Overview

In this unit students are introduced to information risk and security management in contemporary enterprise. The unit engages students with the knowledge and techniques applied by organisations to manage risks and provide for information security. This includes the implementation of appropriate information management plans, assurance processes, standards and frameworks. Students will learn about the legal, professional and ethical responsibilities of information risk and security management through real-world case based scenarios and become familiar with approaches to information governance and assurance including the automated tools and approaches that are used by organisations.

Teaching periods
Location
Start and end dates
Last self-enrolment date
Census date
Last withdraw without fail date
Results released date

Learning outcomes

Students who successfully complete this unit will be able to:

  • Describe the importance of information security and risks management in achieving organisational goals and objectives
  • Assess and apply information systems risk and security management standards and frameworks to real-word case based scenarios
  • Analyse major theories, concepts and methodologies for managing risks and assuring the integrity and security of information assets
  • Evaluate appropriate governance, assurance and internal control techniques for managing information risks and security
  • Communicate effectively as a professional and function as an effective leader or member of a team

Teaching methods

Hawthorn

Type Hours per week Number of weeks Total (number of hours)
Face to Face Contact (Phasing out)
Lecture
2.00 12 weeks 24
Face to Face Contact (Phasing out)
Tutorial
1.00 12 weeks 12
Unspecified Learning Activities (Phasing out)
Independent Learning
9.50 12 weeks 114
TOTAL150

OUA

Type Hours per week Number of weeks Total (number of hours)
Online
Directed Online Learning and Independent Learning
12.50 12 weeks 150
TOTAL150

Assessment

Type Task Weighting ULO's
Assignment 1Individual 20 - 30% 1,2,5 
Assignment 2Group 20 - 30% 2,3,5 
Assignment 3Individual 20 - 30% 3,4,5 
TestIndividual 20 - 40% 1,2,3,4 

Content

  • An introduction to Information Systems risk and security
  • Risk management, assessment and mitigation
  • Information security management, governance and assurance
  • The role of policies and standards in IS risk and security management
  • Contingency planning, including incident management, business continuity and disaster recovery planning
  • Fraud and forensic auditing: Fraud, cybercrime, forensic auditing and continuous monitoring
  • Compliance frameworks and legal, professional and ethical issues in IS security and risk management
  • Major Theories, concepts and methodologies for managing information systems and assuring the integrity and security of information assets
  • The socio-technological dimensions (human and organisational factors) in IS security and risk management

Study resources

Reading materials

A list of reading materials and/or required textbooks will be available in the Unit Outline on Canvas.