Course coordinator
Dr Alex Pudmenzky
Course overview
- Study period
- Semester 2, 2024 (22/07/2024 - 18/11/2024)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
A managerial perspective of controls and audit procedures associated with preserving authenticity, accuracy, completeness, timeliness and privacy of business electronic transactions over the Internet; quality assurance for electronic commerce/online business applications for business managers.
Effective information security is an absolute requirement for all businesses seeking the trust of current and potential clients/customers. Within a modern business context, it is essential that business management must exercise fundamental ownership of an effective information security process. All management must appreciate the concepts and solution strategies of information security and contribute to the accurate resourcing, operation, maintenance and improvement of these solution strategies.
Course requirements
Assumed background
As this course is an introduction to Information Security, no prior knowledge is assumed.
Before attempting this course, students are advised that it is important to complete the appropriate prerequisite course(s) listed on the front of this course profile. No responsibility will be accepted by the School of Business, the Faculty of Business, Economics and Law or the University of Queensland for poor student performance occurring in courses where the appropriate prerequisite(s) has/have not been completed, for any reason whatsoever.
Prerequisites
You'll need to complete the following courses before enrolling in this one:
BISM7206
Incompatible
You can't enrol in this course if you've already completed the following:
BISM3205 or MGTS3205 or 7213
Restrictions
Quota: Minimum of 15 enrolments
Course contact
Course staff
Lecturer
Dr Alex Pudmenzky
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff doᅠnotᅠhave access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you emailᅠbusiness.mytimetable@uq.edu.auᅠfrom your UQ student email account with the following details:
- Full name,
- Student ID, and
- the Course Code
Aims and outcomes
This course aims to introduce students to the general theory and practice underpinning business information security. Information security challenges and solutions are discussed via an overall framework comprising the following major areas: confidentiality, integrity, availability, authentication, and non-repudiation. These areas are then operationalised within a business context of risk management and business continuity management. Finally, risk management and business continuity management are considered via a practical analysis of a major international security standard.
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Appreciate the overall context and need for information security within a business environment.
LO2.
Analyse security issues and propose security policies in terms of the fundamental security goals (confidentiality, integrity, authentication, authorisation, availability, non-repudiation).
LO3.
Analyse, evaluate and apply the principles of risk management as they relate to business information security.
LO4.
Analyse, evaluate and conceptually apply the major technical controls that are relevant to business information security.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Tutorial/ Problem Set | Assignment 1: Security Topic Analysis | 40% |
2/09/2024 3:00 pm |
| Tutorial/ Problem Set | Assignment 2: Security Topic Analysis | 60% |
4/11/2024 3:00 pm |
Assessment details
Assignment 1: Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 40%
- Due date
2/09/2024 3:00 pm
- Learning outcomes
- L01, L02, L03
Task description
The assignment will be completed individually by each student.
The assignment will comprise a series of analysis questions that focus on the course material covered during the first five seminars.
The student response to each question cannot exceed 300 words. The assignment is to be completed and submitted via both Blackboard link and Turnitin link (marks will be released on blackboard only).
This assessment task evaluates students' abilities, skills and knowledge without the aid of Artificial Intelligence (AI). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
The assignment must be submitted electronically via both the course Blackboard assessment link and Turnitin link.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
10% of maximum mark per 24 hours (or part thereof)
See the following link for more information Link to UQ Assessment Procedure - see clause (48)
Assignment 2: Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 60%
- Due date
4/11/2024 3:00 pm
- Learning outcomes
- L01, L02, L04
Task description
The assignment will comprise a series of analysis questions that focus on the course material covered across the semester. The assignment will be individually completed by each student.
The word limit for a student response to each question is 300 words. This assignment 2 will be available via the course Blackboard site after all assignment 1 questions have been released.
We shall introduce and discuss this assignment in the relevant seminar (and continue to discuss in subsequent seminars). The assignment is to be completed and submitted via both Blackboard link and Turnitin link (marks will be released on blackboard only).
This assessment task evaluates students' abilities, skills and knowledge without the aid of Artificial Intelligence (AI). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
The assignment must be submitted electronically via both the course Blackboard assessment link and Turnitin link.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
10% of maximum mark per 24 hours (or part thereof)
See the following link for more information Link to UQ Assessment Procedure - see clause (48)
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Additional learning resources information
Sustainable Development Goals
This course integrates the following Sustainable Development Goals through lectures and assessment.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Seminar |
Introduction to Information Security We introduce the concept of information security and the fundamental view we shall use to analyse this topic. Learning outcomes: L01, L02 |
Week 2 |
Seminar |
The Need for Security / Legal and Ethical Issues We discuss the need for information security - types of security threats. We introduce a range of Australian IT related laws and the advantages/disadvantages these pose. Learning outcomes: L01, L02 |
Week 3 |
Seminar |
Planning for Security We discuss management's role in the development, maintenance, and enforcement of information security policy and standards. We explain what an information security blueprint is in the context of the ISO 27000 series. We introduce contingency planning. Learning outcomes: L01, L02 |
Week 4 |
Seminar |
Risk Management (Part 1) In the first part, we focus on defining risk management and its role in the organisation. We describe risk management techniques to identify and prioritise risk factors for assets. We explain how risk is assessed. Learning outcomes: L01, L03 |
Week 5 |
Seminar |
Risk Management (Part 2) In the second part, we discuss strategy options used to treat risk. We formulate a cost-benefit analysis (CBA) using existing conceptual frameworks. We describe popular methodologies used in business to manage risk. Learning outcomes: L01, L03 |
Week 6 |
Seminar |
Cryptography (Part 1) We consider two major encryption paradigms - symmetric key and public key cryptography - their operational strengths and challenges. Learning outcomes: L01, L04 |
Week 7 |
Seminar |
Cryptography (Part 2) We consider the commercial applications of cryptography - hybrid security applications for the Web and Email. We also consider other important applications such as digital signaturing. Learning outcomes: L01, L02, L04 |
Week 8 |
Seminar |
Security Technology (Firewalls, Proxys and the DMZ - Part 1) A business analysis of major types of security controls - operational approaches and positioning within the business network. Learning outcomes: L01, L02, L04 |
Week 9 |
Seminar |
Security Technology (Intrusion Detection - Part 2) Consideration of the role of intrusion detection systems - placement and operational approaches. We analyse how intrusion detection systems (IDS) provide 'defence in depth' for the modern business. Learning outcomes: L01, L02, L04 |
Mid Sem break |
Seminar |
No Seminar (In-Semester Break) No Seminars during in-semester break. |
Week 10 |
Seminar |
PCI DSS Discussion & Analysis A 'capstone' analysis of the Payment Card Industry Data Security Standard (PCI DSS). A contractually obligatory standard for any business storing, forwarding or processing in-house credit card data for Visa, Mastercard, and Amex. Learning outcomes: L01, L03, L04 |
Week 11 |
Seminar |
Blockchain - Theory & Practice We analyse the blockchain application. Discussion of the blockchain as it underpins bitcoin (crypto-currency). We focus on its architecture, benefits, challenges, and how it implements hashing and cryptography. A business analysis of the variety of blockchain management paradigms that have emerged in business. Learning outcomes: L01, L03, L04 |
Week 12 |
Seminar |
Security Maintenance We focus on security auditing and security testing as part of managing and operating the ongoing security program. Learning outcomes: L01, L04 |
Week 13 |
Seminar |
Recap - What did we learn? We review the series of seminars. A good opportunity for students to ensure their assignment 2 submission is of a high standard. Learning outcomes: L01, L02, L03, L04 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.