Course Title: Information Systems Risk Management

Part A: Course Overview

Course Title: Information Systems Risk Management

Credit Points: 12.00


Course Code




Learning Mode

Teaching Period(s)


City Campus


145H Mathematical & Geospatial Sciences


Sem 1 2006,
Sem 2 2006,
Sem 1 2007,
Sem 1 2008,
Sem 1 2009,
Sem 1 2010,
Sem 1 2012,
Sem 1 2013,
Sem 1 2014,
Sem 1 2015,
Sem 1 2016


City Campus


171H School of Science


Sem 1 2017,
Sem 1 2018,
Sem 1 2019,
Sem 1 2020

Course Coordinator: Professor Asha Rao

Course Coordinator Phone: +61 3 9925 1843

Course Coordinator Email:

Course Coordinator Location: 8.9.37

Pre-requisite Courses and Assumed Knowledge and Capabilities

Enforced prerequisite:

INTE1120 Introduction to Information Security


Required knowledge:

INTE1122 Case Studies in Information Security

Course Description

This course will provide you with a strategic and in-depth knowledge of the issues involved in the emerging field of Information Systems Risk Management. It builds on the overview provided in INTE1120 Introduction to Information Security and INTE1122 Case Studies in Information Security.

You will learn how to find and document the risks encountered in modern information systems and to identify the relationship between these risks and the more commonly occurring risks associated with business and/or project management. This will be achieved through the study of the International standard on Risk Management ISO31000.

The theory will be accompanied by the examination of two case studies – one presented by the lecturer, and the other constructed in the major simulated WIL team assignment.

This course will prepare you for a professional career or postgraduate research in the risk management area.

You will further develop your ability to communicate both technical and non-technical material in a range of forms (written, oral, electronic, graphic) and to tailor the style and means of communication to different audiences. In addition, you will have another opportunity to understand how to work effectively within and potentially as a leader of an interdisciplinary team.

This course includes a simulated Work Integrated Learning (WIL) experience in which your knowledge and skills will be applied and assessed in a simulated workplace context.

Objectives/Learning Outcomes/Capability Development

On completion of this course you should be able to:

  1. Correlate the context of a company to the risks it faces in the process of doing business.
  2. Identify and analyse business, environmental and information security risks arising in the Information Systems of diverse industries.
  3. Explore and evaluate possible solutions to these risk scenarios acknowledging cost, complexity of implementation and system user impact.
  4. Correlate identified risks to continuity management issues.
  5. Utilise the principles of group dynamics and the people-centred nature of Information Security.
  6. Discriminate between commenting on and copying information.
  7. Identify and articulate (both in written form and orally to a peer audience) effective Information Systems risk management strategies.

This course contributes to the following Program Learning Outcomes for MC159 Master of Applied Science (Information Security and Assurance)

International Orientation and Strategic Thinking

  • Graduates will have a strategic and practical overview of the issues in information security and assurance.

Critical Analysis and Problem Solving

  • Evaluate information security risks across diverse service settings including the Internet and WWW based commerce systems, high bandwidth digital communications and funds transfer services,
  • Undertake professional careers or postgraduate research in information security or other IT related fields, acquiring the required information needed to identify real world solutions to real world information security problems.


  • Graduates will have the ability to communicate both technical and non-technical material in a range of forms (written, electronic, graphic, oral) and to tailor the style and means of communication to different audiences.

Ethical Values

  • Graduates will exhibit an ability to appreciate the ethical considerations that inform judgments and decision making in academic and professional settings.

Self-Management, Teamwork and Leadership

  • Graduates will possess the ability to work effectively within and potentially as a leader of an interdisciplinary team.

Overview of Learning Activities

A variety of planned student learning experiences will accommodate the learning outcomes envisaged for this course. This includes seminars, group discussions, and tutorial based learning experiences.

The seminar format will be used to give an overview of the specified study area and to direct you to foundational, analytical and evidence-based readings about risk management and its place in Information Security.

In addition to prescribed reading, you will be involved in facilitated open discussions in the seminar context, enabling you and your classmates to draw on your own professional work and life experiences, promoting interaction between students with work experience and new graduates. A key group activity (in groups of 4 or more) involves completion of a major simulated WIL assignment involving role playing.  The group will apply risk-management principles and control measures to a company based entirely on information gathered from open sources. Groups will be formed in Week 1 and will meet every week in a formal tutorial setting. The course coordinator will provide feedback and guidance at these sessions. Groups will also be encouraged to meet informally on at least a weekly basis outside of the classroom environment to better establish group dynamics.

To ensure adequate progress in this major assignment, groups will submit progress reports to the course coordinator who will provide appropriate feedback. You will be assessed on a group presentation and the reports, as well as participation during presentation of others’ work.

All teams will be required to schedule meetings, maintain logs of meeting, allocate work among themselves and finally arrive at a consensual percentage allocation of the final report. A write up of group dynamics and methods used for resolution of problems will form the project management report and will form part of the progress reports.

The in-semester assessments will emphasize the role of ethics in the academic arena.


Total study hours

Face-to-face contact: 60 to 90 mins of seminar/discussion sessions per week, based on the online lecture material and videos uploaded to Canvas in the days prior to the session. This will be followed by 60 to 90mins tutorial sessions.

In addition, you can expect to spend between 6 to 8 hours per week on independent study and research of the material assigned for the week.

Overview of Learning Resources

The international standard ISO 31000, and the handbook HB436, will be essential reading for this course.  You will be expected to expand on the subject matter provided as lecture notes. This will take the form of accessing various external and internal resources, such as the library and the Internet. Appropriate references, to be accessed from the library or elsewhere, will be used in this course.   The Internet will be the most important source for academic, technical and white papers and you will be required to use this as a learning resource on a regular basis. In addition, your classmates and tutor/lecturer are also important learning resources as will be demonstrated in facilitated discussions. Canvas: This course is supported online using Canvas, which gives access to important announcements, a discussion forum, staff contact details, the teaching schedule, assessment timelines. You are advised to read your student EMS e-mail daily for important announcements. You should also visit the course Canvas site at least once a day where you will find important announcements regarding the course and all key documents.

Overview of Assessment

Assessable components of this course include demonstrable participation in formal tutorial activities, contribution to the formal written reports and participation in the oral presentation to your peers; and a final examination. The final examination will test your comprehension of the course material and your ability to apply this understanding to real world problems.   Note that:  ☒This course has no hurdle requirements.   Assessment Tasks:    Continuous Assessment Task: Weekly Pop Quiz based on the material assigned for the week’s discussion session. Weighting 5% This assessment task supports CLOs  1,2,3,4   Assessment Tasks 2 to 5 are all part of the same assignment – a semester long simulated WIL project.     Assessment Task 2:  Interim reports  Weighting 15% This assessment task supports CLOs 1-7     Assessment Task 3: Final Report  Weighting 22.5% This assessment task supports CLOs 1-7     Assessment 4:  Oral Presentation of the group assignment Weighting 5%   This assessment supports CLOs 1,2,3,4,7     Assessment 5: Peer Review  Weighting 2.5%   This assessment supports CLOs 5      Assessment 6: Final Exam  Weighting 50%   This assessment supports CLOs 1,2,3,4,7