1 Semester or equivalent

36 Hours

Hawthorn

 Nil

Credit Points: 12.5 Credit Points

Related Course/s:

A unit of study in the Master of Information Technology,  Master of Information Technology Project Management ,  Master of Information Technology (Professional Computing) and Master of Technology (Information Technology).

Aims & Objectives:

• Describe the importance of identifying and managing IS-related risk and security issues in organisations, and the relationship between these and the achievement of business value from IS/IT investments
• Recognise the costs of not appropriately identifying and managing risk and security concerns in projects and organisations, resulting in IS/IT failures, dysfunctional systems, and systems which fail to deliver value to key stakeholders
• Develop and document IS/IT risk and security management plans that detail contingency planning strategies and practices
• Explain the major theories and concepts associated with IS failure and the management of IS risk, including factors argued to lead to unsatisfactory outcomes with respect to IS/IT.Explain failures and risks associated with Information Security
• Conduct comprehensive risk assessments of IS/ IT relater projects and practices
• Recognise the relevance of human factors (culture & politics) and organisational factors (complexity, rate of change, etc) to IS risk identification and security management
• Adopt a critical approach to IS risk and security management and make recommendations based on sound theory and practice.

Teaching Methods:

Lecture (24 hrs), Tutorial/Seminar (12 hrs)

Assessment:

Assignments, Examination

Generic Skills Outcomes:

Students will be provided with feedback on progress in attaining the following generic skills:
• teamwork skills,
• analysis skills,
• problem solving skills,
• communications skills,
• ability to tackle unfamiliar problems
• ability to work independently

Content:

• Risk Assessment theory and concepts
• Risk mitigation theory and concepts
• Information security governance (role of senior management in information security)
• Developing information security strategy
• Information security organisation
• Managing information security programmes
• Role of policies and standards in IS risk and security management
• Contingency planning including business continuity and disaster recovery planning
• Incident management
• Laws, regulations and ethics in context of information security
• Compliance with information risk and security requirements
• The major theories and concepts associated with IS failure and the management of IS risk and security issues
• Human factors (culture & politics) and organisational factors (complexity, rate of change, etc) to risk identification and management

References:

Tipton, H.F., Information Security management Handbook, 6th Ed Taylor & Francis, 2008

Peltier, TR, Information Security Risk Analysis, 2nd edn, Auerbach Publications, 2005.

Jordan, E & Silcock, L, Beating IT Risks, Chichester, Wiley, 2006.

Alberts, C & Dorofee, A, Managing Information Security Risks. Boston, Addison Wesley, 2003.

Glass, RL, Software Runaways: Lessons Learned form Massive Software Project Failures. Upper Saddle River, N.J., Prentice Hall, 1998.

Slay, J & Koronios, A, IT Security & Risk Management, John Wiley & Sons, 2006.

Dark, M., Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives, Information Science Publishing

Fragniere, E., Sullivan, G., 2007, Risk Management, Safeguarding Company Assets, Axzo Press
Gene, K., Love, P., Spafford, G., 2008, Visible Ops Security, ITPI

Merkov, M., Breithaupt, J., 2006, Information Security Principles and Practices, Prentice Hall

Raggad, B., 2010, Information Security Management: Concept and Practice, CRC Press

Whitman, M., Mattord, H., 2010, Management of Information Security, 3rd edn,Cengage Learning, AU
Relevant international and Australian standards