Year

2023

Credit points

10

Campus offering

No unit offerings are currently available for this unit

Prerequisites

Nil

Incompatible

ITEC640 Information Systems Security

Teaching organisation

150 hours over a twelve-week semester or equivalent study period

Unit rationale, description and aim

This unit will cover the importance of cyber security, security threats, risk analysis and mitigation techniques. The unit demonstrates the basic cyber security concepts, security tools, cryptographic schemes, and the common architectures used as industry standards. Students will learn how to defend against cyber threats and attacks and study existing techniques for managing and mitigating security issues and maintaining the working environment. This unit introduces the broad discipline of cyber security and outlines how to ensure data confidentiality, privacy, integrity, authenticity, and availability of information. It also covers social, ethical, and legal issues in cyber-space to understand how cyber security affects legal compliance and solidarity in communities and society. The aim of this unit is to provide students with essential background knowledge in cyber security and develop practical skills, that will help them to understand advanced cyber security topics.

Learning outcomes

To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.

Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.

Explore the graduate capabilities.

On successful completion of this unit, students should be able to:

LO1 - Synthetise vulnerabilities and potential security threats to information systems and analyse their consequences in real world scenarios in collaboration with peers (GA5, GA7)

LO2 - Apply appropriate security tools to safeguard data, systems and networks from malicious attacks (GA5, GA10)

LO3 - Critically evaluate the consequences of security threats in an organisation and propose appropriate security countermeasures to minimise the impacts or likelihood of risks. (GA4, GA5).

LO4 - Appraise the impact of cyber security threats across societies and national borders (GA2, GA5).

Graduate attributes

GA2 - recognise their responsibility to the common good, the environment and society 

GA4 - think critically and reflectively 

GA5 - demonstrate values, knowledge, skills and attitudes appropriate to the discipline and/or profession 

GA7 - work both autonomously and collaboratively 

GA10 - utilise information and communication and other relevant technologies effectively.

Content

Topics will include:

  • Introduction to cyber security
  • Cybersecurity cube (Multimode only)
  • Threats, vulnerabilities, attacks
  • Protecting secrets
  • Risk assessment and management
  • Ensuring Integrity
  • Access control
  • Protecting a CS domain (Multimode only)
  • Becoming a CS specialist (Multimode only)
  • Legal, privacy and ethical issues
  • Impacts of cyber attacks

Learning and teaching strategy and rationale

Multimode

This unit will be delivered in multimode over a twelve-week semester or equivalent study period. Students will have access to all primary learning materials online, along with formative and summative assessments, all of which will be available online, to provide a learning experience beyond the classroom. While there are no formal classroom lectures for this unit, students will be required to attend weekly three-hour workshops, which will include a seminar and specific tasks related to achievement of the unit learning outcomes. Workshops facilitate learning by doing, which is particularly effective for information technology units as technical skills can be better learned through hands on practices.

ACU Online

This unit uses an active learning approach to support students in the exploration of knowledge essential to the discipline. Students are provided with choice and variety in how they learn. Students are encouraged to contribute to asynchronous weekly discussions. Active learning opportunities provide students with opportunities to practice and apply their learning in situations similar to their future professions. Activities encourage students to bring their own examples to demonstrate understanding, application and engage constructively with their peers. Students receive regular and timely feedback on their learning, which includes information on their progress.

Assessment strategy and rationale

A range of assessment procedures will be used to meet the unit learning outcomes and develop graduate attributes consistent with University assessment requirements. The first assessment provides students with an opportunity to apply their theoretical knowledge and gain practical skills. In assessment task 2, students will critically analyse a recent security breach and investigate the cause of breach and will also apply their knowledge to propose an appropriate security solution. The last assessment provides students with an opportunity to apply theoretical knowledge and assess risk for a cyber physical system using standard risk analysis models.

To pass this unit, students must demonstrate competence in all learning outcomes and achieve an aggregate mark of at least 50%. Marking will be in accordance with a rubric specifically developed to measure students’ level of achievement of the learning outcomes for each item of assessment. Students will be awarded a final grade which signifies their overall achievement in the unit.

Overview of assessments

Multimode;

Brief Description of Kind and Purpose of Assessment TasksWeightingLearning OutcomesGraduate Attributes

Task 1: Lab assessment

This assessment consists of a series of weekly lab exercises where students are required to apply different security tools and techniques to solve practical problems. The feedback from this assessment will help students to be ready to apply the concepts in other two assessments.

Submission Type: Individual

Assessment Method: Lab Practical task

Artefact: Source Code/Lab report

20%

LO1, LO2, LO3, LO4

GA2, GA4, GA5, GA7, GA10

Task 2: Report on a recent data breach

The purpose of this task is to assess students’ critical thinking and reflective analysis of contemporary cyber security issues. This report has to be written based on a recent cyber-attack. Students will learn how to write a scientific report and format it using the IEEE template.

Submission Type: Group

Assessment Method: Scientific report

Artefact: Written report (1500 words)

30%

LO1, LO2

GA5, GA7, GA10

Task 3: Report on threat classification & risk assessment

Students are expected to write a report reflecting their critical analysis on threat classification and risk assessment. In this task, they have to use STRIDE and DREAD security models to identify risk factors of an IT or information system. In addition, they need to critically analyse the impact of cybersecurity threats across societies and national borders.

 The purpose of this assessment is to assess students’ critical and analytical ability to delve into complex concepts about cyber security through reflection and collaboration.

Submission Type: Individual

Assessment Method: Written Report

Artefact: Written report (2000 words)

50%

LO3, LO4

GA2, GA4, GA5

Online

Brief Description of Kind and Purpose of Assessment TasksWeightingLearning OutcomesGraduate Attributes

Task 1: Practical Exercises

This assessment consists of a series of practical exercises where students are required to apply different security tools and techniques to solve practical problems. The exercises will be collated by students and submitted as a single file.

Submission Type: Individual

Assessment Method: Practical tasks

Artefact: Answers/report

20%

LO1, LO2, LO3, LO4

GA2, GA4, GA5, GA7, GA10

Task 2: Report on a recent data breach

The purpose of this task is to assess students’ critical thinking and reflective analysis of contemporary cyber security issues. This report has to be written based on a recent cyber-attack. Students will learn how to write a scientific report and format it using the IEEE template.

Submission Type: Individual

Assessment Method: Scientific report

Artefact: Written report (1500 words)

30%

LO1, LO2

GA5, GA7, GA10

Task 3: Report on threat classification & risk assessment

Students are expected to write a report reflecting their critical analysis on threat classification and risk assessment. In this task, they have to use STRIDE and DREAD security models to identify risk factors of an IT or information system. In addition, they need to critically analyse the impact of cybersecurity threats across societies and national borders.

 The purpose of this assessment is to assess students’ critical and analytical ability to delve into complex concepts about cyber security through reflection and collaboration.

Submission Type: Individual

Assessment Method: Written Report

Artefact: Written report (2000 words)

50%

LO3, LO4

GA2, GA4, GA5

Representative texts and references

Stallings W, 2020, Cryptography & Network Security: Principles and Practice, 8th edn, Pearson US.

 Stallings W & Brown L, 2018, Computer Security: Principle and Practice, 4th Edn, Pearson US.

 Anderson, R 2020, Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd edn, Wiley.

 Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.

 Charles J. Brooks, Philip Craig, Donald Short, Cybersecurity Essentials, SYBEX, 2017.

 Whitman, M & Mattord, H 2016, Principles of Information Security, 5th edn, Cengage, Boston. 

Have a question?

We're available 9am–5pm AEDT,
Monday to Friday

If you’ve got a question, our AskACU team has you covered. You can search FAQs, text us, email, live chat, call – whatever works for you.

Live chat with us now

Chat to our team for real-time
answers to your questions.

Launch live chat

Visit our FAQs page

Find answers to some commonly
asked questions.

See our FAQs