IMS5002 Information systems security , Unit Information Guide (Semester 1, 2006)

Chief Examiner Susan Foster
Lecturers
Caulfield : Susan Foster
Outline

This unit will provide students with a knowledge of information systems security issues, and their relevance to the management of information systems in contemporary organisations. The students will gain knowledge of the nature of information threats and vulnerabilities and of the control technologies and techniques which can be applied to reduced risk. Recent developments in IS security technologies will be analysed and assessed.

Objectives Knowledge and Understanding

At the completion of this subject you should have knowledge and understanding of:

C1. The importance of information systems security issues to contemporary organisations

C2. Information security concepts and philosophies

C3. Threats to and vulnerablilities of organisations' information assets

C4. Developments in security control technologies and techniques

C5. the relevance of human factors to information security planning and management

Attitudes, Values and Beliefs

Have developed attitudes which allow you to:

A1. Adopt a critical approach to the analysis and design information systems security systems

A2. Be sceptical but not cynical about the content in information systems security publications

A3. Understand the ethical implications of security issues

Practical Skills

Have the skills to:

P1. Apply information security concepts in the analysis of information systems security issues

P2. Apply risk management techniques to the planning and management of information systems security systems

Relationships, Communication and TeamWork

S1. Students may be required to work in teams to complete some of the assessment and thus must develop appropriate interpersonal communication skills

Prerequisites Before attempting this unit you must have satisfactorily completed

Unit relationships IMS5002 is an elective unit in the Master of Information Systems and Management degree and associated degrees. Before attempting this unit you must have satisfactorily completed
Texts and software

Required text(s)

Anderson, R. (2001). Security Engineering. London: John Wiley & Sons.

Bosworth, S. & Kabay, M.E. (Eds.).(2002). Computer Security Handbook. Canada: John Wiley & Sons.

Merkow, M.S. & Breithaupt, J. (2000). The Complete Guide to Internet Security. New York: Amacom.

Text books are available from the Monash University Book Shops. Availability from other suppliers cannot be assured. The Bookshop orders texts in specifically for this unit. You are advised to purchase your text book early.

Hardware requirements:

Students studying off-campus are required to have the minimum system configuration specified by the faculty as a condition of accepting admission, and regular Internet access. On-campus students, and those studying at supported study locations may use the facilities available in the computing labs. Information about computer use for students is available from the ITS Student Resource Guide in the Monash University Handbook. You will need to allocate up to n hours per week for use of a computer, including time for newsgroups/discussion groups.

Recommended reading

 

Allinson, Caroline (2002). Information Systems Audit Trails; An Australian Government survey. Journal of Research and Practice in Information Technology, Vol 34, No 1. pp 47-64.

 

Anderson, R. (2001). Security Engineering. London: John Wiley & Sons.

Bosworth, S. & Kabay, M.E. (Eds.).(2002). Computer Security Handbook. Canada: John Wiley & Sons. (This text is on electronic copy in the library.  Use your authcate access code.)

Merkow, M.S. & Breithaupt, J. (2000). The Complete Guide to Internet Security. New York: Amacom.

On Reserve (Caulfield Library only):
Students are reminded that books “on reserve” can be obtained from the library counter.  Students have access to these books for two hour time slots.  You may photocopy articles and resources as required.

 

Ciampa, M. (2005).  Security+ Guide to Network Security Fundamentals, (2nd Edn). Boston, Massachusetts: Thomson Technology.

 

Erbschloe, M. (2003).  Guide to Disaster Recovery. Boston, Massachusetts: Thomson Technology.

 

Maiwald, E. (2004).  Fundamentals of Network Security. New York:  McGraw-Hill.

 

Palmer, M. (2004). Guide to Operating Systems Security. Boston, Massachusetts: Thomson Technology.

 

Panko, R. R. (2004). Corporate Computer and Network Security. New Jersey: Pearson Education International.

 

Quirk, P. & Forder, J. (2003).  Electronic Commerce and the Law (2nd Edn).  Singapore:  John Wiley & Sons Australia, Ltd.

