Course coordinator
Dr Alex Pudmenzky
Consultation hours and zoom link can be found on blackboard
Course overview
- Study period
- Semester 2, 2024 (22/07/2024 - 18/11/2024)
- Study level
- Undergraduate
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
A managerial perspective of controls and audit procedures associated with preserving authenticity, accuracy, completeness, timeliness and privacy of business electronic transactions over the Internet; quality assurance for electronic commerce/online business applications for business managers.
This introductory course is designed to give you an overview of business information security. Effective information security is an absolute requirement for all businesses seeking the trust of current and potential clients/customers. All business professionals, regardless of specialisation (i.e., accounting, marketing, finance, management), must have an awareness of information security and must contribute to an effective business information security process within organisations.
Course requirements
Assumed background
As this course is an introduction to Information Security, no prior knowledge is assumed.
Before attempting this course, students are advised that it is important to complete the appropriate prerequisite course(s) listed on the front of this course profile. No responsibility will be accepted by the School of Business, the Faculty of Business, Economics and Law or the University of Queensland for poor student performance occurring in courses where the appropriate prerequisite(s) has/have not been completed, for any reason whatsoever.
Prerequisites
You'll need to complete the following courses before enrolling in this one:
BISM2207 or 8 units of BInfTech courses
Incompatible
You can't enrol in this course if you've already completed the following:
BISM7213 or MGTS3205 or 7213
Restrictions
Quota: Minimum of 15 enrolments
Course contact
Course staff
Lecturer
Dr Alex Pudmenzky
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
- Your full name
- Your student ID
- The course codeᅠ
Aims and outcomes
This course aims to introduce students to the theory and practice underpinning business information security.ᅠ Information security challenges and solutions are discussed via an overall framework comprising several major areas: confidentiality, integrity, availability, authentication, and non-repudiation. ᅠThese areas are then operationalized within a business context of risk management and business continuity management. ᅠFinally, risk management and business continuity management are considered via a practical analysis of a major international security standard: Payment Card Industry – Data Security Standard (PCI-DSS).
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Appreciate the overall context and need for information security within a business environment.
LO2.
Analyse security issues and propose security policies in terms of the fundamental security goals of confidentiality, integrity, authentication, availability, and non-repudiation.
LO3.
Understand and utilise the critical importance of risk management and continuity management in driving the overall business information security towards tangible continuous improvement.
LO4.
Analyse, evaluate and plan the deployment of the major technological controls that are relevant within business information security.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Tutorial/ Problem Set | Assignment 1 - Security Topic Analysis | 40% Individual |
2/09/2024 3:00 pm |
| Tutorial/ Problem Set | Assignment 2 - Security Topic Analysis | 60% Individual |
4/11/2024 3:00 pm |
Assessment details
Assignment 1 - Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 40% Individual
- Due date
2/09/2024 3:00 pm
- Learning outcomes
- L01, L02, L03
Task description
The assignment will comprise a series of analysis questions that focus on the course material covered from lecture 1 to lecture 5.
The student response to each question cannot exceed 300 words.
The assignment will be individually completed by each student.
We shall introduce and discuss this assignment in lecture 1 (and subsequent lectures) it will also be available via the Course Blackboard site.
The assignment is to be completed and submitted via both Blackboard link and Turnitin link (marks will be released on blackboard only).
This assessment task evaluates students' abilities, skills and knowledge without the aid of Artificial Intelligence (AI). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
The assignment must be submitted electronically via both the course Blackboard assessment link and Turnitin link.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
10% of maximum mark per 24 hours (or part thereof)
See the following link for more information Link to UQ Assessment Procedure - see clause (48)
Assignment 2 - Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 60% Individual
- Due date
4/11/2024 3:00 pm
- Learning outcomes
- L01, L02, L04
Task description
The assignment will comprise a series of critical analysis questions that focus on the course material covered across the course. The word limit for a student response to each question is 300 words. The assignment will be individually completed by each student.
This assignment 2 will be available via the course Blackboard site after all assignment 1 questions have been released. The assignment is to be completed and submitted via both Blackboard link and Turnitin link (marks will be released on blackboard only).
We shall introduce and discuss this assignment in the relevant lecture (and subsequent lectures).
