Cyber Risk: Data Management
Duration
- One Semester or equivalent
Contact hours
- 36
2020 teaching periods
Swinburne Online
| Teaching Period 3 | Teaching Period 2 | |
|---|---|---|
|
Dates: Results: Last self enrolment: Census: Last withdraw without fail: |
Dates: Results: Last self enrolment: Census: Last withdraw without fail: |
Prerequisites
50 Credit PointsAims and objectives
This unit provides insights into critical Information System (IS)/Information Technology (IT) & Information Security risk, as well as the corresponding security management issues facing business managers in the effective use of Information Technology in contemporary organisations. Students will develop a critical understanding of cyber risk issues that managers face when doing business, including consideration of impacts of new and emerging threats.
Students will develop a robust understanding of the skills required to adopt and implement, an effective Risk Management Strategy in line with the industry best practice taking into account the nexus between data governance, enterprise data management and cyber security.
Students will develop a robust understanding of the skills required to adopt and implement, an effective Risk Management Strategy in line with the industry best practice taking into account the nexus between data governance, enterprise data management and cyber security.
Students who successfully complete this unit will be able to:
1. Develop a risk management strategy for an organisation that is sufficiently agile to adapt to changing cyber threats.
2. Assess and apply information systems risk and security management standards and frameworks to real-word case based scenarios
3. Critically analyse major theories, concepts and methodologies for managing risks and assuring the integrity and security of information assets
4. Evaluate appropriate governance, assurance and internal control techniques for managing information risks and security
5. Communicate effectively as a professional and function as an effective leader or member of a diverse team
2. Assess and apply information systems risk and security management standards and frameworks to real-word case based scenarios
3. Critically analyse major theories, concepts and methodologies for managing risks and assuring the integrity and security of information assets
4. Evaluate appropriate governance, assurance and internal control techniques for managing information risks and security
5. Communicate effectively as a professional and function as an effective leader or member of a diverse team
Unit information in detail
- Teaching methods, assessment, general skills outcomes and content.
Teaching methods
Face to Face Mode: Class 3 hours per week
Online Mode (SOL):
Engaging with online content and discussions
Student workload:
For all teaching and learning structures (both face to face and online), students are expected to spend an average of 150 hours per unit in total over the duration of the study period
This includes all:
• Scheduled teaching and learning events and activities (contact hours timetabled in a face-to-face teaching space) and scheduled online learning events (contact hours scheduled in an online teaching space), and
To be successful, students should:
• Read all prescribed materials and/or view videos in preparation for each class
• Attend and engage in all scheduled classes (face to face or online)
• Start assessment tasks well ahead of the due date, and submit assessments promptly
• Read / listen to all feedback carefully, and consider it for future assessment
• Engage with fellow students and teaching staff (don’t hesitate to ask questions)
Online Mode (SOL):
Engaging with online content and discussions
Student workload:
For all teaching and learning structures (both face to face and online), students are expected to spend an average of 150 hours per unit in total over the duration of the study period
This includes all:
• Scheduled teaching and learning events and activities (contact hours timetabled in a face-to-face teaching space) and scheduled online learning events (contact hours scheduled in an online teaching space), and
• Non-scheduled learning events and activities (including directed online learning activities, assessments, independent study, student group meetings, and research)
• Read all prescribed materials and/or view videos in preparation for each class
• Attend and engage in all scheduled classes (face to face or online)
• Start assessment tasks well ahead of the due date, and submit assessments promptly
• Read / listen to all feedback carefully, and consider it for future assessment
• Engage with fellow students and teaching staff (don’t hesitate to ask questions)
Assessment
Online Discussion (Individual) 10-20%
Assignments (Individual) 30-40%
Case Based Project (Group) 40-50%
General skills outcomes
• analysis skills
• communication skills
• team work skills
• ability to tackle unfamiliar problems
• ability to work independently
• communication skills
• team work skills
• ability to tackle unfamiliar problems
• ability to work independently
Content
• Introduction to basic principles and concepts of the risk management, pivoting quickly to risk within the context of cybersecurity
• Assessing the impact of a cyber-attack on an organisation
• Risk assessment and modelling, and minimising attack surfaces and managing threat vectors
• Importance of useable security; ensuring that security controls and processes are sufficiently agile to adapt to changing threats and are appropriate to, and do not overwhelm business priorities and performance
• Introduction and application of established frameworks for assessing and managing risks: eg Australian Signals Directorate’s (ASD) Australian Government Information Security Manual (ISM), the US National Institute of Standards and Technology’s Cybersecurity Framework and the UK government’s Cyber Essentials
• Understanding and planning for risk associated with human factors in particular insider threat
• Social engineering
• Data and operational risk
• Integrating enterprise risk and cyber risk
• Inherent, current and residual risk
• Asset classification – the identification of Security Controls need to protect assets including data
• Reporting and communicating risk, risk mitigation strategies to stakeholders.
• Risk sharing
• Research methods
• Assessing the impact of a cyber-attack on an organisation
• Risk assessment and modelling, and minimising attack surfaces and managing threat vectors
• Importance of useable security; ensuring that security controls and processes are sufficiently agile to adapt to changing threats and are appropriate to, and do not overwhelm business priorities and performance
• Introduction and application of established frameworks for assessing and managing risks: eg Australian Signals Directorate’s (ASD) Australian Government Information Security Manual (ISM), the US National Institute of Standards and Technology’s Cybersecurity Framework and the UK government’s Cyber Essentials
• Understanding and planning for risk associated with human factors in particular insider threat
• Social engineering
• Data and operational risk
• Integrating enterprise risk and cyber risk
• Inherent, current and residual risk
• Asset classification – the identification of Security Controls need to protect assets including data
• Reporting and communicating risk, risk mitigation strategies to stakeholders.
• Risk sharing
• Research methods
Study resources
- References.
References
• Wu, C., & Irwin, J. David 2013, Introduction to Computer Networks and Cybersecurity, , CRC Press, USA
• Stallings, W 2016, Cryptography And Network Security, 7th Edition, , Pearson, India
• Stallings, W 2016, Cryptography And Network Security, 7th Edition, , Pearson, India