 

Whiteman, M. E. & Mattord, H. J. (2005).  Principles of Information Security (2nd Edn). Boston, Massachusetts: Thomson Technology.
Additional references:
Dhillon, G. & Backhouse, J. (2001). "Current directions in IS security research: towards socio-organizational perspectives", Information Systems Journal, Vol 11, 127-153.
Grant, G.L. 1998. Understanding Digital Signatures: Establishing Trust over the Internet and other Networks. McGraw-Hill.
Krause, M. & Tipton, H.F. (eds) (1999). Handbook of Information Security and Management.
Ludlow, P. (ed) (2001). Crypto Anarchy, Cyberstates, and Pirate Utopias. The MIT Press.
Meinel, C. (2001). "Code Red: worm assault on the Web", Scientific American, September.
Moon, P. (1999). “Everything you always wanted to know about digital signatures”, NSW Law Society Journal, Vol 37 No 4, p57.
Rosen, J. (2001). "Out of context: the purposes of privacy", Social Research, Vol 68 No 1, 209-220.
Rosenheim, S.J. (1997). The Cryptographic Imagination: Secret Writing from Edgar Poe to the Internet. Baltimore: John Hopkins University Press.
Singh, S. (1999). The Code Book: the Secret History of Codes & Code-breaking. London: Fourth Estate.

 

Straub, D.W. & Welke, R.J. (1998). "Coping with systems risk: security planning models for management decision making", MIS Quarterly, Vol 22, 441-470.
Stoll, C. (1990). The Cuckoo’s Egg. New York: Pocket Books.
Thomas, D. & Loader, B.D. 2000. Cybercrime: law enforcement, security and surveillance in the information age. Routledge.

 

The Honeynet Project. (2002). Know Your Enemy: Revealing the Security Tools, Tactics, and  Motives of the Blackhat Community. Boston: Addison-Wesley.

 

Important Web sites:
The SANS top trends in security management for 2002: White paper, January 2002 (www.netiq.com)
www.CSOonline.com.au
http://www.cert.org/
http://www.cert.org/archive/html/protect-critical-systems.html#abs
Presentations and reports: Attack and intruder trends
http://www.cert.org/nav/index_red.html
http://www.cert.org/incident_notes/IN-2003-01.html
Independent Commission Against Corruption. eCorruption: eCrime vulnerabilities in the NSW Public Sector, Summary Report, 2001.
http://www.thinkmobile.com/News/00/48/29/
Disaster Strategies for Record Keeping:
www.records.nsw.gov.au/publicsector/rk/guidelines/counterdisaster/Introduction.htm
http://www.treasury.gov.au

 

 

 

 

 

 

 

 

www.privacy.gov.au/publications/pia1_print.html

 

Developing a security policy, December 2001, SunBluePrints http://www.sun.com/blueprints

 

 

 

Library access You may need to access the Monash library either personally to be able to satisfactorily complete the subject.  Be sure to obtain a copy of the Library Guide, and if necessary, the instructions for remote access from the library website.
Study resources

Study resources for IMS5002 are:

The IMS5002 website will contain lecture slides, weekly tutorial requirements, assignment specifications and marking guides and supplementary material.

Students are required to view the website regularly for information updates pertinent to this unit.

Structure and organisation

Week

Topics

Study Guide

References/Readings

Key Dates

1 Overview of the unit
2 Managing security in the organisation
3 Risk Management
4 IS Security Access Controls Assignment presentation
5 IS Security access controls continued
6 Impact of e-commerce on the organisation http://www.cert.org/encyc_article/tocencyc.html
7 Security over the internet http://www.cert.org/archive/html/protect-critical-systems.html Assignment presentation
Non-teaching
8 computer forensics
9 Security policies and procedures
10 Security standards, privacy and law
11 Business continuity plans/disaster recovery Assignment presentation
12 Current issues and Future Trends in
13 Review and Revision
Timetable

The timetable for on-campus classes for this unit can be viewed in Allocate+

Assessment

Assessment for the unit consists of one major assignment with a weighting of 30%, three presentations with a weighting of 20% = 50% and an examination with a weighting of 50%.

