Course coordinator
Dr Yao Zhao
Course overview
- Study period
- Semester 2, 2025 (28/07/2025 - 22/11/2025)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
A managerial perspective of controls and audit procedures associated with preserving authenticity, accuracy, completeness, timeliness and privacy of business electronic transactions over the Internet; quality assurance for electronic commerce/online business applications for business managers.
Effective information security is an absolute requirement for all businesses seeking the trust of current and potential clients/customers. Within a modern business context, it is essential that business management must exercise fundamental ownership of an effective information security process. All management must appreciate the concepts and solution strategies of information security and contribute to the accurate resourcing, operation, maintenance and improvement of these solution strategies.
Sustainable Development Goals - UQ Business School is a proud supporter and Advanced Signatory of the United Nations Principles for Responsible Management Education (UN PRME). As part of the largest global collaboration between business schools and the UN, the school emphasises its role in empowering students to drive societal transformation through the Sustainable Development Goals. The SDGs highlight that a thriving economy relies on a healthy environment, aiming to balance economic growth, social well-being, and environmental protection for a sustainable future.
Course requirements
Assumed background
As this course is an introduction to Information Security, no prior knowledge is assumed.
Before attempting this course, students are advised that it is important to complete the appropriate prerequisite course(s) listed on the front of this course profile. No responsibility will be accepted by the School of Business, the Faculty of Business, Economics and Law or the University of Queensland for poor student performance occurring in courses where the appropriate prerequisite(s) has/have not been completed, for any reason whatsoever.
Prerequisites
You'll need to complete the following courses before enrolling in this one:
BISM7206
Incompatible
You can't enrol in this course if you've already completed the following:
BISM3205 or MGTS3205 or 7213
Restrictions
Quota: Minimum of 15 enrolments
Course contact
Course staff
Lecturer
Dr Yao Zhao
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
- Full name,
- Student ID, and
- the Course Code
Aims and outcomes
This course aims to introduce students to the general theory and practice underpinning business information security. Information security challenges and solutions are discussed via an overall framework comprising the following major areas: confidentiality, integrity, availability, authentication, and non-repudiation. These areas are then operationalised within a business context of risk management and business continuity management. Finally, risk management and business continuity management are considered via a practical analysis of a major international security standard.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Essay/ Critique | Essay: Security Case Analysis | 30% |
8/09/2025 3:00 pm |
| Tutorial/ Problem Set | Assignment: Security Topic Analysis | 30% |
27/10/2025 3:00 pm |
| Examination |
Final Course Exam
|
40% |
End of Semester Exam Period 8/11/2025 - 22/11/2025 |
Assessment details
Essay: Security Case Analysis
- Mode
- Written
- Category
- Essay/ Critique
- Weight
- 30%
- Due date
8/09/2025 3:00 pm
- Learning outcomes
- L01, L02, L03
Task description
The essay will be completed individually by each student.
The essay will comprise security case analysis that focuses on the course material covered during the first five seminars.
We shall introduce and discuss this essay in the relevant seminar.
AI Statement
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT .
A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Assignment: Security Topic Analysis
- Mode
- Written
- Category
- Tutorial/ Problem Set
- Weight
- 30%
- Due date
27/10/2025 3:00 pm
- Learning outcomes
- L01, L02, L04
Task description
The assignment will be individually completed by each student.
The assignment will comprise a series of analysis questions that focus on the course material covered across the semester.
We shall introduce and discuss this assignment in the relevant seminar.
AI Statement
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT .
A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 7 days. Extensions are given in multiples of 24 hours.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Final Course Exam
- Identity Verified
- In-person
- Mode
- Written
- Category
- Examination
- Weight
- 40%
- Due date
End of Semester Exam Period
8/11/2025 - 22/11/2025
- Learning outcomes
- L01, L02, L03, L04
Task description
The end of course exam will comprise a series of questions that focus on the course material covered across the course.
The exam will include multiple choice questions and may also feature conceptual short questions and/or scenario-based analysis questions.
