Course overview
- Study period
- Semester 1, 2025 (24/02/2025 - 21/06/2025)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Elec Engineering & Comp Science School
This is an introductory course covering key concepts and best practices in information security, and their application to the protection of organisation assets and business needs. It is designed for students from a broad range of backgrounds. It will include, but not be limited to topics such as; governance of information assets and ICT assets, develop understanding of business impact analysis of the confidentiality, integrity and availability of information assets and ICT assets, risk management using preventative, detective and responsive controls to manage risk, access control of information and information processing facilities, authentication protocols such as; shared secrets, cryptographic hash functions and challenge-response protocols. Topic coverage may also include; using biometrics for authentication, introduction to applied cryptography in information security, network and wireless network security, physical security of information assets, HR security, securing the human, phishing and social engineering, payment card industry security, cloud computing security, industrial control systems and cooperative and automated vehicles.
Topics that will be covered include risk management, access control, authentication, authorisation, symmetric and asymmetric cryptography, network security and application-layer security, for example blockchain security and image forensics. Current industry standards will be referenced, including the ISO/IEC 27000 series on Information Security,ᅠthe Payment Card Industry Data Security Standard (PCI DSS), and the NIST Special Publications 800-53 & 800-82. Students will gain a basic knowledge of current real world Information Security practices and procedures.
Course Changes in Response to Previous Student Feedback:
Based on valuable feedback from previous students, several improvements have been made to the assessment. The attack-defence group activities have been streamlined, and their weight has been reduced to better align with their intended purpose as a preparatory exercise for the final report.
Course requirements
Incompatible
You can't enrol in this course if you've already completed the following:
COMS3000 or CYBR3000 or COMS7003
Course contact
Course coordinator
Course staff
Lecturer
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
The Week 9 presentation on April 30, 2025, will extend beyond the scheduled lecture time and take place throughout the entire day to ensure fairness for all participants.
Aims and outcomes
The aim of the course is to provide an introduction to essential knowledge and skills in the field of Information Security. Concepts such as Access Control, Authentication, Integrity and Confidentiality will be discussed and students will gain an understanding of the basic cryptographic primitives and protocols that are required to implement these security goals. Students will develop the skills to perform practical Threat, Vulnerability and Risk Analysis, understand Information Security standards and be able to assess Information Security risks based on third-party attestations of standards compliance in on-premise, remote, cloud or edge-computing environments.
Learning outcomes
After successfully completing this course you should be able to:
LO1.
describe and apply the concepts of Information Security, such as Confidentiality, Integrity, Authentication and Non-Repudiation, and their relevance in various contexts.
LO2.
analyse and critically evaluate a range of access control and authentication mechanisms, including passwords, biometrics, PKI and multifactor authentication for various Australian and international application scenarios.
LO3.
critically evaluate and apply cryptographic techniques, mechanisms and protocols.
LO4.
independently locate, interpret and critically judge academic and other literature in the field of Information Security, and then apply outcomes to plan, evaluate, develop and reflect critically on justifications in academic reports.
LO5.
compute the information theoretic entropy of random variables, passwords, etc.
LO6.
analyse and critically report on the security of information systems.
LO7.
understand the development of international information security standards by multi-cultural interdisciplinary teams and the importance and application of these international standards to support both domestic and international cross-jurisdictional information security requirements throughout the world.
LO8.
development of group skills in attack-defence activities.
Assessment
Assessment summary
Category | Assessment task | Weight | Due date |
---|---|---|---|
Quiz |
In-class Quiz Series
|
15% |
Week 3, Fri Week 4, Fri Week 5, Fri Week 6, Fri Week 7, Fri Week 10, Fri Week 12, Fri Week 13, Fri
Must be submitted during the practical class |
Presentation |
Presentation
|
15% |
30/04/2025
Whole day |
Paper/ Report/ Annotation |
Report
|
30% |
23/05/2025 2:00 pm |
Examination |
Final exam
|
40% |
End of Semester Exam Period 7/06/2025 - 21/06/2025 |
A hurdle is an assessment requirement that must be satisfied in order to receive a specific grade for the course. Check the assessment details for more information about hurdle requirements.
Assessment details
In-class Quiz Series
- Mode
- Written
- Category
- Quiz
- Weight
- 15%
- Due date
Week 3, Fri
Week 4, Fri
Week 5, Fri
Week 6, Fri
Week 7, Fri
Week 10, Fri
Week 12, Fri
Week 13, Fri
Must be submitted during the practical class
- Other conditions
- Time limited.
- Learning outcomes
- L01, L02, L03, L05, L07
Task description
For each Quiz, students are given 5 minutes to answer 1-2 questions, based on learned course material, and submit their answers. The quizzes are held during practical sessions and must be submitted during class time. Students can bring your own devices to class or submit a paper copy.
These are multiple choices and short answers, some with calculations, as individual work, to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
There are 8 quizzes in total. Top 5 will be counted. Each Quiz counts 3%. In total 15%.
