Course coordinator
Mr Keith Harbottle
Course overview
- Study period
- Semester 2, 2024 (22/07/2024 - 18/11/2024)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
This is an introductory, inter-disciplinary course providing an overview of the best practices and emerging developments in governance, ethics, legal and policy aspects of cyber security and data privacy.
This course is structured in two parts. The first part addresses cyber security legal issues as they impact businesses and organisations. Although the focus will be the law relevant to businesses, criminal law will be considered but through the lens of business. This part recognises that business and technology operate internationally, even though the law may be country or state-based. Focus is not limited to Queensland or even Australian law. This part will consider issues such as determining which countries’ laws will apply and how to enforce laws in an international context. The legal component of the course will explore issues such as responsibility to protect and secure data, how liability is determined in complex IT supply chain, what are the legal risks if something goes wrong, and how to deal with legal issues in a cyber security incident.
The second part of this course focuses on cyber security from an organisational perspective and looks at how public and private organisations manage the security of the information they collect, store, elaborate and dispose of. In this second part, topics such as leadership in cyber security, cyber security policies and compliance, governance of cyber security and design of information security systems will provide students with an overview of the dynamics associated with managing cyber security in the workplace. Questions such as “what are the weak links in an organisation’s information security management systems?, how can individuals interact with technologies and create opportunities for cyber-breaches?, or how can companies design cyber security systems that are secure as well as user-friendly?” are example of the issues that will be analysed in the second part.
The course is intended to be practical, looking at issues that arise in real life, rather than focusing on topics that are academically interesting but of little practical relevance. The course spotlights business problems, and in doing so, looks at a number of relevant legal and managerial subjects. The course aims to tie these topics together. Various problems will be workshopped throughout the course. No prior managerial or legal study or knowledge is assumed.
CYBR7003 is an interactive course taught in seminar mode. At times, we will use the Socratic method of lecturing, so you may be called upon to contribute during the seminars. You will be expected to have read each key reading. You are encouraged to turn your phones off during class, and to limit use of your laptops when we are engaging in discussion.
Course contact
Lecturer
Mr Keith Harbottle
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
- Full name,
- Student ID, and
- the Course Code
Aims and outcomes
The aims of the courseᅠ are ᅠto provide studentsᅠ with ᅠunderstanding of theᅠ governance, policy, legalᅠ andᅠ ethical ᅠissues relating to cyberᅠ security in both an international and domestic context.ᅠ
Course aims include:ᅠ
- To assist students in understandingᅠ the legal framework as it applies to ᅠbusinessesᅠ as relevant to cyberᅠ security.
- To give students an awareness of the ᅠlegalᅠ complexities that arise when ᅠresponding to a cyber securityᅠ breach.
- To provide students with practical issue-spotting and problem-solving skills ᅠrelevant to ᅠcyberᅠ security.
- To tie together a number of ᅠpolicy, ᅠlegal ᅠand ethical ᅠtopics in a coherent way toᅠ deal with and ᅠsolve real world problems.
- To immerse students in an organisational context, for them to experience first-hand the dynamics that characterise cyber security in the ᅠworkplace.
- To help students understand current governance structures and arrangements in public and private organisations, also in the light of recommendations by international best practice ᅠstandards.
- To provide students with the managerial tools required toᅠ be champions of safe cyber securityᅠ practices.
- To ᅠincrease ᅠstudents’ awareness on ᅠthe importance of human ᅠfactors in cyber securityᅠ management.
ᅠ
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Articulate, in an organisational context, the key elements of governance and policy-making on matters of cyber security.
LO2.
Design and execute strategies aimed at promoting compliance to cyber security policies and a sound cyber security culture in organisations.
LO3.
Mobilise the appropriate resources (information, skills, etc.) to ensure effective cyber risk management in an organisational context.
LO4.
Work within a team to anticipate the cyber security needs arising in various types of organisations.
LO5.
Examine, research and analyse emerging legal issues in relation to cybersecurity.
LO6.
Be an engaged participant in discussions concerning the state of the law relevant to cyber security, such as where there are gaps in the law due to rapid advancements in technology.
LO7.
Identify potential legal and commercial issues arising in an international commercial context relating to cyber security and provide potential solutions.
LO8.
Demonstrate a critical understanding of the legal complexities that arise in relation to responding to a cyber security breach.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Essay/ Critique | Legal perspectives in cyber security | 30% |
2/09/2024 2:00 pm |
| Paper/ Report/ Annotation | Organisational cyber security report | 30% |
14/10/2024 2:00 pm |
| Presentation |
Application of Cybersecurity Org and Legal Principles
|
40% |
4/11/2024 |
Assessment details
Legal perspectives in cyber security
- Mode
- Written
- Category
- Essay/ Critique
- Weight
- 30%
- Due date
2/09/2024 2:00 pm
- Learning outcomes
- L05, L06, L07, L08
Task description
Students will be required to prepare an essay individually in relation to a legal issue that arises in a business context in relation to cybersecurity.
The paper should identify the issue, set out the law in relation to the issue, identify any gaps or problems with the current law, and if appropriate propose possible changes to the current law.
Five example essay topics will be published during the semester. Students can select one of these five topics. Alternatively, students can propose a topic, which must be approved by teaching staff.
The word limit for the essay is a maximum of 2,500 words.
By way of clarification, this word count:
- includes headings and subheadings;
- does not include text in the header;
- does not include footnotes or Appendices - however footnotes should be used for citation purposes only. Substantive text should not be included in footnotes.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
Usage of AI is allowed in this assessment piece, but must be done within the indications and constraints indicated on Blackboard at the beginning of the course. These include including (typically in the assessment appendix) the prompts utilised to query AI, the responses provided by the AI, and evidence of critical analysis of text-generated AI, before usage in the assessment. Moreover, usage of AI needs to be adequately referenced in the assessment. These guidelines are provided because, to pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Submission will be via Turnitin
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Organisational cyber security report
- Mode
- Written
- Category
- Paper/ Report/ Annotation
- Weight
- 30%
- Due date
14/10/2024 2:00 pm
- Learning outcomes
- L01, L02
Task description
This individual assessment item covers Organisational Perspectives in Cyber Security (governance, policies, procedures, compliance, risk management, culture - including awareness, training and education - and ethics (Weeks 7 - 12 content).
For this assessment, you will take on the role of an information security consultant and assess an organisational cyber security scenario.
You will provide recommendations for areas to improve and on how to capture further meaningful information for your analysis.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
Usage of AI is allowed in this assessment piece, but must be done within the indications and constraints indicated on Blackboard at the beginning of the course. These include including (typically in the assessment appendix) the prompts utilised to query AI, the responses provided by the AI, and evidence of critical analysis of text-generated AI, before usage in the assessment. Moreover, usage of AI needs to be adequately referenced in the assessment. These guidelines are provided because, to pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Submission will be via Turnitin
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Application of Cybersecurity Org and Legal Principles
- Team or group-based
- Mode
- Oral, Product/ Artefact/ Multimedia
- Category
- Presentation
- Weight
- 40%
- Due date
4/11/2024
- Other conditions
- Peer assessed.
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07, L08
Task description
In this task you will work in small groups to develop and submit a video presentation (15-20 minutes) supported with slides and/or other appropriate audiovisual aids on a cyber security topic, relating that topic to the learning objectives of the whole course.
The precise scenarios and topics will be guided by teaching staff, and you will be given a clear assignment specification outlining the required components.
As a group assignment, this piece of assessment will incorporate a peer assessment component. The results of this peer assessment may impact your final marks.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
Please Note: The presentation will be recorded for marking purposes per UQ Policy.
Usage of AI is allowed in this assessment piece, but must be done within the indications and constraints indicated on Blackboard at the beginning of the course. These include including (typically in the assessment appendix) the prompts utilised to query AI, the responses provided by the AI, and evidence of critical analysis of text-generated AI, before usage in the assessment. Moreover, usage of AI needs to be adequately referenced in the assessment. These guidelines are provided because, to pass this assessment, students will be required to demonstrate detailed comprehension of their written submission independent of AI tools.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Video presentation to be uploaded on Blackboard.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Additional assessment information
Students have the possibility to undertake the UQx MOOC on effective teamwork, in support of their group work skills development and assessment.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Library resources are available on the UQ Library website.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Seminar |
Introduction to CYBR7003: The Legal Framework
Learning outcomes: L05, L06 |
Week 2 |
Seminar |
Privacy, Security and Confidentiality
Learning outcomes: L05, L07, L08 |
Week 3 |
Seminar |
Platforms and Cloud
Learning outcomes: L05, L06, L07, L08 |
Week 4 |
Seminar |
The international context
Learning outcomes: L05, L06, L07, L08 |
Week 5 |
Seminar |
Responding to cybersec incidents & wrap-up
Learning outcomes: L05, L06, L07, L08 |
Week 6 |
Seminar |
Between Management and Law: Ethics in CS
Learning outcomes: L01, L06, L07, L08 |
Week 7 |
Seminar |
Industry Panel Meet several cyber-professionals and talk about all things cyber with them! Learning outcomes: L02, L04 |
Week 8 |
Seminar |
Organisational cybersecurity: An intro
Learning outcomes: L01, L02, L03 |
Week 9 |
Seminar |
Governance in CS: Standards and Frameworks
Learning outcomes: L01, L03 |
Mid Sem break |
No student involvement (Breaks, information) |
In-Semester Break |
Week 10 |
Seminar |
Org Cybersec Policies and Proc
Learning outcomes: L01, L02, L04 |
Week 11 |
Seminar |
CS Risk Management + Intro: Culture & Training
King's Birthday Public Holiday - Monday 7 Oct 2024 - Check Blackboard for announcements about affected classes. Learning outcomes: L02, L03, L04 |
Week 12 |
Seminar |
CS Awareness, Training and Education
Learning outcomes: L02, L03, L04 |
Week 13 |
Seminar |
Wrap-up and Assessment lab This session will wrap-up the course contents, answer questions students may have on their assessment, and give them time to work on assessment 3, if required Learning outcomes: L01 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.