We shall discuss the exam details in the relevant lecture.
Exam details
| Planning time | 10 minutes |
|---|---|
| Duration | 90 minutes |
| Calculator options | Any calculator permitted |
| Open/closed book | Closed book examination - no written materials permitted |
| Exam platform | Paper based |
| Invigilation | Invigilated in person |
Submission guidelines
Deferral or extension
You may be able to defer this exam.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Additional learning resources information
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Seminar |
Introduction to Information Security We introduce the concept of information security and the fundamental view we shall use to analyse this topic. Learning outcomes: L01, L02 |
Week 2 |
Seminar |
The Need for Security / Legal and Ethical Issues We discuss the need for information security - types of security threats. We introduce a range of Australian IT related laws and the advantages/disadvantages these pose. Learning outcomes: L01, L02 |
Week 3 |
Seminar |
Planning for Security We discuss management's role in the development, maintenance, and enforcement of information security policy and standards. We explain what an information security blueprint is in the context of the ISO 27000 series. We introduce contingency planning. Due to the EKKA public holiday, the Wednesday seminar session will not be held this week. Make-up arrangements will be made. Learning outcomes: L01, L02 |
Week 4 |
Seminar |
Risk Management (Part 1) In the first part, we focus on defining risk management and its role in the organisation. We describe risk management techniques to identify and prioritise risk factors for assets. We explain how risk is assessed. Learning outcomes: L01, L03 |
Week 5 |
Seminar |
Risk Management (Part 2) In the second part, we discuss strategy options used to treat risk. We formulate a cost-benefit analysis (CBA) using existing conceptual frameworks. We describe popular methodologies used in business to manage risk. Learning outcomes: L01, L03 |
Week 6 |
Seminar |
Cryptography (Part 1) We consider two major encryption paradigms - symmetric key and public key cryptography - their operational strengths and challenges. Learning outcomes: L01, L04 |
Week 7 |
Seminar |
Cryptography (Part 2) We consider the commercial applications of cryptography - hybrid security applications for the Web and Email. We also consider other important applications such as digital signaturing. Learning outcomes: L01, L02, L04 |
Week 8 |
Seminar |
Security Technology (Firewalls, Proxys and the DMZ - Part 1) A business analysis of major types of security controls - operational approaches and positioning within the business network. Learning outcomes: L01, L02, L04 |
Week 9 |
Seminar |
Security Technology (Intrusion Detection - Part 2) Consideration of the role of intrusion detection systems - placement and operational approaches. We analyse how intrusion detection systems (IDS) provide 'defence in depth' for the modern business. Learning outcomes: L01, L02, L04 |
Mid Sem break |
No student involvement (Breaks, information) |
In-Semester Break No Seminars during in-semester break. |
Week 10 |
Seminar |
PCI DSS Discussion & Analysis A 'capstone' analysis of the Payment Card Industry Data Security Standard (PCI DSS). A contractually obligatory standard for any business storing, forwarding or processing in-house credit card data for Visa, Mastercard, and Amex. Due to the King's Birthday public holiday, the Monday seminar session will not be held this week. Make-up arrangements will be made. Learning outcomes: L01, L03, L04 |
Week 11 |
Seminar |
Blockchain - Theory & Practice We analyse the blockchain application. Discussion of the blockchain as it underpins bitcoin (crypto-currency). We focus on its architecture, benefits, challenges, and how it implements hashing and cryptography. A business analysis of the variety of blockchain management paradigms that have emerged in business. Learning outcomes: L01, L03, L04 |
Week 12 |
Seminar |
Security Maintenance We focus on security auditing and security testing as part of managing and operating the ongoing security program. Learning outcomes: L01, L04 |
Week 13 |
Seminar |
Recap & Get Ready for the Exam We review the series of seminars. Q&A session for exam. Learning outcomes: L01, L02, L03, L04 |
Additional learning activity information
Sustainable Development Goals
This course integrates the following Sustainable Development Goals through lectures and assessment.
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments for Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.