Course coordinator
Dr Naipeng Dong
Course overview
- Study period
- Semester 2, 2025 (28/07/2025 - 22/11/2025)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Elec Engineering & Comp Science School
This is an introductory course covering key concepts and best practices in information security, and their application to the protection of organisation assets and business needs. It is designed for students from a broad range of backgrounds. It will include, but not be limited to topics such as; governance of information assets and ICT assets, develop understanding of business impact analysis of the confidentiality, integrity and availability of information assets and ICT assets, risk management using preventative, detective and responsive controls to manage risk, access control of information and information processing facilities, authentication protocols such as; shared secrets, cryptographic hash functions and challenge-response protocols. Topic coverage may also include; using biometrics for authentication, introduction to applied cryptography in information security, network and wireless network security, physical security of information assets, HR security, securing the human, phishing and social engineering, payment card industry security, cloud computing security, industrial control systems and cooperative and automated vehicles.
Topics that will be covered include risk management, access control, authentication, authorisation, symmetric and asymmetric cryptography, information theory, network security and application-layer security, for example payment cards andᅠindustrial control systems (ICS)ᅠsecurity. Current industry standards will be referenced, including the ISO/IEC 27000 series on Information Security,ᅠthe Payment Card Industry Data Security Standard (PCI DSS), and the NIST Special Publications 800-53 & 800-82. Students will gain a basic knowledge of current real world Information Security practices and procedures.
Course Changes in Response to Previous Student Feedback:
Based on feedback from previous students, an example is now provided to guide the attack-defense role-play assessment.
Course requirements
Incompatible
You can't enrol in this course if you've already completed the following:
COMS3000 or CYBR3000 or COMS7003
Course contact
Course staff
Lecturer
Dr Naipeng Dong
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
To give enough time for each team to interactively demonstrate their work, the presentation may need to extend beyond the timetabled class duration. Students need to make themselves available on the scheduled timeslots.
Aims and outcomes
The aim of the course is to provide an introduction to essential knowledge and skills in the field of Information Security. Concepts such as Access Control, Authentication, Integrity and Confidentiality will be discussed and students will gain an understanding of the basic cryptographic primitives and protocols that are required to implement these security goals. Students will develop the skills to perform practical Threat, Vulnerability and Risk Analysis, understand Information Security standards and be able to assess Information Security risks based on third-party attestations of standards compliance in on-premise, remote, cloud or edge-computing environments.
Learning outcomes
After successfully completing this course you should be able to:
LO1.
describe and apply the concepts of Information Security, such as Confidentiality, Integrity, Authentication and Non-Repudiation, and their relevance in various contexts.
LO2.
analyse and critically evaluate a range of access control and authentication mechanisms, including passwords, biometrics, PKI and multifactor authentication for various Australian and international application scenarios.
LO3.
critically evaluate and apply cryptographic techniques, mechanisms and protocols.
LO4.
independently locate, interpret and critically judge academic and other literature in the field of Information Security, and then apply outcomes to plan, evaluate, develop and reflect critically on justifications in academic reports.
LO5.
compute the information theoretic entropy of random variables, passwords, etc.
LO6.
analyse and critically report on the security of information systems.
LO7.
understand the development of international information security standards by multi-cultural interdisciplinary teams and the importance and application of these international standards to support both domestic and international cross-jurisdictional information security requirements throughout the world.
LO8.
development of group skills in attack-defence activities.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Quiz |
In-class Quiz Series
|
15% |
19/08/2025 9/09/2025 14/10/2025 28/10/2025
The quiz is during Applied Class Time. See your blackboard site for specific exam time. |
| Presentation |
Presentation
|
15% |
23/09/2025
To give enough time for each team to interactively demonstrate their work, the presentation may need to extend beyond the timetabled class duration. Students need to make themselves available on the scheduled timeslots (see Blackboard course site for presentation schedule). |
| Paper/ Report/ Annotation |
Report
|
10% |
17/10/2025 2:00 pm |
| Examination |
Final exam
|
60% |
End of Semester Exam Period 8/11/2025 - 22/11/2025 |
A hurdle is an assessment requirement that must be satisfied in order to receive a specific grade for the course. Check the assessment details for more information about hurdle requirements.
