Course Title: Information Systems Risk Management

Part A: Course Overview

Course Title: Information Systems Risk Management

Credit Points: 12.00


Course Code




Learning Mode

Teaching Period(s)


City Campus


145H Mathematical & Geospatial Sciences


Sem 1 2006,
Sem 2 2006,
Sem 1 2007,
Sem 1 2008,
Sem 1 2009,
Sem 1 2010,
Sem 1 2012,
Sem 1 2013,
Sem 1 2014,
Sem 1 2015,
Sem 1 2016


City Campus


171H School of Science


Sem 1 2017,
Sem 1 2018,
Sem 1 2019,
Sem 1 2020,
Sem 1 2021,
Sem 1 2022

Course Coordinator: Professor Asha Rao & Dr. Joanne Hall

Course Coordinator Phone:  +61 3 9925 1843 &  +61 3 9925 2511

Course Coordinator Email: &

Course Coordinator Location: 15.3.16 & 15.3.09

Course Coordinator Availability: By appointment, by email

Pre-requisite Courses and Assumed Knowledge and Capabilities

Prerequisites: INTE1122 Case Studies in Cybersecurity and INTE1120 Introduction to Information Security

Course Description

This course will provide you with a strategic and in-depth knowledge of the issues involved in the emerging field of Information Systems Risk Management. It builds on the overview provided in INTE1120 Introduction to Information Security and INTE1122 Case Studies in Information Security. 

You will learn how to find and document the risks encountered in modern information systems and to identify the relationship between these risks and the more commonly occurring risks associated with business and/or project management. This will be achieved through the study of the International standard on Risk Management ISO31000. 

The theory will be accompanied by the examination of two case studies – one presented by the lecturer, and the other constructed in the major simulated WIL team assignment. 

This course will prepare you for a professional career or postgraduate research in the risk management area. 

You will further develop your ability to communicate both technical and non-technical material in a range of forms (written, oral, electronic, graphic) and to tailor the style and means of communication to different audiences. In addition, you will have the opportunity to understand how to work effectively within and potentially as a leader of an interdisciplinary team. 

This course includes a simulated Work Integrated Learning (WIL) experience in which your knowledge and skills will be applied and assessed in a simulated workplace context. 

Objectives/Learning Outcomes/Capability Development

This course contributes to the following Program Learning Outcomes for MC159 Master of Cyber Security:

International Orientation and Strategic Thinking

  • Graduates will have a strategic and practical overview of the issues in information security and assurance.

Critical Analysis and Problem Solving

  • Evaluate information security risks across diverse service settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services,
  • Undertake professional careers or postgraduate research in information security or other IT related fields, acquiring the required information needed to identify real world solutions to real world information security problems.


  • Graduates will have the ability to communicate both technical and non-technical material in a range of forms (written, electronic, graphic, oral) and to tailor the style and means of communication to different audiences.

Ethical Values

  • Graduates will exhibit an ability to appreciate the ethical considerations that inform judgments and decision making in academic and professional settings.

Self-Management, Teamwork and Leadership

  • Graduates will possess the ability to work effectively within and potentially as a leader of an interdisciplinary team.

On completion of this course, you should be able to:

  1. Correlate the context of an  organisation to the risks it faces in the process of conducting operations.
  2. Identify and analyse business, environmental, and information security risks arising in the Information Systems of diverse industries and organisational structures.
  3. Explore and evaluate possible solutions to risk scenarios acknowledging cost, complexity of implementation and system user impact.
  4. Correlate identified risks to continuity management issues.
  5. Utilise the principles of team dynamics and project management and the people-centred nature of Information Security.
  6. Apply ethical frameworks to all of your activities including RMIT’s academic integrity policy.
  7. Communicate effective Information Systems risk management strategies  to a peer audience using text, diagramatic and oral mediums.

Overview of Learning Activities

A variety of planned student learning experiences will accommodate the learning outcomes for this course. This includes seminars, group discussions, and  workplace learning experiences. 

The seminar format will be used to give an overview of the specified study area and to direct you to foundational, analytical and evidence-based readings about risk management and its place in Information Security. 

In addition to prescribed reading, you will be involved in facilitated open discussions in the seminar context, enabling you and your classmates to draw on your own professional work and life experiences, promoting interaction between students with work experience and new graduates. To enable this discussion there will be pre-discussion formative quizzes that will be due before each week’s discussion session. 

A key team activity involves completion of a major simulated WIL assignment involving role playing.  The team will apply risk-management principles and control measures to a company based entirely on information gathered from open sources. Teams will be formed in Week 1 and will meet every week in a formal tutorial setting. The course coordinator will provide feedback and guidance at these sessions. Teams will also be encouraged to meet informally on at least a weekly basis outside of the classroom environment to better establish good team dynamics. 

To ensure adequate progress in this major assignment, teams will maintain project management documentation and submit regular progress reports to the course coordinator. You will be assessed on a team presentation and written reports, as well as for participation during presentation of others’ work. 

All teams will be required to apply project management practices such as schedule meetings, maintain logs of meeting, allocate tasks. A write up of team dynamics and project management methods used for resolution of problems will form the project management report and will form part of the progress reports. 

All assessments will emphasise the role of ethics in the academic arena, and the application of ethical frameworks in complex settings. 

Overview of Learning Resources

The international standard ISO 31000, and the handbook HB436, will be essential reading for this course.  You will be expected to expand on the subject matter provided as lecture notes. This will take the form of accessing various external and internal resources, such as the library and the Internet. You will be referred to suggested references, to be accessed from the library or elsewhere.  The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis. In addition, your classmates and teaching staff are also important learning resources as will be demonstrated in facilitated discussions.


Canvas: This course is supported online using Canvas, which gives access to important announcements, a discussion forum, staff contact details, the teaching schedule, assessment timelines. You are advised to read your student EMS e-mail daily for important announcements. You should also visit the course Canvas site at least once a day where you will find important announcements regarding the course and all key documents. 

Overview of Assessment

Assessable components of this course include  

  • Pre-lecture quizzes that enable you to make connections between the lecture notes and the real world, and inform the in-class discussions;
  • The semester-long simulated WIL project,  requires participation in the formal interactive learning activities, contribution to formal written reports, participation in the oral presentation to your peers; and peer review of your team mates;. 
  • The Case Study based practical assessments are individual assessments that assess your comprehension of the course material and your ability to apply your understanding to real world case studies.     

Note that:  This course has no hurdle requirements.   

Assessment Tasks:    

Assessment Task 1: Weekly formative Quiz

Weighting 10%

This assessment task supports CLOs 1,2,3,4,6 


Assessment Task 2: Team-based simulated WIL project. 

Weighting 50%

This assessment task supports CLOs 1-7  


Assessment Task 3:  Oral Presentation of the team project 

Weighting 10%  

This assessment supports CLOs 5,7  


Assessment Task 4: Case study based practical assessment

Weighting 30% (10% interim + 20% final)

This assessment supports CLO 1,2,3,4,6