COMMGMT 7025 - Information Risks, Threats & Controls (M)

North Terrace Campus - Semester 2 - 2022

The course Information Risks, Threats, & Controls consider a broad perspective of organisational vulnerabilities of the digital age, including Enterprise Risk Assessment. Topics addressed include recognition, analysis, and synthesis of risks, threats, and vulnerabilities, and measures to mitigate them, including policy, control, and implementation. Risk management and assurance are critical to all aspects of all businesses and on a broad level. While this course acknowledges the need to recognise and analyse risks, threats, and vulnerabilities across and within the various disciplinary structures of an organisation, (including fiscal risk, brand and reputation, production, operations, legal, and OH&S) it does so from the perspective of the responsibility for Information and Cyber Security plans to support and ensure the risk management of other departments and disciplines. The focus, throughout, is specifically on Information & Cyber Security and Data Privacy.

  • General Course Information
    Course Details
    Course Code COMMGMT 7025
    Course Information Risks, Threats & Controls (M)
    Coordinating Unit Management
    Term Semester 2
    Level Postgraduate Coursework
    Location/s North Terrace Campus
    Units 3
    Contact Up to 3 hours per week
    Available for Study Abroad and Exchange Y
    Incompatible COMMGMT 2507
    Assessment Quiz, projects and reflective journal
    Course Staff

    Course Coordinator: Dr Cate Jerram

    Dr Cate Jerram
    10.34 Nexus 10
    cate.jerram@adelaide.edu.au
    #8313 4757
    Course Timetable

    The full timetable of all activities for this course can be accessed from Course Planner.

  • Learning Outcomes
    Course Learning Outcomes
    On successful completion of this course, students will be able to:
    1. Effectively communicate the differences between risk, threat, and vulnerabilities, how they inter-relate, and the principle means of recognising them.
    2. Identify and communicate to clients the different types of risks and their nature, across the various core business functions and processes.
    3. Demonstrate different methods of conducting risk analyses and impact assessments.
    4. Detail the core requirements of an Information Risk Assurance process for an SME and for a corporation or large business.
    5. Develop an Information Security Framework for a specified business.
    University Graduate Attributes

    This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:

    University Graduate Attribute Course Learning Outcome(s)

    Attribute 1: Deep discipline knowledge and intellectual breadth

    Graduates have comprehensive knowledge and understanding of their subject area, the ability to engage with different traditions of thought, and the ability to apply their knowledge in practice including in multi-disciplinary or multi-professional contexts.

    1 - 4

    Attribute 2: Creative and critical thinking, and problem solving

    Graduates are effective problems-solvers, able to apply critical, creative and evidence-based thinking to conceive innovative responses to future challenges.

    5

    Attribute 3: Teamwork and communication skills

    Graduates convey ideas and information effectively to a range of audiences for a variety of purposes and contribute in a positive and collaborative manner to achieving common goals.

    3

    Attribute 4: Professionalism and leadership readiness

    Graduates engage in professional behaviour and have the potential to be entrepreneurial and take leadership roles in their chosen occupations or careers and communities.

    1 - 5

    Attribute 5: Intercultural and ethical competency

    Graduates are responsible and effective global citizens whose personal values and practices are consistent with their roles as responsible members of society.

    3, 4
  • Learning Resources
    Required Resources
    Students onsite must bring earphones and/or the ability to connect with the online class (laptop or tablet or mobile phone).

    Students will be researching and resourcing core materials so there is no required text.

    Online Learning
    This course is very much a research-based course, so there will be considerable online activity both in class and out. When possible, sessions will be recorded. However – occasionally recordings fail. As much of the content is acquired through team research, presentation, discussion, and sharing - for the most part, online recorded sessions will not be very satisfactory replacements for live attendance, whether on-site or online.

    IRTC is run on heutagogical principles, and is very much a research-based course, so there will be considerable online activity both in class and out. This is a mixed cohort class. That means there will be students attending both onsite and online only (from many time zones) simultaneously. Reminder - onsite students must bring earphones to class. As classes are delivered simultaneously to students on campus in Adelaide and to students with only online access, many classes and sessions will be delivered online. On-campus students must check schedules and watch announcements for sessions and classes when the academic will be online only and not in the classroom. On such occasions on-campus students are free to attend the online sessions in the class lab which remains reserved for the class as scheduled, or join online.


  • Learning & Teaching Activities
    Learning & Teaching Modes
    • Information Risks Threats & Controls is taught in CONSULTANCY mode - students work in teams for real clients (usually an SME) and apply learning to produce real outcomes for their clients.
      • Integrity is essential. Clients entrust studens with vital information that could cause them harm if students are indiscreet or careless.
    • Info Risks Threats & Controls will be taught in time blocks that will (usually) be comprised of research, workshop, discussion, and work on projects for real clients. 
    • Each session will comprise workshop, research and problem-solving activities, and class discussion, and some sessions will also include presentation, peer review, and coaching.
    • Each seminar is scheduled in a 3 hour block. The 3-hours will usually be broken into two or three sessions with 10-15 minute breaks between them.
    • RTC is a mixed cohort class, in which onsite and online students participate together. Onsite students are required to bring earphones to class to enable communication with online students. All students are to be considerate of each other's time zones.
    • This is a 'stacked' course with undergraduate and postgraduate students mingled in class and in projects. It is expected that as part of their learning and achievement, postgraduate students will mentor the undergraduate students.
    Workload

    The information below is provided as a guide to assist students in engaging appropriately with the course requirements.

    The University expects full-time students (i.e. those taking 12 units per semester) to devote a total of 48 hours per week to their studies.
    • This means that students are expected to commit approximately 12 hour per week to this course (including class time and the research, collaboration, online, & study time outside of your regular classes).
    • Students are required to attend all class sessions.
    • Students are required to complete class preparation (posted in MyUni) before the start of class.
    • A proportion of this course will be in team-mode. It is recognised that outside commitments can mean that team-work is challenging in terms of compatible scheduling, but much of the team work can be managed online, so full participation in out-of-class team work is expected.
    Learning Activities Summary
    A full schedule is provided on the course MyUni site. As this course is worked with SMB (Small Medium Business) clients, the schedule is flexible to work with the realities of client consultancy.
    Core topics include:

    Confidentiality and Non-Disclosure Agreements

    Frameworks, Policies, ISO, and Other Systems

    Overview of Risk
    Risk Analysis & Management Lexicon (concepts and definitions)
    Risk Appetite & Risk Tolerance
    Business Needs Analysis
    Risk Assessment (methods & methodologies)
    Risk Identification & Context
    Threats & Vulnerabilities
    Risk Assessment formulae
    Risk Evaluation
    Risk Response & Management
    - Treating & Controlling Risk
    Review & Monitor Risk Management
    Documentation of Risk & Measures

    Client interview protocols, schedules & skills
    Site Visits and Analysis
    Value chain and supply chain models.

    Course Coordinators & Mentors mark & approve Team InfoSec Frameworks for distribution to clients.
    After receiving approval, teams present their final InfoSec Framework & Documentation to their client organisation.

    Specific Course Requirements
    Students work with real clients in this course. It is therefore required that each student commits to professional attitudes and behaviour in dealing with clients, incuding meeting with clients, meeting deadlines, punctuality, and other such behaviours. 

    It is also required that students NOT submit content to clients until approved by course coordinator or assigned mentor.


    As this class has a mixed cohort (simultaneous on-site and online students),
    • onsite students are expected to bring earphones or other means of being able to communicate with online classmates from the class lab;
    • all cohorts are expected to make the extra effort required to communicate across technological and other challenges, including consideration for students in other time zones.
    There is an extremely challenging administrative management load in this course, and students are required to carefully read provided instructions and course advice before contacting a course academic for information already supplied.
    ie:
    Before contacting a course academic with a question:
    • Read the course outline.
    • Read the assessment descriptions.
    • Read the rubrics (all the cells).
    • Read all announcements as they arrive.
    • Check the FAQ section.
    • Check past announcements.
    • Check the Discussion Boards: Course Admin and Social.
  • Assessment

    The University's policy on Assessment for Coursework Programs is based on the following four principles:

    1. Assessment must encourage and reinforce learning.
    2. Assessment must enable robust and fair judgements about student performance.
    3. Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
    4. Assessment must maintain academic standards.

    Assessment Summary
    Assessment Task
    Task Type  
    Weighting
    Word Count / Time
    Time Due
    Learning Outcome
    In-class Quiz Quiz 15
    (5 ea)
    n/a Weeks 4, 8 & 12 1  - 4
    Client InfoSec Framework stage 1 Project Templates 20 tn Week 4 class 1 - 4, 5
    Client InfoSec Framework stage 2 Project Framework & Report 45 tbn Week 12 class 1 - 4, 5

    Reflective Journal
    Analytical & Reflective
    Journal
    20 13 entries,
    300 – 800 words each
    Week 13: Friday 12 noon. 1 - 5
    Total 100%
    Assessment Related Requirements
    This course has a strong focus on collaboration without collusion.