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) and Machine Translation (MT) tools will not be permitted. Any attempted use of Generative AI may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Answer the questions in Blackboard test or submit a paper copy (Details see Learn.UQ at https://learn.uq.edu.au/).
Deferral or extension
You cannot defer or apply for an extension for this assessment.
No extensions available. To accommodate unforeseen circumstances such as illness, the quiz score will be based on the best 5 out of 8 submissions.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Presentation
- Team or group-based
- In-person
- Mode
- Oral
- Category
- Presentation
- Weight
- 15%
- Due date
30/04/2025
Whole day
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07, L08
Task description
Students are required to research and critically evaluate security risks and their counter measures and present in a group a summary and discussion of the selected attacking or defending scenario in the form of a presentation. This assessment tests students ability to compile a paper in a group that demonstrates the ability to locate high quality sources of relevant information, understand complex concepts, critically analyse and integrate information from a wide range of sources, evaluate opinions, make decisions and reflect critically on the justifications for decisions; and to synthesize a clear and concise paper of the appropriate level and style.
Presentation is a fixed date in Week 9 (Wednesday). The assessment will be recorded. See Blackboard site for detailed schedule.
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) and Machine Translation (MT) tools will not be permitted. Any attempted use of Generative AI may constitute student misconduct under the Student Code of Conduct.
The course coordinator reserves the right to vary group marks for each group member in the event of varied contributions to the team effort.
Submission guidelines
Reports and slides are submitted online (see blackboard for details)
Deferral or extension
You cannot defer or apply for an extension for this assessment.
This course uses team-based assessment where oral sessions/demo sessions are scheduled with multiple markers and is time limited.
If teams encounter extraordinary difficulties in meeting a deadline, they should contact the course coordinator in advance of the due date.
All team submissions received after the due date will either; (1) receive a zero mark (or failing grade), or (2) if an earlier version of the team’s work was submitted then this will instead be graded.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Report
- Online
- Mode
- Written
- Category
- Paper/ Report/ Annotation
- Weight
- 30%
- Due date
23/05/2025 2:00 pm
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
In this assignment, students are required to compile a report that demonstrates their ability to formulate and investigate problems, to critically analyse and integrate information from a wide range of sources, recognising the roles and expertise of associated disciplines, to evaluate opinions, make decisions and to reflect critically on the justifications for decisions, to generate ideas and adapt innovatively to create solutions, with an appreciation of the link between theory and practice, to innovate and improve current practices; and the ability synthesize a clear and concise research report of the appropriate level and style.
This assessment task evaluates students' abilities, skills and knowledge without the aid of generative Artificial Intelligence (AI) or Machine Translation (MT). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
An electronic copy of your assignment is required to be submitted via Blackboard (Learn.UQ at https://learn.uq.edu.au/).
Submit early - updates can be submitted up until the deadline - it is your responsibility to ensure your assignment is successfully submitted BEFORE the deadline.
No hard copy is required for this assignment.
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 21 days. Extensions are given in multiples of 24 hours.
Feedback will be given to students in a timeframe of 21-28 days, where the earlier time frame applies if there are no extensions.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Final exam
- Hurdle
- Identity Verified
- In-person
- Mode
- Written
- Category
- Examination
- Weight
- 40%
- Due date
End of Semester Exam Period
7/06/2025 - 21/06/2025
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
The exam will be an on-campus paper-based exam. This exam will be a closed book and will contain a combination of multiple choices and short answers, some with calculations. It is individual work; to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
This assessment task evaluates students' abilities, skills and knowledge without the aid of generative Artificial Intelligence (AI) or Machine Translation (MT). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Hurdle requirements
You must achieve at least 40% in the task to pass the course.Exam details
Planning time | 10 minutes |
---|---|
Duration | 120 minutes |
Calculator options | Any calculator permitted |
Open/closed book | Open Book examination |
Exam platform | Paper based |
Invigilation | Invigilated in person |
Submission guidelines
Deferral or extension
You may be able to defer this exam.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
Grade | Cut off Percent | Description |
---|---|---|
1 (Low Fail) | 0 - 19 |
Absence of evidence of achievement of course learning outcomes. Course grade description: Fails to demonstrate most or all of the basic requirements of the course. |
2 (Fail) | 20 - 46 |
Minimal evidence of achievement of course learning outcomes. Course grade description: Demonstrates clear deficiencies in understanding and applying fundamental concepts; communicates information or ideas in ways that are frequently incomplete or confusing and give little attention to the conventions of the discipline. |
3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes Course grade description: Demonstrates superficial or partial or faulty understanding of the fundamental concepts of the field of study and limited ability to apply these concepts; presents undeveloped or inappropriate or unsupported arguments; communicates information or ideas with lack of clarity and inconsistent adherence to the conventions of the discipline. |
4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. Course grade description: Demonstrates adequate understanding and application of the fundamental concepts of the field of study; develops routine arguments or decisions and provides acceptable justification; communicates information and ideas adequately in terms of the conventions of the discipline. |
5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. Course grade description: Demonstrates substantial understanding of fundamental concepts of the field of study and ability to apply these concepts in a variety of contexts; develops or adapts convincing arguments and provides coherent justification; communicates information and ideas clearly and fluently in terms of the conventions of the discipline. |
6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. Course grade description: As for 5, with frequent evidence of originality in defining and analysing issues or problems and in creating solutions; uses a level, style and means of communication appropriate to the discipline and the audience. |
7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. Course grade description: As for 6, with consistent evidence of substantial originality and insight in identifying, generating and communicating competing arguments, perspectives or problem solving approaches; critically evaluates problems, their solutions and implications. |
Additional course grading information
If the final total percentage for all assessment, calculated at the end of the semester, results in a fractional component, then any fractional component is rounded up to the next whole integer before calculating the final grade. This only applies to the final result and not to individual pieces of assessment, where any fractional results are included, as is, in the calculation of the final percentage.
Supplementary assessment
Supplementary assessment is available for this course.
Additional assessment information
Having Troubles?
If you are having difficulties with any aspect of the course material, you should seek help and speak to the course teaching staff. If external circumstances are affecting your ability to work on the course, you should seek help as soon as possible. The University and UQ Union have organisations and staff who are able to help; for example, UQ Student Services are able to help with study and exam skills, tertiary learning skills, writing skills, financial assistance, personal issues, and disability services (among other things).
Complaints and criticisms should be directed in the first instance to the course coordinator. If you are not satisfied with the outcome, you may bring the matter to the attention of the School of EECS Director of Teaching and Learning.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Other course materials
Recommended
Item | Description | Further Requirement |
---|---|---|
Mark Stamp. Information Security: Principles and Practice, Wiley | book | |
Michael Brewer, Information security, DISC/British Standards Institution | book | |
Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley | book | |
William Stallings, Cryptograhy and Network Security: principles and practice, Prentice Hall | book | |
C. Kaufman et al., Network Security: Private Communication in a Public World, Prentice Hall | book | |
Bruce Schneier, Secret and Lies, Wiley | book | |
Ross Anderson, Security Engineering, Wiley | book | |
Albert Menezes et al., The Handbook of applied Cryptography | book | |
Matt Bishop, Computer Security, Prentice Hall | book |
Additional learning resources information
All relevant learning material such as additional reading, lecture slides, tutorials etc. will be available via Blackboard.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
Learning period | Activity type | Topic |
---|---|---|
Week 1 |
Lecture |
Introduction to the course Introduction to the Course Staff, Course Content, Assessments, Admin Issues, how to succeed in the course etc. Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Practical |
Introduction to the assessments and the Attack-Defence Scenario Learning outcomes: L01, L02, L03, L04, L06, L07, L08 |
|
Week 2 |
Lecture |
Information Security; Risk Management; Access Control Learning outcomes: L01, L02 |
Week 3 |
Lecture |
Password; Cryptographic Hashes Learning outcomes: L01, L03, L05 |
Practical |
Practice on Information Security; Risk Management; Access Control Learning outcomes: L01, L02 |
|
Week 4 |
Lecture |
Password; Salt; Historical Cryptography Learning outcomes: L01, L03, L05 |
Practical |
Work in team practicing risk identification |
|
Week 5 |
Lecture |
Modern Cryptography; Symmetric Cryptography Learning outcomes: L03 |
Practical |
Practice on Password; Cryptographic Hashes Learning outcomes: L01, L03, L05 |
|
Week 6 |
Lecture |
Asymmetric Cryptography; Digital Signature; Public Key Infrastructure Learning outcomes: L02, L03 |
Practical |
Practice on Historical Cryptography; Modern Cryptography; Symmetric Cryptography Learning outcomes: L03 |
|
Week 7 |
Lecture |
Authentication Protocols; Transport Layer Security Learning outcomes: L03 |
Practical |
Work in team practice on slides and presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
|
Week 8 |
Lecture |
Advanced Topics: Quantum Computing & Post-quantum Cryptography, Image Forensics Learning outcomes: L01, L02, L03, L07 |
Week 9 |
Seminar |
Presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Practical |
Practice on Asymmetric Encryption; Digital Signature; Public Key Infrastructure Learning outcomes: L02, L03 |
|
Week 10 |
Lecture |
Biometrics; Authorisation Learning outcomes: L02 |
Practical |
Practice on Bioinformatics; Authorisation Learning outcomes: L02 |
|
Week 11 |
Lecture |
Guest Lecture Learning outcomes: L01, L02, L07 |
Practical |
Presentation Feedback and Final Report Help Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
|
Week 12 |
Lecture |
Trust; Zero Trust; Blockchain Learning outcomes: L01, L02, L03, L07 |
Practical |
Practice on Trust; Zero Trust; Blockchain Learning outcomes: L01, L02, L03, L07 |
|
Week 13 |
Lecture |
Information Theory Learning outcomes: L05 |
Practical |
Practice on Information Theory Learning outcomes: L05 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.
School guidelines
Your school has additional guidelines you'll need to follow for this course: