Course Title: Manage system security

Part B: Course Detail

Teaching Period: Term1 2011

Course Code: COSC5351C

Course Title: Manage system security

School: 650T TAFE Business

Campus: City Campus

Program: C6074 - Advanced Diploma of Information Technology

Course Contact : Paul Lewis

Course Contact Phone: +61 3 9925 1615

Course Contact

Name and Contact Details of All Other Relevant Staff

Nominal Hours: 50

Regardless of the mode of delivery, represent a guide to the relative teaching time and student effort required to successfully achieve a particular competency/module. This may include not only scheduled classes or workplace visits but also the amount of effort required to undertake, evaluate and complete all assessment requirements, including any non-classroom activities.

Pre-requisites and Co-requisites


Course Description

This unit defines the competency required to implement and manage security on an operating system such as Windows Server according to organizational guidelines of a client.

National Codes, Titles, Elements and Performance Criteria

National Element Code & Title:

ICAS5118A Manage system security


1. Identify threats to system

Performance Criteria:

1.1 Identify and understand the organisation’s system
1.2 Conduct risk analysis on system and record outcomes
1.3 Evaluate threats to the system and record findings
1.4 Identify and document human interactions with system


2. Determine risk category

Performance Criteria:

2.1 Conduct a risk assessment on the system and categorise risks
2.2 Conduct a risk assessment on human operations and interactions with the system and categorise risks
2.3 Match risk plans to risk categories
2.4 Determine and plan resources by risk categories



3. Identify appropriate controls

Performance Criteria:

3.1 Identify and put in place effective controls to manage risk
3.2 Design policies and procedures to cover people interactions with the system
3.3 Conduct training in the use of system-related polices and procedures
3.4 Monitor high-risk categories at specified periods
3.5 Identify and record system breakdowns


4. Include controls in the system

Performance Criteria:

4.1 Develop security plan and procedures to include in management system
4.2 Develop security recovery plan
4.3 Implement system controls to reduce risks in human interaction with the system


5. Monitor system tools and procedures

Performance Criteria:

5.1 Review and monitor risks and controls using a management review process
5.2 Review risk analysis process based on security benchmarks from vendors, security specialists and organisational reviews
5.3 Plan to re-evaluate system and identify new threats and risks

Learning Outcomes

Details of Learning Activities

Learning activities will include laboratory-based sessions on a variety of topics as shown in the Teaching Schedule below. Learning activities will generally consist of practical computer exercises based on the prescribed textbook and additional teacher handouts. Students should attend all sessions.

Students will also be expected to perform reading, research and other activities for homework.

Students may wish to replicate Windows Server practical activities in a virtual environment such as VMware or Virtual PC.

Teaching Schedule

The total number of scheduled hours of teaching, learning and assessment involved in this course includes all planned activities including face to face classes, lectures, workshops and seminars, workplace visits, online learning and other forms of structured teaching and learning.

The total scheduled hours also covers the amount of effort required to undertake, evaluate and complete all assessment requirements, including observation of work performance, discussions with supervisors and others providing third party evidence and one on one and group assessment sessions with students.

Competency Elements
Elements 1, 2 and 3 of this competency are covered every week in this course. Element 4 is covered in weeks 3 to 16. Element 5 is covered in weeks 12 to 16.

WeekWeek CommencingTopics / learning ActivitiesAssessment Tasks
17th Feb 2011Course introduction & overview. System threats, risks & controls. Installing Windows Server 2008. Configuring the system 
214th Feb 2011Intro to Windows Server 2008. Windows Server 2008 platforms, features & alternative installation methods. Virtualisation methodsDemonstations & submissions
321st Feb 2011Server Manager & server roles. Introduction to Active Directory & account management. Containers, users & groupsDemonstations & submissions
428th Feb 2011More on Active Directory & accountsDemonstations & submissions
57th Mar 2011Configuring, managing & troubleshooting resource access. Permissions & sharingTheory Review Test 1

14th Mar 2011

Mon Labour Day PH

More on resource access. AuditingDemonstations & submissions
721st Mar 2011Configuring & managing data storage. Disk backups. Disaster recovery. Recovery plansDemonstations & submissions
828th Mar 2011Managing Windows Server 2008 network services. DNS, DHCP & IISDemonstations & submissions
911th Apr 2011More on network services. Remote accessTheory Review Test 2
1018th Apr 2011Securing Windows Server 2008. Group Policy objectsDemonstations & submissions
 VacationMid-Semester (Easter) Break - Thu 21st - Wed 27th Apr 2011
1125th Apr 2011More on Group Policy. Firewalls & network accessDemonstations & submissions
122nd May 2011Server & network monitoring. Services, Task Manager, Performance Monitor etcDemonstations & submissions
139th May 2011Risk management & security planning. Managing availability. Catch-up session Theory Review Test 3
1416th May 2011Revision for final practical test Final Demonstations & submissions
1523rd May 2011Final Practical Test conductedFinal Practical Test
1630th May 2011Course review. Assessment feedback 
Students who have been granted special consideration or are required to re-submit, will be able to submit/sit their assessment by arrangement with the class teacher in weeks 17 or 18.

Learning Resources

Prescribed Texts

Palmer, J (2008), Hands-On Windows Server 2008, 6th edn, Thomson Course Technology



Other Resources

It is expected that all students will purchase the p[rescribed text by Palmer as soon as possible, as many of the practical activities in the book will be performed by students in the lab. This textbook will also be used in semester 2 courses.

Students may also refer to various Websites or alternative textbooks on Windows Server 2008 from the RMIT Library, as indicated the teacher.

Overview of Assessment

Assessment may incorporate a variety of methods including technical requirements documentation, homework, assignments, group and/or individual projects and in class exercises, written tests, practical problem solving exercises, presentations, practical tests and a final exam. Students are advised that they are likely to be asked to personally demonstrate their assessment work to their teacher to ensure that the relevant competency standards are being met. Students will be provided with feedback throughout the course to check their progress.

Assessment Tasks

Demonstrations & Submissions
Students will be expected to demonstrate class work and submit screen shots for selected activities from the prescribed text. Work is to be submitted within one week of the corresponding class exercise.

Theory Review Tests
Students will sit three multiple-choice tests based on the theory behind operating system security controls, as dealt with in the textbook. The questions at the end of each chapter should be used for revision purposes.

Final Practical Test
This will be a fully-graded in-lab practical assessment. Students will be required to perform a variety of tasks in Windows Server 2008 in order to manage system security.

Assessment Matrix

ICAS5123C– Manage system securityDemonstrations & Submissions
CA/NYC (40%)
Theory Review Tests
CA/NYC (40%)
Final Practical Test
Element 1:  Identify threats to systemYYY
Element 2:  Determine risk categoryYYY
Element 3:  Identify appropriate controlsYYY

Element 4:  Include controls in the system

Element 5:  Monitor system tools and proceduresYYY

Other Information

Competency and grading requirements

To be deemed competent students must demonstrate an understanding of all elements of this competency. Assessment methods have been designed to measure achievement of each competency in a flexible manner over multiple tasks.

Students are advised that they are likely to be asked to personally demonstrate their work to their teacher to ensure that the relevant competency standards are being met.

All competency-based assessments for this course must be completed in order to achieve a CA (Competency Achieved) award.

Each assessment task will also carry a numerical weighting to be used for grading purposes. The grade applied will only be awarded if a CA has been achieved in all compulsory assessment tasks.

If a student has been assessed as NYC (Not Yet Competent) in any of the assessment tasks, the weighting will carry no value until the student has obtained a CA.

If a CA is achieved on re-assessment, a maximum mark of 50% of the original weighting will be granted for that assessment.

Re-assessments will only be granted to students who were either unsuccessful in the first attempt, or have an approved application for special consideration.

A final practcal test worth 20% will be offered to students who have achieved CA

Course Overview: Access Course Overview