Course Title: Information Systems Risk Management

Part A: Course Overview

Course Title: Information Systems Risk Management

Credit Points: 12.00

Terms

Course Code

Campus

Career

School

Learning Mode

Teaching Period(s)

INTE2396

City Campus

Postgraduate

145H Mathematical & Geospatial Sciences

Face-to-Face

Sem 1 2006,
Sem 2 2006,
Sem 1 2007,
Sem 1 2008,
Sem 1 2009,
Sem 1 2010,
Sem 1 2012,
Sem 1 2013,
Sem 1 2014,
Sem 1 2015,
Sem 1 2016

INTE2396

City Campus

Postgraduate

171H School of Science

Face-to-Face

Sem 1 2017,
Sem 1 2018,
Sem 1 2019,
Sem 1 2020,
Sem 1 2021

Course Coordinator: Professor Asha Rao

Course Coordinator Phone: +61 3 9925 1843

Course Coordinator Email: asha.rao@rmit.edu.au

Course Coordinator Location: 15.3.16

Course Coordinator Availability: By appointment, by email


Pre-requisite Courses and Assumed Knowledge and Capabilities

This course will provide you with a strategic and in-depth knowledge of the issues involved in the emerging field of Information Systems Risk Management. It builds on the overview provided in INTE1120 Introduction to Information Security and INTE1122 Case Studies in Information Security. 

You will learn how to find and document the risks encountered in modern information systems and to identify the relationship between these risks and the more commonly occurring risks associated with business and/or project management. This will be achieved through the study of the International standard on Risk Management ISO31000. 

The theory will be accompanied by the examination of two case studies – one presented by the lecturer, and the other constructed in the major simulated WIL team assignment. 

This course will prepare you for a professional career or postgraduate research in the risk management area. 

You will further develop your ability to communicate both technical and non-technical material in a range of forms (written, oral, electronic, graphic) and to tailor the style and means of communication to different audiences. In addition, you will have another opportunity to understand how to work effectively within and potentially as a leader of an interdisciplinary team. 

This course includes a simulated Work Integrated Learning (WIL) experience in which your knowledge and skills will be applied and assessed in a simulated workplace context. 


Course Description

This course will provide you with a strategic and in-depth knowledge of the issues involved in the emerging field of Information Systems Risk Management. It builds on the overview provided in INTE1120 Introduction to Information Security and INTE1122 Case Studies in Information Security.

You will learn how to find and document the risks encountered in modern information systems and to identify the relationship between these risks and the more commonly occurring risks associated with business and/or project management. This will be achieved through the study of the International standard on Risk Management ISO31000.

The theory will be accompanied by the examination of two case studies – one presented by the lecturer, and the other constructed in the major simulated WIL team assignment.

This course will prepare you for a professional career or postgraduate research in the risk management area.

You will further develop your ability to communicate both technical and non-technical material in a range of forms (written, oral, electronic, graphic) and to tailor the style and means of communication to different audiences. In addition, you will have another opportunity to understand how to work effectively within and potentially as a leader of an interdisciplinary team.

This course includes a simulated Work Integrated Learning (WIL) experience in which your knowledge and skills will be applied and assessed in a simulated workplace context.


Objectives/Learning Outcomes/Capability Development

On completion of this course you should be able to:

  1. Correlate the context of a company to the risks it faces in the process of doing business.
  2. Identify and analyse business, environmental and information security risks arising in the Information Systems of diverse industries.
  3. Explore and evaluate possible solutions to these risk scenarios acknowledging cost, complexity of implementation and system user impact.
  4. Correlate identified risks to continuity management issues.
  5. Utilise the principles of group dynamics and the people-centred nature of Information Security.
  6. Discriminate between commenting on and copying information.
  7. Identify and articulate (both in written form and orally to a peer audience) effective Information Systems risk management strategies.


This course contributes to the following Program Learning Outcomes for MC159 Master of Cyber Security:

International Orientation and Strategic Thinking

  • Graduates will have a strategic and practical overview of the issues in information security and assurance.

