Course coordinator
Dr Naipeng Dong
Course overview
- Study period
- Semester 2, 2024 (22/07/2024 - 18/11/2024)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Elec Engineering & Comp Science School
This is an introductory course covering key concepts and best practices in information security, and their application to the protection of organisation assets and business needs. It is designed for students from a broad range of backgrounds. It will include, but not be limited to topics such as; governance of information assets and ICT assets, develop understanding of business impact analysis of the confidentiality, integrity and availability of information assets and ICT assets, risk management using preventative, detective and responsive controls to manage risk, access control of information and information processing facilities, authentication protocols such as; shared secrets, cryptographic hash functions and challenge-response protocols. Topic coverage may also include; using biometrics for authentication, introduction to applied cryptography in information security, network and wireless network security, physical security of information assets, HR security, securing the human, phishing and social engineering, payment card industry security, cloud computing security, industrial control systems and cooperative and automated vehicles.
Topics that will be covered include risk management, access control, authentication, authorisation, symmetric and asymmetric cryptography, network security and application-layer security, for example payment cards andᅠindustrial control systems (ICS)ᅠsecurity. Current industry standards will be referenced, including the ISO/IEC 27000 series on Information Security,ᅠthe Payment Card Industry Data Security Standard (PCI DSS), and the NIST Special Publications 800-53 & 800-82. Students will gain a basic knowledge of current real world Information Security practices and procedures.
Course Changes in Response to Previous Student Feedback:
In response to valuable feedback from previous students, several enhancements and adjustments have been made to the assessment: simplify the attack-defence role play as one assessment with immediate feedback and with fixed presentation date for fairness.
Course requirements
Incompatible
You can't enrol in this course if you've already completed the following:
COMS3000 or CYBR3000 or COMS7003
Course contact
Course staff
Lecturer
Dr Naipeng Dong
Timetable
The timetable for this course is available on the UQ Public Timetable.
Aims and outcomes
The aim of the course is to provide an introduction to essential knowledge and skills in the field of Information Security. Concepts such as Access Control, Authentication, Integrity and Confidentiality will be discussed and students will gain an understanding of the basic cryptographic primitives and protocols that are required to implement these security goals. Students will develop the skills to perform practical Threat, Vulnerability and Risk Analysis, understand Information Security standards and be able to assess Information Security risks based on third-party attestations of standards compliance in on-premise, remote, cloud or edge-computing environments.
Learning outcomes
After successfully completing this course you should be able to:
LO1.
describe and apply the concepts of Information Security, such as Confidentiality, Integrity, Authentication and Non-Repudiation, and their relevance in various contexts.
LO2.
analyse and critically evaluate a range of access control and authentication mechanisms, including passwords, biometrics, PKI and multifactor authentication for various Australian and international application scenarios.
LO3.
critically evaluate and apply cryptographic techniques, mechanisms and protocols.
LO4.
independently locate, interpret and critically judge academic and other literature in the field of Information Security, and then apply outcomes to plan, evaluate, develop and reflect critically on justifications in academic reports.
LO5.
compute the information theoretic entropy of random variables, passwords, etc.
LO6.
analyse and critically report on the security of information systems.
LO7.
understand the development of international information security standards by multi-cultural interdisciplinary teams and the importance and application of these international standards to support both domestic and international cross-jurisdictional information security requirements throughout the world.
LO8.
development of group skills in attack-defence activities.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Quiz |
In-class Quiz Series
|
10% |
Week 3 - Week 7 Week 11 - Week 13
The quiz is 2:05 - 2:10 PM during class |
| Presentation |
Presentation
|
20% |
17/09/2024
Whole day |
| Paper/ Report/ Annotation |
Report
|
30% |
15/10/2024 2:00 pm |
| Examination |
Final exam
|
40% |
End of Semester Exam Period 2/11/2024 - 16/11/2024 |
A hurdle is an assessment requirement that must be satisfied in order to receive a specific grade for the course. Check the assessment details for more information about hurdle requirements.
Assessment details
In-class Quiz Series
- Mode
- Written
- Category
- Quiz
- Weight
- 10%
- Due date
Week 3 - Week 7
Week 11 - Week 13
The quiz is 2:05 - 2:10 PM during class
- Other conditions
- Time limited.
- Learning outcomes
- L01, L02, L03, L05, L07
Task description
For each Quiz, students are given 5 minutes to answer 1-2 questions provided in the lectures, based on learned course material, and submit their answers. The quizzes are during lecture time. Students can bring your own devices to class or submit a paper copy.
