Course Title: Manage system security

Part B: Course Detail

Teaching Period: Term1 2009

Course Code: COSC5351C

Course Title: Manage system security

School: 650T TAFE Business

Campus: City Campus

Program: C6074 - Advanced Diploma of Information Technology

Course Contact : Munir Ahmad Saeed

Course Contact Phone: +61 3 9925 1358

Course Contact Email:munir.saeed@rmit.edu.au


Name and Contact Details of All Other Relevant Staff

Swati Dave

Phone 9925 5811

swati.dave@rmit.edu.au

Nominal Hours: 50

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites

NONE

Course Description

This unit defines the competency required to implement and manage security on an operation system according to organizational guidelines of a client.


National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

ICAS5118A Manage system security

Element:

Identify threats to system

Determine risk category

Identify appropriate controls

Include controls in the system

Monitor system tools and procedures

Performance Criteria:

1.1 Identify and understand the organisation’s system
1.2 Conduct risk analysis on system and record outcomes
1.3 Evaluate threats to the system and record findings
1.4 Identify and document human interactions with system

2.1 Conduct a risk assessment on the system and categorise risks
2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks
2.3 Match risk plans to risk categories
2.4 Determine and plan resources by risk categories

3.1 Identify and put in place effective controls to manage risk
3.2 Design polices and procedures to cover people interactions with the
system
3.3 Conduct training in the use of system-related polices and procedures
3.4 Monitor high-risk categories at specified periods
3.5 Identify and record system breakdowns


4.1 Develop security plan and procedures to include in management system
4.2 Develop security recovery plan
4.3 Implement system controls to reduce risks in human interaction with the system


5.1 Review and monitor risks and controls using a management review process
5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews
5.3 Plan to re-evaluate system and identify new threats and risks

 


Learning Outcomes



Details of Learning Activities

Theory sessions, practical lab sessions, tutorial sessions, online exams assignments and homework


Teaching Schedule

 Week No, Starting Monday Topics and learning activities  Assessments/
Elements

 Week 1 – 9 Feb Introduction to course
Introduction to security
 Security Documentation
Work on portfolio
 Element 1
 Week 2 – 16 Feb Threats to system
Viruses, worms and malicious sw
 Security Documentation
Work on portfolio

 Element 1

Portfolio requirements handout

 Week 3 – 23 Feb Software security (account based security) Security Documentation
Work on portfolio
 Element 1
 Week 4 – 2 Mar Security through Encryption and Authentication  Security Documentation
Work on portfolio
 Element 1,2
 Week 5 – 9 Mar File directory and shared resources security Security Documentation
Work on portfolio
 Element 1,2
Business continuity plan requirements hand out 
 Week 6– 16 Mar Firewalls and border security Security Documentation
Work on portfolio
 Element 1, 2, 3
 Week 7 – 23 Mar Physical and network topology security Security Documentation
Work on portfolio
 Element 1, 2, 3
 Week 8 – 30 Mar Wireless security Security Documentation
Work on portfolio
 Element 1, 2, 3
 Week 9 – 6 Apr Email security Security Documentation
Work on portfolio
 Element 1, 2, 3
                                                                           MID SEMESTER (EASTER) BREAK – 9th April – 15th April  
 Week 9 –13Apr Email security Security Documentation
Work on portfolio
 Element 1, 2, 3
 Week 10 – 20 Apr Security through Disaster recovery  Security Documentation
Work on portfolio
 Element 2, 3, 4
 Week 11 – 27 Apr Security through monitoring and auditing Security Documentation
Work on portfolio
 Element 4
 Week 12 – 4 may Work on business continuity plan for your project Security Documentation
Work on portfolio
 Element 1, 2, 3, 4
 Week 13 – 11 MayWork on business continuity plan for your project
 Week 14 – 18 MayWork on business continuity plan for your project
 Week 15– 25 MayWork on business continuity plan for your project
 Week 16 –1 JunPortfolio submissions and Final assessment (to be advised 
 Week 17 – 8 Jun Portfolio submissions and Final assessment (to be advised)  
 Week 18 –  15 JunReview and Feedback (location, time & date to be advised)


Learning Resources

Prescribed Texts


References

Guide to Operating Systems Security By Michael Palmer ISBN 0-619-16040-3


Other Resources

No


Overview of Assessment

Assessment may incorporate a variety of methods including technical requirements documentation, homework, assignments, group and/or individual projects and in class exercises, written tests, practical problem solving exercises, presentations, practical tests and a final exam. Students are advised that they are likely to be asked to personally demonstrate their assessment work to their teacher to ensure that the relevant competency standards are being met. Students will be provided with feedback throughout the course to check their progress.<o:p></o:p>


Assessment Tasks

Assessments for this course comprise following two assignments:

Security Documentation weekly portfolio       30%

Business Continuity Plan                                  70%


Assessment Matrix

Manage System Security COSC 5351CAssessment 1
(CA/NYC) 30%
Assessment 2
(CA/NYC) 70%

Security Documentation Weekly portfolio

 

Yes 

Business Continuity Plan (BCP)

 

 Yes

Other Information

Competency and grading requirements:
To be deemed competent students must demonstrate an understanding of all elements of a competency. Assessment methods have been designed to measure achievement of each competency in a flexible manner over multiple tasks.
Students are advised that they are likely to be asked to personally demonstrate their assessment work to their teacher to ensure that the relevant competency standards are being met.

All assessments for this course must be completed to achieve CA (Competency Achieved) grade.
Each assessment task will also carry a numerical weighting to be used for grading purposes. The grade applied to this weighting will only be awarded if a CA has been achieved in all compulsory assessment tasks.
If a student has been marked NYC (Not Yet Competent) in any of the assessment tasks, the weighting will carry no value until the student has obtained CA.
If a CA is achieved on re-assessment then a maximum mark of 50% of the original weighting will be granted for that assessment.
Reassessments will only be granted to students who were either unsuccessful in the first attempt or have an approved special consideration application.

Course Overview: Access Course Overview