Assessment details
In-class Quiz Series
- Mode
- Written
- Category
- Quiz
- Weight
- 15%
- Due date
19/08/2025
9/09/2025
14/10/2025
28/10/2025
The quiz is during Applied Class Time. See your blackboard site for specific exam time.
- Other conditions
- Time limited.
- Learning outcomes
- L01, L02, L03, L05, L07
Task description
For each Quiz, students are given 10 minutes to answer a few questions provided in the lectures, based on learned course material, and submit their answers. The quizzes are during Applied Class time. Students can bring their own devices to class or submit a paper copy.
These are multiple choices and/or short answers, some with calculations, as individual work, to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
There are 4 quizzes in total. Best 3 out of 4 will be counted. Each Quiz is worth 5%. In total 15%.
This assessment task is to be completed in-person.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI and/or MT technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance. A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct. To pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI and MT tools.
Submission guidelines
Directly input answers in Blackboard test or submit a paper copy (Details see Learn.UQ at https://learn.uq.edu.au/).
Deferral or extension
You cannot defer or apply for an extension for this assessment.
Because only the best 3 of 4 will contribute to the mark for this assessment item and results/answers are released soon after the due date, no extensions are permitted.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Because
• the results/answers are released soon after the due date, and
• only the best 3 of 4 will contribute to the mark for this assessment item
a 100% penalty will be applied to late submission.
Presentation
- Team or group-based
- In-person
- Mode
- Oral
- Category
- Presentation
- Weight
- 15%
- Due date
23/09/2025
To give enough time for each team to interactively demonstrate their work, the presentation may need to extend beyond the timetabled class duration. Students need to make themselves available on the scheduled timeslots (see Blackboard course site for presentation schedule).
Task description
Students are required to research and critically evaluate security risks and their counter measures and present in a group a summary and discussion of the selected attacking or defending scenario in the form of a presentation. This assessment tests students' ability to compile a paper in group that demonstrates the ability to locate high quality sources of relevant information, to understand complex concepts, to critically analyse and integrate information from a wide range of sources, to evaluate opinions, make decisions and to reflect critically on the justifications for decisions; and the ability to synthesise a clear and concise paper of the appropriate level and style.
Presentation is a fixed date in Week 9. The assessment will be recorded. See Blackboard site for detailed schedule.
This assessment task is to be completed in-person.
The course coordinator reserves the right to vary group marks for each group member in the event of varied contributions to the team effort.
Submission guidelines
Reports and slides are submitted online (see blackboard for details)
Deferral or extension
You cannot defer or apply for an extension for this assessment.
Extensions for groupwork are typically not available as this impacts on all members of the team.
Students with valid extension requests either receive team mark or will be required to undertake alternative assessment.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Consistent with industry practice around presentations to clients/industry partners, the 100% late penalty applies.
Report
- Online
- Mode
- Written
- Category
- Paper/ Report/ Annotation
- Weight
- 10%
- Due date
17/10/2025 2:00 pm
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
In this assignment, students are required to compile a report that demonstrates their ability to formulate and investigate problems, to critically analyse and integrate information from a wide range of sources, recognising the roles and expertise of associated disciplines, to evaluate opinions, make decisions and to reflect critically on the justifications for decisions, to generate ideas and adapt innovatively to create solutions, with an appreciation of the link between theory and practice, to innovate and improve current practices; and the ability to synthesise a clear and concise research report of the appropriate level and style.
Artificial Intelligence (AI) and Machine Translation (MT) are emerging tools that may support students in completing this assessment task. Students may appropriately use AI and/or MT in completing this assessment task. Students must clearly reference any use of AI or MT in each instance. A failure to reference generative AI or MT use may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
An electronic copy of your assignment is required to be submitted via Blackboard (Learn.UQ at https://learn.uq.edu.au/).
Submit early - updates can be submitted up until the deadline - it is your responsibility to ensure your assignment is successfully submitted BEFORE the deadline.
No hard copy is required for this assignment.
