Year
2023Credit points
10Campus offering
No unit offerings are currently available for this unitPrerequisites
ITEC201 Fundamentals of Information Technology
Incompatible
ISYS326 Information Systems Security
Unit rationale, description and aim
Information security is crucial to all global organisations to protect their data, privacy, hardware, software and stakeholders from intentional or unintentional threats while conducting their business. Information Systems Security combines systems, operations and internal controls to ensure integrity, confidentiality and availability of data and operation procedures in an organisation. This unit is designed to provide students with a broad understanding of information systems security with respect to operating system, database operations, network operations, software operations and business process policies. This unit introduces concepts, theories, methodologies and techniques related to implementation of information systems security.
The aim of this unit is to ensure students have a solid understanding and knowledge of the key issues pertaining to information systems security and are able to practically implement appropriate security countermeasures to mitigate information systems security threats protecting relevant stakeholders in the interest of common good.
Learning outcomes
To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.
Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.
Explore the graduate capabilities.
On successful completion of this unit, students should be able to:
LO1 - Investigate potential security threats to information systems and work collaboratively to analyse their consequences in real world scenarios. (GA5, GA7)
LO2 - Design and critically analyse security solutions through application of information security knowledge protecting consumers and other stakeholders (GA5, GA4)
LO3 - Evaluate the encryption mechanisms and its application in developing information systems solutions using a diverse range of resources (GA5, GA8)
LO4 - Integrate relevant security measures to ensure an enhanced level of information systems security by appropriately using relevant tools and technologies. (GA5, GA10)
LO5 - Evaluate and propose appropriate security countermeasures to minimise the impacts or likelihood of risks in an organisation for the benefit of human dignity and dignity of work. (GA1, GA5)
Graduate attributes
GA1 - Demonstrate respect for the dignity of each individual and for human diversity
GA4 - think critically and reflectively
GA5 - demonstrate values, knowledge, skills and attitudes appropriate to the discipline and/or profession
GA7 - work both autonomously and collaboratively
GA8 - locate, organise, analyse, synthesise and evaluate information
GA10 - utilise information and communication and other relevant technologies effectively.
Content
Topics will include:
- introduction: security goals, types of threats, security policies models, security standards
- system security: access control, authentication and authorisation, file protection
- basic cryptography
- operating system security and program security
- database security
- network security
- physical security, operational security
- security planning and security policies
- legal, privacy, and ethical issues
- contemporary trends in information systems security
Learning and teaching strategy and rationale
The teaching and learning strategy is built on a “student-focused approach”. ACU’s teaching policy focuses on learning outcomes for students. Our teaching aims to engage students as active participants in the learning process while acknowledging that all learning must involve a complex interplay of active and receptive processes, the constructing of meaning for oneself, and learning from others. ACU promotes and facilitates learning that is autonomous and self-motivated, is characterised by the individual taking satisfaction in the mastering of content and skills and is critical, looking beneath the surface level of information for the meaning and significance of what is being studied.
The schedule of the workshops is designed in such a way that students can achieve intended learning outcomes sequentially. Teaching and learning activities will apply the experiential learning model, which encourages students to apply higher order thinking. The unit ensures that learning activities involve real-world scenarios that in turn assist with ‘real-world’ preparedness. The unit also uses a scaffolding technique that builds a student’s skills and prepares them for the next phase of the learning process.
Students should anticipate undertaking 150 hours of study for this unit, including class attendance, readings, online forum participation and assessment preparation.
Mode of delivery: This unit is offered in different modes. These are: “Attendance” mode, “Blended” mode and “Online” mode. This unit is offered in three modes to cater to the learning needs and preferences of a range of participants and maximise effective participation for isolated and/or marginalised groups.
Attendance Mode
In a weekly attendance mode, students will require face-to-face attendance in specific physical location/s. Students will have face-to-face interactions with lecturer(s) to further their achievement of the learning outcomes. This unit is structured with required upfront preparation before workshops, most students report that they spend an average of one hour preparing before the workshop and one or more hours after the workshop practicing and revising what was covered. The online learning platforms used in this unit provide multiple forms of preparatory and practice opportunities for you to prepare and revise.
Blended Mode
In a blended mode, students will require intermittent face-to-face attendance determined by the School. Students will have face-to-face interactions with lecturer(s) to further their achievement of the learning outcomes. This unit is structured with required upfront preparation before workshops. The online learning platforms used in this unit provide multiple forms of preparatory and practice opportunities for you to prepare and revise.
Online Mode
In an Online mode, students are given the opportunity to attend facilitated synchronous online seminar classes with other students and participate in the construction and synthesis of knowledge, while developing their knowledge. Students are required to participate in a series of online interactive workshops which include activities, knowledge checks, discussion and interactive sessions. This approach allows flexibility for students and facilitates learning and participation for students with a preference for virtual learning.
Assessment strategy and rationale
A range of assessment procedures will be used to meet the unit learning outcomes and develop graduate attributes consistent with University assessment requirements.
The first assessment provides opportunities for students to work collaboratively on the concepts of IS Security in a contextual sense. The rationale behind this assessment item is to provide students with practice in good study habits and to reinforce group learning and understanding of workshop materials. The second assessment is an opportunity to apply IS Security concepts to create an IS policy for an organisation. The aim of this assessment item is to test students’ ability to apply and synthesise the knowledge and skills in deeper levels. The last assessment provides an opportunity to reflect on the theory and practice of IS Security.
Assessment one and two are the same regardless of whether teaching mode is attendance, blended, or online. Assessment three is the same for attendance and blended modes, but changes for online mode. This is indicated in overview of assessment table below. Both methods assess the same learning outcomes.
Overview of assessments
| Brief Description of Kind and Purpose of Assessment Tasks | Weighting | Learning Outcomes | Graduate Attributes |
|---|---|---|---|
Assessment Task 1: Reflective report on a Case Study Participate in online discussion forum to understand complex concepts through reflection and collaboration. The students are expected to write a report reflecting their critical analysis on potential security threats and their consequences for an information system. The purpose of this assessment is to assess the students’ critical and analytical ability and collaborative working skills to delve into complex concepts about information systems security through reflection and collaboration. Submission Type: Individual Assessment Method: Reflective report Artefact: Written report | 15% | LO1, LO2 | GA4, GA5, GA7 |
Assessment Task 2: Practical Project – Information systems Security analysis and planning Develop professional skills through the application of theoretical knowledge and understanding of information system security analysis and security planning for a small organisation. The students are expected to analyse case study, locate diverse resources, use relevant tools to investigate security issues and compliance, write an analysis report and propose appropriate Information systems security solutions. The purpose of this assessment is to assess the students’ ability to use relevant resources and tools to apply their theoretical knowledge about Information systems security for analysing and planning Information system security solutions for a small organisation. Submission Type: Individual Assessment Method: IS Project Report Artefact: Written report | 35% | LO3, LO4, | GA5, GA8, GA10 |
Assessment Task 3 – Attendance and Blended Modes: Final Examination The final exam will be designed to assess all stated learning outcomes. This is a 2-hour invigilated examination covering all unit contents. The examination includes short answer questions and case study questions. The purpose of this assessment is to test the students’ grasp of the theoretical and soft skills (critical thinking, evaluation skills and understanding of relevant tools) aspects of the unit. Submission Type: Individual Assessment Method: Exam Artefact: Written exam responses | 50% | LO2, LO3, LO4, LO5 | GA4, GA5, GA8, GA10 |
Assessment Task 3 – Online Mode: Case Study Students will study several case studies, critically analyse them and answer a number of open-ended questions. They also have to use security tools to investigate the given scenarios and demonstrate the effects of cybersecurity on ethical and legal compliance and the social impact of cybersecurity breaches. The purpose of this assessment is to test the students’ grasp of the theoretical and soft skills (critical thinking, evaluation skills and understanding of relevant tools) aspects of the unit. Submission Type: Individual Assessment Method: Assignment Report Artefact: Written response to assignment questions | 50% | LO2, LO3, LO4, LO5 | GA4, GA5, GA8, GA10 |
Representative texts and references
Gollmann,D 2011, Computer Security, 3rd edn, John Wiley & Sons, West Sussex.
Pfleeger C & Pfleeger S & Margulies J 2015, Security in Computing, 5th edn, Prentice Hall, New Jersey.
Stallings W 2016, Cryptography & Network Security: Principles and Practice, 7th edn, Pearson US.
Whitman, M & Mattord, H 2016, Principles of Information Security, 5th edn, Cengage, Boston.
Stallings W & Brown L, 2015, Computer Security: Principle and Practice, 3rd Edn, Pearson US.
Stallings W & Case T 2013, Business data communications: Infrastructure, networking and security, 7th edn, Pearson, Boston.