Course overview
- Study period
- Semester 2, 2025 (28/07/2025 - 22/11/2025)
- Study level
- Undergraduate
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
A managerial perspective of controls and audit procedures associated with preserving authenticity, accuracy, completeness, timeliness and privacy of business electronic transactions over the Internet; quality assurance for electronic commerce/online business applications for business managers.
This introductory course is designed to give you an overview of business information security. Effective information security is an absolute requirement for all businesses seeking the trust of current and potential clients/customers. All business professionals, regardless of specialisation (i.e., accounting, marketing, finance, management), must have an awareness of information security and must contribute to an effective business information security process within organisations.
Sustainable Development Goals - UQ Business School is a proud supporter and Advanced Signatory of the United Nations Principles for Responsible Management Education (UN PRME). As part of the largest global collaboration between business schools and the UN, the school emphasises its role in empowering students to drive societal transformation through the Sustainable Development Goals. The SDGs highlight that a thriving economy relies on a healthy environment, aiming to balance economic growth, social well-being, and environmental protection for a sustainable future.
Course requirements
Assumed background
As this course is an introduction to Information Security, no prior knowledge is assumed.
Prerequisites
You'll need to complete the following courses before enrolling in this one:
BISM2207 or 8 units of BInfTech courses
Incompatible
You can't enrol in this course if you've already completed the following:
BISM7213 or MGTS3205 or 7213
Restrictions
Quota: Minimum of 15 enrolments
Course contact
Course staff
Lecturer
Dr Yao Zhao
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
- Your full name
- Your student ID
- The course codeᅠ
Aims and outcomes
This course aims to introduce students to the theory and practice underpinning business information security. Information security challenges and solutions are discussed via an overall framework comprising several major areas: confidentiality, integrity, availability, authentication, and non-repudiation. These areas are then operationalized within a business context of risk management and business continuity management. ᅠFinally, risk management and business continuity management are considered via a practical analysis of a major international security standard: Payment Card Industry – Data Security Standard (PCI-DSS).
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Appreciate the overall context and need for information security within a business environment.
LO2.
Analyse security issues and propose security policies in terms of the fundamental security goals of confidentiality, integrity, authentication, availability, and non-repudiation.
LO3.
Understand and utilise the critical importance of risk management and continuity management in driving the overall business information security towards tangible continuous improvement.
LO4.
Analyse, evaluate and plan the deployment of the major technological controls that are relevant within business information security.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Essay/ Critique | Essay: Security Case Analysis | 30% |
8/09/2025 3:00 pm |
| Tutorial/ Problem Set | Assignment: Security Topic Analysis | 30% |
27/10/2025 3:00 pm |
| Examination |
Final Course Exam
|
40% |
End of Semester Exam Period 8/11/2025 - 22/11/2025 |
Assessment details
Essay: Security Case Analysis
- Mode
- Written
- Category
- Essay/ Critique
- Weight
- 30%
- Due date
8/09/2025 3:00 pm
- Learning outcomes
- L01, L02, L03
Task description
The essay will be completed individually by each student.
The essay will comprise security case analysis that focuses on the course material covered during the first five seminars.
We shall introduce and discuss this essay in the relevant seminar.
AI Statement
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT.
A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment: Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 30%
- Due date
27/10/2025 3:00 pm
- Learning outcomes
- L01, L02, L04
Task description
The assignment will be individually completed by each student.
The assignment will comprise a series of analysis questions that focus on the course material covered across the semester.
We shall introduce and discuss this assignment in the relevant seminar.
AI Statement
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT.
A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 14 days. Extensions are given in multiples of 24 hours.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Final Course Exam
- Identity Verified
- In-person
- Mode
- Written
- Category
- Examination
- Weight
- 40%
- Due date
End of Semester Exam Period
8/11/2025 - 22/11/2025
- Other conditions
- Secure.
- Learning outcomes
- L01, L02, L03, L04
Task description
The end of course exam will comprise a series of questions that focus on the course material covered across the course.
The exam will include multiple choice questions and may also feature conceptual short questions and/or scenario-based analysis questions.
We shall discuss this exam details in the relevant lecture.
AI Statement:
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) or Machine Translation (MT) tools will not be permitted. Any attempted use of Generative AI or MT may constitute student misconduct under the Student Code of Conduct.