Deferral or extension
You may be able to apply for an extension.
The maximum extension allowed is 21 days. Extensions are given in multiples of 24 hours.
Extensions are limited to 21 days as feedback will be provided within 28 days.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Final exam
- Hurdle
- Identity Verified
- In-person
- Mode
- Written
- Category
- Examination
- Weight
- 60%
- Due date
End of Semester Exam Period
8/11/2025 - 22/11/2025
- Other conditions
- Secure.
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07
Task description
The exam will be an on-campus paper-based exam. This exam will be an open book and will contain a combination of multiple choices and short answers, some with calculations. It is individual work; to test the students' ability to apply the knowledge they have gained from the course material in new scenarios.
This assessment task is to be completed in-person. The use of generative Artificial Intelligence (AI) or Machine Translation (MT) tools will not be permitted. Any attempted use of AI or MT may constitute student misconduct under the Student Code of Conduct.
Hurdle requirements
You must achieve at least 40% in the task to pass the course.Exam details
| Planning time | 10 minutes |
|---|---|
| Duration | 120 minutes |
| Calculator options | Any calculator permitted |
| Open/closed book | Open book examination - any written or printed material is permitted; material may be annotated |
| Exam platform | Paper based |
| Invigilation | Invigilated in person |
Submission guidelines
Deferral or extension
You may be able to defer this exam.
Late submission
You will receive a mark of 0 if this assessment is submitted late.
Deferred exam is made available given unexpected circumstances.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 19 |
Absence of evidence of achievement of course learning outcomes. Course grade description: Fails to demonstrate most or all of the basic requirements of the course. |
| 2 (Fail) | 20 - 46 |
Minimal evidence of achievement of course learning outcomes. Course grade description: Demonstrates clear deficiencies in understanding and applying fundamental concepts; communicates information or ideas in ways that are frequently incomplete or confusing and give little attention to the conventions of the discipline. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes Course grade description: Demonstrates superficial or partial or faulty understanding of the fundamental concepts of the field of study and limited ability to apply these concepts; presents undeveloped or inappropriate or unsupported arguments; communicates information or ideas with lack of clarity and inconsistent adherence to the conventions of the discipline. |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. Course grade description: Demonstrates adequate understanding and application of the fundamental concepts of the field of study; develops routine arguments or decisions and provides acceptable justification; communicates information and ideas adequately in terms of the conventions of the discipline. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. Course grade description: Demonstrates substantial understanding of fundamental concepts of the field of study and ability to apply these concepts in a variety of contexts; develops or adapts convincing arguments and provides coherent justification; communicates information and ideas clearly and fluently in terms of the conventions of the discipline. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. Course grade description: As for 5, with frequent evidence of originality in defining and analysing issues or problems and in creating solutions; uses a level, style and means of communication appropriate to the discipline and the audience. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. Course grade description: As for 6, with consistent evidence of substantial originality and insight in identifying, generating and communicating competing arguments, perspectives or problem solving approaches; critically evaluates problems, their solutions and implications. |
Additional course grading information
If the final total percentage for all assessment (calculated at the end of the semester) results in a fractional component, then any fractional component is rounded up to the next whole integer before calculating the final grade. This only applies to the final result and not to individual pieces of assessment, where any fractional results are included, as is, in the calculation of the final percentage.
Supplementary assessment
Supplementary assessment is available for this course.
Additional assessment information
Having Troubles?
If you are having difficulties with any aspect of the course material, you should seek help and speak to the course teaching staff.
If external circumstances are affecting your ability to work on the course, you should seek help as soon as possible. The University and UQ Union have organisations and staff who are able to help; for example, UQ Student Services are able to help with study and exam skills, tertiary learning skills, writing skills, financial assistance, personal issues, and disability services (among other things).
Complaints and criticisms should be directed in the first instance to the course coordinator. If you are not satisfied with the outcome, you may bring the matter to the attention of the School of EECS Director of Teaching and Learning.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Library resources are available on the UQ Library website.
Other course materials
Recommended
| Item | Description | Further Requirement |
|---|---|---|
| Mark Stamp. Information Security: Principles and Practice, Wiley | ||
| Michael Brewer, Information security, DISC/British Standards Institution | ||
| Bruce Schneier, Applied Cryptography: Protocols, Algorithms, and Source Code in C, Wiley | ||
| William Stallings, Cryptograhy and Network Security: principles and practice, Prentice Hall | ||
| C. Kaufman et al., Network Security: Private Communication in a Public World, Prentice Hall | ||
| Bruce Schneier, Secret and Lies, Wiley | ||
| Ross Anderson, Security Engineering, Wiley | ||
| Albert Menezes et al., The Handbook of applied Cryptography | ||
| Matt Bishop, Computer Security, Prentice Hall |
Additional learning resources information
All relevant learning material such as additional reading, lecture slides, applied exercises etc. will be available via Blackboard.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Multiple weeks From Week 1 To Revision week |
General contact hours |
Consultation Every Tuesday morning 10:00-12:00 Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Week 1 |
Lecture |
Introduction to the course Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
Applied Class |
Introduction to Attack-Defence Scenarios The teaching assistant briefly introduces the attack-defence role play activities, assessments and team formation. Learning outcomes: L06 |
|
Week 2 |
Lecture |
Introduction to Information Security; Risk Management; Access Control Learning outcomes: L01, L02 |
Applied Class |
Q&A on Information Security; Risk Management; Access Control Applied class for Q&A of the given tasks. Learning outcomes: L01, L02 |
|
Week 3 |
Lecture |
Password; Cryptographic Hashes Learning outcomes: L01, L02, L03 |
Applied Class |
Q&A on Password; Cryptographic Hashes Applied class for Q&A of the given tasks. Learning outcomes: L01, L02, L03 |
|
Week 4 |
Lecture |
Password; Salt; Historical Cryptography Learning outcomes: L01, L03 |
Applied Class |
Work in team to discuss the risk identification The teaching Assistant provides feedback on your questions regarding the attack-defence role play activities. |
|
Week 5 |
Lecture |
Modern Cryptography; Symmetric Encryption Learning outcomes: L03 |
Applied Class |
Q&A on Historical Crypto; Modern Cryptography; Symmetric Encryption Applied class for Q&A of the given tasks. Learning outcomes: L03 |
|
Week 6 |
Lecture |
Asymmetric EncryptionDigital Signature; Public Key Infrastructure Learning outcomes: L03 |
Applied Class |
Q& A on Asymmetric Encryption; Digital Signature; Public Key Infrastructure Applied class for Q&A of the given tasks. Learning outcomes: L03 |
|
Week 7 |
Lecture |
Quantum Computing & Post-quantum Cryptography Learning outcomes: L03 |
Applied Class |
Work in team to discuss slides and presentation Applied class for Q&A of the given tasks. Learning outcomes: L03 |
|
Week 8 |
Lecture |
Authentication Protocols; Transport Layer Security Learning outcomes: L07 |
Applied Class |
Q&A on Authentication Protocols; Transport Layer Security The teaching assistant provides feedback on presentation. |
|
Week 9 |
Seminar |
Presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
Seminar |
Presentation Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
|
Week 10 |
Lecture |
Biometrics; Authorisation Learning outcomes: L02 |
Applied Class |
Q&A on Biometrics; Authorisation Learning outcomes: L01, L02, L03, L04, L05, L06, L07, L08 |
|
Week 11 |
Lecture |
Guest lectures Learning outcomes: L02, L07 |
Applied Class |
Presentation Feedback; Final Report Q&A session The teaching assistant provides feedback on final report. Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
|
Week 12 |
Lecture |
Trust; Zero Trust; Blockchain Learning outcomes: L02, L07 |
Applied Class |
Q&A on Trust; Zero Trust; Blockchain Applied class for Q&A of the given tasks. |
|
Week 13 |
Lecture |
Information Theory Learning outcomes: L05 |
Applied Class |
Q&A on Information Theory Exam Q&A Learning outcomes: L01, L02, L03, L04, L05, L06, L07 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments for Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.
School guidelines
Your school has additional guidelines you'll need to follow for this course: