Information Systems Risk and Security
Unit code: HIT8408
|Credit points||12.5 Credit Points|
|Duration||1 Semester or equivalent|
|Contact hours||36 Hours|
Related course(s)A unit of study in the Master of Information Technology, Master of Information Technology Project Management , Master of Information Technology (Professional Computing) and Master of Technology (Information Technology).
Aims and objectives
Students who complete this unit of study should be able to:
- Describe the importance of identifying and managing IS-related risk and security issues in organisations, and the relationship between these and the achievement of business value from IS/IT investments
- Recognise the costs of not appropriately identifying and managing risk and security concerns in projects and organisations, resulting in IS/IT failures, dysfunctional systems, and systems which fail to deliver value to key stakeholders
- Develop and document IS/IT risk and security management plans that detail contingency planning strategies and practices
- Explain the major theories and concepts associated with IS failure and the management of IS risk, including factors argued to lead to unsatisfactory outcomes with respect to IS/IT.Explain failures and risks associated with Information Security
- Conduct comprehensive risk assessments of IS/ IT relater projects and practices
- Recognise the relevance of human factors (culture & politics) and organisational factors (complexity, rate of change, etc) to IS risk identification and security management
- Adopt a critical approach to IS risk and security management and make recommendations based on sound theory and practice.
Generic skills outcomes
Students will be provided with feedback on progress in attaining the following generic skills:
• teamwork skills,
• analysis skills,
• problem solving skills,
• communications skills,
• ability to tackle unfamiliar problems
• ability to work independently
- Risk Assessment theory and concepts
- Risk mitigation theory and concepts
- Information security governance (role of senior management in information security)
- Developing information security strategy
- Information security organisation
- Managing information security programmes
- Role of policies and standards in IS risk and security management
- Contingency planning including business continuity and disaster recovery planning
- Incident management
- Laws, regulations and ethics in context of information security
- Compliance with information risk and security requirements
- The major theories and concepts associated with IS failure and the management of IS risk and security issues
- Human factors (culture & politics) and organisational factors (complexity, rate of change, etc) to risk identification and management
ReferencesTipton, H.F., Information Security management Handbook, 6th Ed Taylor & Francis, 2008
Peltier, TR, Information Security Risk Analysis, 2nd edn, Auerbach Publications, 2005.
Jordan, E & Silcock, L, Beating IT Risks, Chichester, Wiley, 2006.
Alberts, C & Dorofee, A, Managing Information Security Risks. Boston, Addison Wesley, 2003.
Glass, RL, Software Runaways: Lessons Learned form Massive Software Project Failures. Upper Saddle River, N.J., Prentice Hall, 1998.
Slay, J & Koronios, A, IT Security & Risk Management, John Wiley & Sons, 2006.
Dark, M., Information Assurance and Security Ethics in Complex Systems: Interdisciplinary Perspectives, Information Science Publishing
Fragniere, E., Sullivan, G., 2007, Risk Management, Safeguarding Company Assets, Axzo Press
Gene, K., Love, P., Spafford, G., 2008, Visible Ops Security, ITPI
Merkov, M., Breithaupt, J., 2006, Information Security Principles and Practices, Prentice Hall
Raggad, B., 2010, Information Security Management: Concept and Practice, CRC Press
Whitman, M., Mattord, H., 2010, Management of Information Security, 3rd edn,Cengage Learning, AU
Relevant international and Australian standards