Exam details
| Planning time | 10 minutes |
|---|---|
| Duration | 90 minutes |
| Calculator options | Any calculator permitted |
| Open/closed book | Closed book examination - no written materials permitted |
| Exam platform | Paper based |
| Invigilation | Invigilated in person |
Submission guidelines
Deferral or extension
You may be able to defer this exam.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Additional learning resources information
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Lecture |
Introduction to Information Security We introduce the concept of information security and the fundamental view we shall use to analyse this topic. Learning outcomes: L01, L02 |
Week 2 |
Tutorial |
Tutorial 1 - An Intro to Information Security Information Security Discussion 1 - An Introduction to Information Security. Learning outcomes: L01, L02 |
Lecture |
The Need for Security / Legal and Ethical Issues We discuss the need for information security - types of security threats. We introduce a range of Australian IT related laws and the advantages/disadvantages these pose. Learning outcomes: L01, L02 |
|
Week 3 |
Tutorial |
Tutorial 2 - The Need for Security Information Security Discussion 2 - Review questions cover The Need for Security. Learning outcomes: L01, L02 |
Lecture |
Planning for Security We discuss management's role in the development, maintenance, and enforcement of information security policy and standards. We explain what an information security blueprint is in the context of the ISO 27000 series. We introduce contingency planning. Learning outcomes: L01, L02 |
|
Week 4 |
Tutorial |
Tutorial 3 - Planning for Security Information Security Discussion 3 - Review questions cover Planning for Security. Learning outcomes: L01, L02 |
Lecture |
Risk Management (Part 1) In the first part, we focus on defining risk management and its role in the organisation. We describe risk management techniques to identify and prioritise risk factors for assets. We explain how risk is assessed. Learning outcomes: L01, L03 |
|
Week 5 |
Tutorial |
Tutorial 4 - Risk Management I Information Security Discussion 4 - Review questions cover Risk Management (Part 1). Learning outcomes: L01, L03 |
Lecture |
Risk Management (Part 2) In the second part, we discuss strategy options used to treat risk. We formulate a cost-benefit analysis (CBA) using existing conceptual frameworks. We describe popular methodologies used in business to manage risk. Learning outcomes: L01, L03 |
|
Week 6 |
Tutorial |
Tutorial 5 - Risk Management II Information Security Discussion 5 - Review questions cover Risk Management (Part 2). Learning outcomes: L01, L03 |
Lecture |
Cryptography (Part 1) We consider two major encryption paradigms - symmetric key and public key cryptography - their operational strengths and challenges. Learning outcomes: L01, L04 |
|
Week 7 |
Tutorial |
Tutorial 6 - Cryptography I Information Security Discussion 6 - Review questions cover Cryptography (Part 1). Learning outcomes: L01, L04 |
Lecture |
Cryptography (Part 2) We consider the commercial applications of cryptography - hybrid security applications for the Web and Email. We also consider other important applications such as digital signatures. Learning outcomes: L01, L02, L04 |
|
Week 8 |
Tutorial |
Tutorial 7 - Cryptography II Information Security Discussion 7 - Review questions cover Cryptography (Part 2). Learning outcomes: L01, L02, L04 |
Lecture |
Security Technology (Firewalls, Proxys and the DMZ - Part 1) A business analysis of major types of security controls - operational approaches and positioning within the business network. Learning outcomes: L01, L02, L03, L04 |
|
Week 9 |
Tutorial |
Tutorial 8 - Security Technology I Information Security Discussion 8 - Review questions cover Security Technology (Firewalls, Proxys and the DMZ - Part 1). Learning outcomes: L01, L02, L03, L04 |
Lecture |
Security Technology (Intrusion Detection - Part 2) Consideration of the role of intrusion detection systems - placement and operational approaches. We analyse how intrusion detection systems (IDS) provide 'defence in depth' for the modern business. Learning outcomes: L01, L02, L03, L04 |
|
Mid Sem break |
No student involvement (Breaks, information) |
In-Semester Break No Lectures or tutorials during in-semester break. |
Week 10 |
Tutorial |
Tutorial 9 - Security Technology II Information Security Discussion 9 - Review questions cover Security Technology (Intrusion Detection - Part 2). Learning outcomes: L01, L02, L03, L04 |
Lecture |
PCI DSS Discussion & Analysis A 'capstone' analysis of the Payment Card Industry Data Security Standard (PCI DSS). A contractually obligatory standard for any business storing, forwarding or processing in-house credit card data for Visa, Mastercard, and Amex. Learning outcomes: L01, L03, L04 |
|
Week 11 |
Tutorial |
Tutorial 10 - PCI DSS Information Security Discussion 10 - Review questions cover PCI DSS. Learning outcomes: L01, L03, L04 |
Lecture |
Blockchain - Theory & Practice We analyse the blockchain application. Discussion of the blockchain as it underpins bitcoin (crypto-currency). We focus on its architecture, benefits, challenges, and how it implements hashing and cryptography. A business analysis of the variety of blockchain management paradigms that have emerged in business. Learning outcomes: L01, L03, L04 |
|
Week 12 |
Tutorial |
Tutorial 11 - Blockchain Information Security Discussion 11 - Review questions cover Blockchain. Learning outcomes: L01, L03, L04 |
Lecture |
Security Maintenance We focus on security auditing and security testing as part of managing and operating the ongoing security program. Learning outcomes: L01, L04 |
|
Week 13 |
Tutorial |
Tutorial 12 - Q&A session Information Security Discussion 11 - Q&A session for exam. Learning outcomes: L01, L02, L03, L04 |
Lecture |
Recap & Get Ready for the Exam We review the series of seminars. Q&A session for exam. Learning outcomes: L01, L02, L03, L04 |
Additional learning activity information
Sustainable Development Goals
This course integrates the following Sustainable Development Goals through lectures and assessment.
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments for Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.