanding, application and engage constructively with their peers. Students receive regular and timely feedback on their learning, which includes information on their progress.
Assessment strategy and rationale
A range of assessment procedures will be used to meet the unit learning outcomes and develop graduate attributes consistent with University assessment requirements. The first assessment provides students with an opportunity to apply their theoretical knowledge and gain practical skills. In assessment task 2, students will critically analyse a recent security breach and investigate the cause of breach and will also apply their knowledge to propose an appropriate security solution. The last assessment provides students with an opportunity to apply theoretical knowledge and assess risk for a cyber physical system using standard risk analysis models.
To pass this unit, students must demonstrate competence in all learning outcomes and achieve an aggregate mark of at least 50%. Marking will be in accordance with a rubric specifically developed to measure students’ level of achievement of the learning outcomes for each item of assessment. Students will be awarded a final grade which signifies their overall achievement in the unit.
Overview of assessments
Multimode
Brief Description of Kind and Purpose of Assessment Tasks | Weighting | Learning Outcomes |
---|---|---|
Task 1: Lab assessment This assessment consists of a series of weekly lab exercises where students are required to apply different security tools and techniques to solve practical problems. The feedback from this assessment will help students to be ready to apply the concepts in other two assessments. Submission Type: Individual Assessment Method: Lab Practical task Artefact: Source Code/Lab report | 20% | LO1, LO2, LO3, LO4 |
Task 2: Report on a recent data breach The purpose of this task is to assess students’ critical thinking and reflective analysis of contemporary cyber security issues. This report has to be written based on a recent cyber-attack. Students will learn how to write a scientific report and format it using the IEEE template. Submission Type: Group Assessment Method: Scientific report Artefact: Written report (1500 words) | 30% | LO1, LO2 |
Task 3: Report on threat classification & risk assessment Students are expected to write a report reflecting their critical analysis on threat classification and risk assessment. In this task, they have to use STRIDE and DREAD security models to identify risk factors of an IT or information system. In addition, they need to critically analyse the impact of cybersecurity threats across societies and national borders. The purpose of this assessment is to assess students’ critical and analytical ability to delve into complex concepts about cyber security through reflection and collaboration. Submission Type: Individual Assessment Method: Written Report Artefact: Written report (2000 words) | 50% | LO3, LO4 |
Online
Brief Description of Kind and Purpose of Assessment Tasks | Weighting | Learning Outcomes |
---|---|---|
Task 1: Practical Exercises This assessment consists of a series of practical exercises where students are required to apply different security tools and techniques to solve practical problems. The exercises will be collated by students and submitted as a single file. Submission Type: Individual Assessment Method: Practical tasks Artefact: Answers/report | 20% | LO1, LO2, LO3, LO4 |
Task 2: Report on a recent data breach The purpose of this task is to assess students’ critical thinking and reflective analysis of contemporary cyber security issues. This report has to be written based on a recent cyber-attack. Students will learn how to write a scientific report and format it using the IEEE template. Submission Type: Individual Assessment Method: Scientific report Artefact: Written report (1500 words) | 30% | LO1, LO2 |
Task 3: Report on threat classification & risk assessment Students are expected to write a report reflecting their critical analysis on threat classification and risk assessment. In this task, they have to use STRIDE and DREAD security models to identify risk factors of an IT or information system. In addition, they need to critically analyse the impact of cybersecurity threats across societies and national borders. The purpose of this assessment is to assess students’ critical and analytical ability to delve into complex concepts about cyber security through reflection and collaboration. Submission Type: Individual Assessment Method: Written Report Artefact: Written report (2000 words) | 50% | LO3, LO4 |
Representative texts and references
Stallings W, 2020, Cryptography & Network Security: Principles and Practice, 8th edn, Pearson US.
Stallings W & Brown L, 2018, Computer Security: Principle and Practice, 4th Edn, Pearson US.
Anderson, R 2020, Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd edn, Wiley.
Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.
Charles J. Brooks, Philip Craig, Donald Short, Cybersecurity Essentials, SYBEX, 2017.
Whitman, M & Mattord, H 2016, Principles of Information Security, 5th edn, Cengage, Boston.