These are multiple choices and short answers, some with calculations, as individual work, to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
There are 8 quizzes in total. Top 5 will be counted. Each Quiz counts 2%. In total 10%.
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) and Machine Translation (MT) tools will not be permitted. Any attempted use of Generative AI may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Directly input answers in Blackboard test or submit a paper copy (Details see Learn.UQ at https://learn.uq.edu.au/).
Deferral or extension
You cannot defer or apply for an extension for this assessment.
No extensions available and 100% late penalty applied for the quizzes. To accommodate unforeseen circumstances such as illness, your quiz score will be based on the best 5 out of 8 submissions.
Presentation
- Team or group-based
- In-person
- Mode
- Oral
- Category
- Presentation
- Weight
- 20%
- Due date
17/09/2024
Whole day
Task description
Students are required to research and critically evaluate security risks and their counter measures and present in a group a summary and discussion of the selected attacking or defending scenario in the form of a presentation. This assessment tests students ability to compile a paper in group that demonstrates the ability to locate high quality sources of relevant information, to understand complex concepts, to critically analyse and integrate information from a wide range of sources, to evaluate opinions, make decisions and to reflect critically on the justifications for decisions; and the ability synthesize a clear and concise paper of the appropriate level and style.
Presentation is a fixed date in Week 9 (Tuesday.) The assessment will be recorded. See Blackboard site for detailed schedule.
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) and Machine Translation (MT) tools will not be permitted. Any attempted use of Generative AI may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Reports and slides are submitted online (see blackboard for details)
Deferral or extension
You cannot defer or apply for an extension for this assessment.
Oral sessions or Demo sessions scheduled with multiple markers and is time limited. Extension impacts on other students in team.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Report
- Online
- Mode
- Written
- Category
- Paper/ Report/ Annotation
- Weight
- 30%
- Due date
15/10/2024 2:00 pm
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
In this assignment, students are required to compile a report that demonstrates their ability to formulate and investigate problems, to critically analyse and integrate information from a wide range of sources, recognising the roles and expertise of associated disciplines, to evaluate opinions, make decisions and to reflect critically on the justifications for decisions, to generate ideas and adapt innovatively to create solutions, with an appreciation of the link between theory and practice, to innovate and improve current practices; and the ability synthesize a clear and concise research report of the appropriate level and style.
This assessment task evaluates students' abilities, skills and knowledge without the aid of generative Artificial Intelligence (AI) or Machine Translation (MT). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
An electronic copy of your assignment is required to be submitted via Blackboard (Learn.UQ at https://learn.uq.edu.au/).
Submit early - updates can be submitted up until the deadline - it is your responsibility to ensure your assignment is successfully submitted BEFORE the deadline.
No hard copy is required for this assignment.
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 21 days. Extensions are given in multiples of 24 hours.
Feedback will be given to students in a timeframe of 21-28 days, where the earlier time frame applies if there are no extensions.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Final exam
- Hurdle
- Identity Verified
- In-person
- Mode
- Written
- Category
- Examination
- Weight
- 40%
- Due date
End of Semester Exam Period
2/11/2024 - 16/11/2024
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
The exam will be an on-campus paper-based exam. This exam will be a closed book and will contain a combination of multiple choices and short answers, some with calculations. It is individual work; to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
This assessment task evaluates students' abilities, skills and knowledge without the aid of generative Artificial Intelligence (AI) or Machine Translation (MT). Students are advised that the use of AI technologies to develop responses is strictly prohibited and may constitute student misconduct under the Student Code of Conduct.
Hurdle requirements
You must achieve at least 40% in the task to pass the course.Exam details
| Planning time | 10 minutes |
|---|---|
| Duration | 90 minutes |
| Calculator options | Any calculator permitted |
| Open/closed book | Open Book examination |
| Exam platform | Paper based |
| Invigilation | Invigilated in person |
Submission guidelines
Deferral or extension
You may be able to defer this exam.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Deferred exam is made available given unexpected circumstances.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 19 |
Absence of evidence of achievement of course learning outcomes. Course grade description: Fails to demonstrate most or all of the basic requirements of the course. |
| 2 (Fail) | 20 - 44 |
Minimal evidence of achievement of course learning outcomes. Course grade description: Demonstrates clear deficiencies in understanding and applying fundamental concepts; communicates information or ideas in ways that are frequently incomplete or confusing and give little attention to the conventions of the discipline. |
| 3 (Marginal Fail) | 45 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes Course grade description: Demonstrates superficial or partial or faulty understanding of the fundamental concepts of the field of study and limited ability to apply these concepts; presents undeveloped or inappropriate or unsupported arguments; communicates information or ideas with lack of clarity and inconsistent adherence to the conventions of the discipline. |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. Course grade description: Demonstrates adequate understanding and application of the fundamental concepts of the field of study; develops routine arguments or decisions and provides acceptable justification; communicates information and ideas adequately in terms of the conventions of the discipline. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. Course grade description: Demonstrates substantial understanding of fundamental concepts of the field of study and ability to apply these concepts in a variety of contexts; develops or adapts convincing arguments and provides coherent justification; communicates information and ideas clearly and fluently in terms of the conventions of the discipline. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. Course grade description: As for 5, with frequent evidence of originality in defining and analysing issues or problems and in creating solutions; uses a level, style and means of communication appropriate to the discipline and the audience. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. Course grade description: As for 6, with consistent evidence of substantial originality and insight in identifying, generating and communicating competing arguments, perspectives or problem solving approaches; critically evaluates problems, their solutions and implications. |
Additional course grading information
If the final total percentage for all assessment, calculated at the end of the semester, results in a fractional component, then any fractional component is rounded up to the next whole integer before calculating the final grade. This only applies to the final result and not to individual pieces of assessment, where any fractional results are included, as is, in the calculation of the final percentage.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Other course materials
Recommended
| Item | Description | Further Requirement |
|---|---|---|
| Mark Stamp. Information Security: Principles and Practice, Wiley | ||
| Michael Brewer, Information security, DISC/British Standards Institution | ||
| Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley | ||
| William Stallings, Cryptograhy and Network Security: principles and practice, Prentice Hall | ||
| C. Kaufman et al., Network Security: Private Communication in a Public World, Prentice Hall | ||
| Bruce Schneier, Secret and Lies, Wiley | ||
| Ross Anderson, Security Engineering, Wiley | ||
| Albert Menezes et al., The Handbook of applied Cryptography | ||
| Matt Bishop, Computer Security, Prentice Hall |
Additional learning resources information
All relevant learning material such as additional reading, lecture slides, tutorials etc. will be available via Blackboard.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Multiple weeks From Week 1 To Revision week |
General contact hours |
Consultation Every Thursday morning 10:00-12:00 Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Week 1 |
Lecture |
Introduction to the course; Admin issues Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Tutorial |
Introduction to analysis scenarios Learning outcomes: L06 |
|
Week 2 |
Lecture |
Introduction to Information Security; Risk Management; Access Control Learning outcomes: L01, L02 |
Tutorial |
Q&A on Information Security; Risk Management; Access Control Learning outcomes: L01, L02 |
|
Week 3 |
Lecture |
Password; Cryptographic Hashes; Salt Learning outcomes: L01, L02, L03 |
Tutorial |
Q&A on Information Security; Risk Management; Access Control Learning outcomes: L01, L02, L03 |
|
Week 4 |
Lecture |
Historical Crypto; Introduction to modern Cryptography Learning outcomes: L01, L03 |
Team Based Learning |
Work in team to discuss the risk identification |
|
Week 5 |
Lecture |
Symmetric Encryption; Asymmetric Encryption Learning outcomes: L03 |
Tutorial |
Q& A on Historical Crypto; Intro to modern Cryptography Learning outcomes: L03 |
|
Week 6 |
Lecture |
Digital Signature; Public Key Infrastructure; Quantum Computing & Post-quantum Cryptography Learning outcomes: L03 |
Tutorial |
Q& A on Symmetric/Asymmetric Encryption; Digital Signature; Public Key Infrastructure Learning outcomes: L03 |
|
Week 7 |
Lecture |
Authentication Protocols; Transport Layer Security Learning outcomes: L03 |
Tutorial |
Q&A on Authentication Protocols; Transport Layer Security; Learning outcomes: L03 |
|
Week 8 |
Lecture |
Network Security Learning outcomes: L07 |
Team Based Learning |
Work in team to discuss the presentation |
|
Week 9 |
Seminar |
Presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
Seminar |
Presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
|
Week 10 |
Lecture |
Biometrics; Authorisation Learning outcomes: L02 |
Tutorial |
Feedback session to students Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
|
Week 11 |
Lecture |
Trust; Zero-Trust; Blockchain Learning outcomes: L02, L07 |
Tutorial |
Final Report Q&A session Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
|
Week 12 |
Lecture |
Guest lecture Learning outcomes: L02, L07 |
Tutorial |
Q&A on Biometrics; Authorisation; Trust; Blockchain |
|
Week 13 |
Lecture |
Information Theory Learning outcomes: L05 |
Tutorial |
Exam Q&A Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.
School guidelines
Your school has additional guidelines you'll need to follow for this course: