Overview

This unit provides insights into critical Information System (IS)/Information Technology (IT) & Information Security risk, as well as the corresponding security management issues facing business managers in the effective use of Information Technology in contemporary organisations. Students will develop a critical understanding of cyber risk issues that managers face when doing business, including consideration of impacts of new and emerging threats. Students will develop a robust understanding of the skills required to adopt and implement, an effective Risk Management Strategy in line with the industry best practice taking into account the nexus between data governance, enterprise data management and cyber security.

Requisites

Prerequisites
CYB70002 Cyber Risk: Data Management

Rule

50 credit points

Teaching periods
Location
Start and end dates
Last self-enrolment date
Census date
Last withdraw without fail date
Results released date

Learning outcomes

Students who successfully complete this unit will be able to:

  • Develop a risk management strategy for an organisation that is sufficiently agile to adapt to changing cyber threats
  • Assess and apply information systems risk and security management standards and frameworks to real-word case based scenarios
  • Critically analyse major theories, concepts and methodologies for managing risks and assuring the integrity and security of information assets
  • Evaluate appropriate governance, assurance and internal control techniques for managing information risks and security
  • Communicate effectively as a professional and function as an effective leader or member of a diverse team

Teaching methods

Hawthorn

Type Hours per week Number of weeks Total (number of hours)
Face to Face Contact (Phasing out)
Class
3.00 12 weeks 36
Unspecified Learning Activities (Phasing out)
Independent Learning
9.50 12 weeks 114
TOTAL150

Swinburne Online

Type Hours per week Number of weeks Total (number of hours)
Online
Directed Online Learning and Independent Learning
12.50 12 weeks 150
TOTAL150

Assessment

Type Task Weighting ULO's
AssignmentIndividual 30 - 40% 1,2,3,4 
Online DiscussionIndividual 10 - 20% 1,2,3,4 
ProjectGroup 30 - 50% 1,2,3,4,5 

Content

  • Introduction to basic principles and concepts of the risk management, pivoting quickly to risk within the context of cybersecurity
  • Assessing the impact of a cyber-attack on an organisation
  • Risk assessment and modelling, and minimising attack surfaces and managing threat vectors
  • Importance of useable security; ensuring that security controls and processes are sufficiently agile to adapt to changing threats and are appropriate to, and do not overwhelm business priorities and performance
  • Introduction and application of established frameworks for assessing and managing risks: eg Australian Signals Directorate’s (ASD) Australian Government Information Security Manual (ISM), the US National Institute of Standards and Technology’s Cybersecurity Framework and the UK government’s Cyber  Essentials
  • Understanding and planning for risk associated with human factors in particular insider threat
  • Social engineering
  • Data and operational risk
  • Integrating enterprise risk and cyber risk
  • Inherent, current and residual risk
  • Asset classification – the identification of  Security Controls need to protect assets including data
  • Reporting and communicating risk, risk mitigation strategies to stakeholders.
  • Risk sharing
  • Research methods

Study resources

Reading materials

A list of reading materials and/or required textbooks will be available in the Unit Outline on Canvas.