    Collaboration (working with others, seeking help from others, helping others, using materials and sources from others - including publications, online material, classmates...) is encouraged so long as it is acknowledged.
    Collusion (using other person’s work or help, unacknowledged, with or without their consent) is considered cheating, plagiarism, dishonourable, and deserving of a Fail grade.

    Please collaborate. Acknowledge all collaboration and sources.
    Do not cheat or collude.

    Assessment Detail

    In-class Quiz

    Seminars in weeks 4, 8, and 12 will include a quiz on previous weeks’ material. Each quiz is worth 05% of final mark, totalling 15% of final grade.

    Client InfoSec Framework

    Each student will be a member of a team that will have a small business client for whom they will, over the course of the semester, develop an Information Security Framework. These will be developed in consultation with the course academics and the clients.

    Stage 1 (Individual) (Due end of week 4)

    Individual students research, locate, collate, design, select… appropriate templates and forms that will be the basis of the work they will present to their clients and academics. This task is undertaken – and often completed – before students know their team and/or their client.

    In week 4, the forms and templates selected/prepared for analysis of client needs and for creating the Information Security Framework will be submitted and presented for feedback and grades to the course academics. If/when approved, these templates will form the foundation of the Framework and Report to be presented to the Client. 

    Teams will compare the prepared forms and templates brought by each individual member of the team; then select the forms & templates best suited to their specific client for each component of the analysis, framework & report. Teams are responsible to ensure a consistency of format & design across all materials selected.

    Rubric available in MyUni.

    Stage 2 (Team) (Due end of week 12)

    Approximately week 5, students will be assigned their team and their client. From that time on, teams work together to analyse their clients needs, and design an appropriate Information Risk Management Framework for their client. Teams will document their processes. Documentation will be kept on the allocated team website. Appropriate components of the documentation will be used to create the Information Risk Management Framework and Report that are the final outcome for the client.

    Throughout weeks 5 – 12, student teams will present various stages of their DRAFT Framework and Report for feedback from the Course Academic.

    In week 12, the full FINAL DRAFT Information Security Framework and Report will be submitted and presented to the course academics for marking and feedback.

    In week 13, (or shortly after) once the Final InfoSec Framework & Report have been approved by course academics, the work will be submitted and presented to the client.

    Reflective Journal

    Students are provided a private website within the course MyUni site.

    Students are to use their private site to make weekly entries into their Reflective Journal.

    The site may also be used for keeping notes, etc.

    Each week, students will be expected to write 300 – 800 words of analysis and reflection on that week’s learning in their journal (following the required format).

    At the end of semester, they may polish their previous 12 entries, if they choose.

    The journal must be included with a “week 13” FINAL SUMMARY reflection of two parts:  

    [1] reflecting on the final events in polishing, submitting and presenting the final Information Security Framework & Report for and to their client, and

    [2] reflecting & reviewing on the whole course/semester.


    The final complete Journal (all 13 entries in order) is to be completed by 12 noon on the Friday of Week 13 and pasted into the submission portal.

    Students are expected to update their journal weekly, and can lose marks for missing weeks and late entries.

    All Rubrics are available in MyUni.

    Submission
    As clients are involved, it is critical that work is submitted in a timely fashion.
    No student may submit their work to their client until approved by a course academic.
    Course Grading

    Grades for your performance in this course will be awarded in accordance with the following scheme:

    M10 (Coursework Mark Scheme)
    Grade Mark Description
    FNS   Fail No Submission
    F 1-49 Fail
    P 50-64 Pass
    C 65-74 Credit
    D 75-84 Distinction
    HD 85-100 High Distinction
    CN   Continuing
    NFE   No Formal Examination
    RP   Result Pending

    Further details of the grades/results can be obtained from Examinations.

    Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.

    Final results for this course will be made available through Access Adelaide.

  • Student Feedback

    The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.

    SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.

  • Student Support
  • Policies & Guidelines
  • Fraud Awareness

    Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student’s disciplinary procedures.

The University of Adelaide is committed to regular reviews of the courses and programs it offers to students. The University of Adelaide therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.