Critical Analysis and Problem Solving

  • Evaluate information security risks across diverse service settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services,
  • Undertake professional careers or postgraduate research in information security or other IT related fields, acquiring the required information needed to identify real world solutions to real world information security problems.

Communication

  • Graduates will have the ability to communicate both technical and non-technical material in a range of forms (written, electronic, graphic, oral) and to tailor the style and means of communication to different audiences.


Ethical Values

  • Graduates will exhibit an ability to appreciate the ethical considerations that inform judgments and decision making in academic and professional settings.

Self-Management, Teamwork and Leadership

  • Graduates will possess the ability to work effectively within and potentially as a leader of an interdisciplinary team.


Overview of Learning Activities

A variety of planned student learning experiences will accommodate the learning outcomes envisaged for this course. This includes seminars, group discussions, and tutorial based learning experiences. 

The seminar format will be used to give an overview of the specified study area and to direct you to foundational, analytical and evidence-based readings about risk management and its place in Information Security. 

In addition to prescribed reading, you will be involved in facilitated open discussions in the seminar context, enabling you and your classmates to draw on your own professional work and life experiences, promoting interaction between students with work experience and new graduates. To enable this discussion there will be pre-discussion formative quizzes that will be due before each week’s discussion session. 

A key group activity (in groups of 5 or more) involves completion of a major simulated WIL assignment involving role playing.  The group will apply risk-management principles and control measures to a company based entirely on information gathered from open sources. Groups will be formed in Week 1 and will meet every week in a formal tutorial setting. The course coordinator will provide feedback and guidance at these sessions. Groups will also be encouraged to meet informally on at least a weekly basis outside of the classroom environment to better establish group dynamics. 

To ensure adequate progress in this major assignment, groups will submit regular progress reports to the course coordinator who will provide appropriate feedback. You will be assessed on a group presentation and the reports, as well as for participation during presentation of others’ work. 

All teams will be required to schedule meetings, maintain logs of meeting, allocate work among themselves and finally arrive at a consensual percentage allocation of the final report. A write up of group dynamics and methods used for resolution of problems will form the project management report and will form part of the progress reports. 

All assessments will emphasise the role of ethics in the academic arena. 


Overview of Learning Resources

The international standard ISO 31000, and the handbook HB436, will be essential reading for this course.  You will be expected to expand on the subject matter provided as lecture notes. This will take the form of accessing various external and internal resources, such as the library and the Internet. Appropriate references, to be accessed from the library or elsewhere, will be used in this course.   The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis. In addition, your classmates and tutor/lecturer are also important learning resources as will be demonstrated in facilitated discussions. Canvas: This course is supported online using Canvas, which gives access to important announcements, a discussion forum, staff contact details, the teaching schedule, assessment timelines. You are advised to read your student EMS e-mail daily for important announcements. You should also visit the course Canvas site at least once a day where you will find important announcements regarding the course and all key documents. 


Overview of Assessment

Assessable components of this course include  

  • The pre-lecture quizzes that will enable you to make connections between the lecture notes and the real world, and will inform the in-class discussions;
  • The  semester-long simulated WIL project,  will require pariticipation in the formal tutorial activities, contribution to the formal written reports, participation in the oral presentation to your peers; and peer review of your team mates;. 
  • The Case Study based practical assessments are individual assessments that will assess your comprehension of the course material and your ability to apply this understanding to real world case studies.     

Note that:  This course has no hurdle requirements.   

Assessment Tasks:    

Assessment Task 1: Weekly formative Quiz based on  the material assigned for the week’s discussion session. 

Weighting 10%

This assessment task supports CLOs 1,2,3,4,6 

 

Assessment Task 2: Team-based simulated WIL project. 

Weighting 50%

This assessment task supports CLOs 1-7  

 

Assessment Task 3:  Oral Presentation of the group assignment 

Weighting 10%  

This assessment supports CLOs 5,7  

  

Assessment Task 4: Case study based practical assessment: 

Weighting 30% (10% interim + 20% final)

This assessment supports CLO 1,2,3,4,6