This assessment task evaluates students' abilities, skills and knowledge without the aid of Artificial Intelligence (AI). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
The assignment must be submitted electronically both via the course Blackboard assessment link and Turnitin link.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
10% of maximum mark per 24 hours (or part thereof)
See the following link for more information Link to UQ Assessment Procedure - see clause (48)
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Additional learning resources information
Sustainable Development Goals
This course integrates the following Sustainable Development Goals through lectures and assessment.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Lecture |
Introduction to Information Security We introduce the concept of information security and the fundamental view we shall use to analyse this topic. Learning outcomes: L01, L02 |
Week 2 |
Tutorial |
Tutorial 1 - An Intro to Information Security Information Security Discussion 1 - An Introduction to Information Security and passwords. Learning outcomes: L01, L02 |
Lecture |
The Need for Security / Legal and Ethical Issues We discuss the need for information security - types of security threats. We introduce a range of Australian IT related laws and the advantages/disadvantages these pose. Learning outcomes: L01, L02 |
|
Week 3 |
Tutorial |
Tutorial 2 - The Need for Security Information Security Discussion 2 - Review questions cover The Need for Security and the topic of phishing. Learning outcomes: L01, L02 |
Lecture |
Planning for Security We discuss management's role in the development, maintenance, and enforcement of information security policy and standards. We explain what an information security blueprint is in the context of the ISO 27000 series. We introduce contingency planning. Learning outcomes: L01, L02 |
|
Week 4 |
Tutorial |
Tutorial 3 - Planning for Security Information Security Discussion 3 - We cover the role of management, ISO 27000, contingency planning and network scanning. Learning outcomes: L01, L02 |
No student involvement (Breaks, information) |
Ekka Day Public Holiday (Content presented next week) |
|
Week 5 |
Tutorial |
Tutorial 4 - Risk Management I Information Security Discussion 4 - Review questions cover Risk Management (Part 1) and key loggers. Learning outcomes: L01, L03 |
Lecture |
Risk Management (Part 1 and Part 2) In the first part, we focus on defining risk management and its role in the organisation. We describe risk management techniques to identify and prioritise risk factors for assets. We explain how risk is assessed. In the second part, we discuss strategy options used to treat risk. We formulate a cost-benefit analysis (CBA) using existing conceptual frameworks. We describe popular methodologies used in business to manage risk. Learning outcomes: L01, L03 |
|
Week 6 |
Tutorial |
Tutorial 5 - Risk Management II Information Security Discussion 5 - Review questions cover Risk Management (Part 2) and numerals and numerical systems. Learning outcomes: L01, L03 |
Lecture |
Cryptography (Part 1) We consider two major encryption paradigms - symmetric key and public key cryptography - their operational strengths and challenges. Learning outcomes: L01, L04 |
|
Week 7 |
Tutorial |
Tutorial 6 - Cryptography I Information Security Discussion 6 - Review questions cover Cryptography (Part 1) - symmetric key and public key cryptography and the deep web. Learning outcomes: L01, L04 |
Lecture |
Cryptography (Part 2) We consider the commercial applications of cryptography - hybrid security applications for the Web and Email. We also consider other important applications such as digital signatures. Learning outcomes: L01, L02, L04 |
|
Week 8 |
Tutorial |
Tutorial 7 - Cryptography II Information Security Discussion 7 - Review questions cover Cryptography (Part 2) - commercial applications of cryptography and SQL Injections, Threat Maps & Honeypots. Learning outcomes: L01, L02, L04 |
Lecture |
Security Technology (Firewalls, Proxys and the DMZ - Part 1) A business analysis of major types of security controls - operational approaches and positioning within the business network. Learning outcomes: L01, L02, L03, L04 |
|
Week 9 |
Tutorial |
Tutorial 8 - Security Technology I Information Security Discussion 8 - Review questions cover major types of security controls including firewalls. Learning outcomes: L01, L02, L03, L04 |
Lecture |
Security Technology (Intrusion Detection - Part 2) Consideration of the role of intrusion detection systems - placement and operational approaches. We analyse how intrusion detection systems (IDS) provide 'defence in depth' for the modern business. Learning outcomes: L01, L02, L03, L04 |
|
Mid Sem break |
No student involvement (Breaks, information) |
No Lecture/Tutorials (Mid-Semester Break) No Lectures or tutorials during in-semester break. |
Week 10 |
Tutorial |
Tutorial 9 - Security Technology II Information Security Discussion 9 - Review questions cover Intrusion detection systems (IDS, Kerberos & Kerberos/TLS contrast). Learning outcomes: L01, L02, L03, L04 |
Lecture |
PCI DSS Discussion & Analysis A 'capstone' analysis of the Payment Card Industry Data Security Standard (PCI DSS). A contractually obligatory standard for any business storing, forwarding or processing in-house credit card data for Visa, Mastercard, and Amex. Learning outcomes: L01, L03, L04 |
|
Week 11 |
Tutorial |
Tutorial 10 - PCI DSS Information Security Discussion 10 - Review questions cover the Payment Card Industry Data Security Standard (PCI DSS). Learning outcomes: L01, L03, L04 |
Lecture |
Blockchain - Theory & Practice We analyse the blockchain application. Discussion of the blockchain as it underpins bitcoin (crypto-currency). We focus on its architecture, benefits, challenges, and how it implements hashing and cryptography. A business analysis of the variety of blockchain management paradigms that have emerged in business. Learning outcomes: L01, L03, L04 |
|
Week 12 |
Tutorial |
Tutorial 11 - Blockchain Information Security Discussion 11 - Review questions cover Blockchain and Network Traffic Analysis. Learning outcomes: L01, L03, L04 |
Lecture |
Security Maintenance We focus on security auditing and security testing as part of managing and operating the ongoing security program. Learning outcomes: L01, L04 |
|
Week 13 |
Tutorial |
Tutorial 12 - Q&A session Information Security Discussion 11 - Review questions cover security auditing, security testing and PCI DSS. Q&A session for assignment 2. Learning outcomes: L01, L02, L03, L04 |
Lecture |
Recap and Q&A session We review the series of seminars. A good opportunity for students to ensure their assignment 2 submission is of a high standard. Learning outcomes: L01, L02, L03, L04 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.