Assessment Policy

To pass this unit you must:

Pass assignments:
·         Major assignment                                                    30%
Due date to be advised
·         Three presentations    in tutorials                              20%
           
The formal supervised assessment for this unit will be an exam scheduled in the formal examination period following the last week of semester:

 

·         Examination    2 hours (plus 10 minutes reading time), closed book (50%)

 

You are required to be available for the exam and any necessary supplementary assessment procedures until the end of the assessment period. Alternative times for exams will not be approved without a medical certificate for a significant illness, or equivalent evidence.

Your score for the unit will be calculated by:

Assignments = 50%

Exam = 50%

Pass requirements
The 40% rule applies to units and determines the final result for a student where the student's performance in either the examination or assignment component of the unit is unsatisfactory. Students need to be aware of the 40% rule which is:
In order to pass a unit, a student must gain all of the following:
·         at least 40% of the marks available for the examination component: i.e. the final examination and any tests performed under exam conditions, taken as a whole
·         at least 40% of the marks available for the assignment component: i.e. the assignments and any other assessment tasks (such as presentations) taken as a whole
·         at least 50% of the total marks for the unit
Where a student gains less than 40% for either the examination or assignment component, the final result for the unit will be no greater than ‘44-N’.

 

Assessment Requirements

Assessment

Due Date

Weighting

Major Assignment Week 11 30 %
Assignment presentation - 1 Week4 6 %
Assignment presentation - 2 Week 7 7 %
Assignment presentation - 3 Week 11 7 %
Examination 2 hour(s), closed book Exam period starts 5th June. 50 %

Assignment specifications will be made available on the IMS5002 website. Information about assignments will be published on the Unit's Notices Newsgroup.

Assignment Submission Methods

Assignments will be submitted via paper submission to your tutor. Assignment presentations will be completed in tutorial sessions as outlined above on the due dates.  the Major assignment will be left in a drop box on the Friday of week 11; the location of the drop box will be communicated to students nearer the time.

 All assignments must be handed in with the appropriate cover sheet correctly filled out, signed and attached.

 Do not email submissions. The due date is the date by which the submission must be received.

Extensions and late submissions

Late submission of assignments

If you believe that your assignment will be delayed because of circumstances beyond your control such as illness, you should apply for an extension prior to the due date. All applications for extensions must be made in writing to your lecturer. Medical certificates or other supporting documentation will be required.
Late assignments submitted without an approved extension may be accepted (up to one week late) at the discretion of your lecturer, but will be penalised at the rate of 10% of total assignment marks per day (including weekends). Example:
Total marks available for the assignment = 100 marks
Marks received for the assignment = 70 marks
Marks deducted for 2 days late submission (20% of 100) = 20 marks
Final mark received for assignment = 50 marks 

This policy is strict because comments or guidance will be given on assignments as they are returned, and sample solutions may also be published and distributed, after assignment marking or with the returned assignment. 

Extensions

It is your responsibility to structure your study program around assignment deadlines, family, work and other commitments. Factors such as normal work pressures, vacations, etc. are seldom regarded as appropriate reasons for granting extensions. 

Requests for extensions must be made by  'email to the unit lecturer' at least two days before the due date. You will be asked to forward original medical certificates in cases of illness, and may be asked to provide other forms of documentation where necessary. A copy of the email or other written communication of an extension must be attached to the assignment submission.

Grading of assessment

Assignments, and the unit, will be marked and allocated a grade according to the following scale:

HD High Distinction - very high levels of achievement, demonstrated knowledge and understanding, skills in application and high standards of work encompassing all aspects of the tasks.
In the 80+% range of marks for the assignment.
D Distinction - high levels of achievement, but not of the same standards. May have a weakness in one particular aspect, or overall standards may not be quite as high.
In the 70-79% range.
C Credit - sound pass displaying good knowledge or application skills, but some weaknesses in the quality, range or demonstration of understanding.
In the 60-69% range.
P Pass - acceptable standard, showing an adequate basic knowledge, understanding or skills, but with definite limitations on the extent of such understanding or application. Some parts may be incomplete.
In the 50-59% range.
N Not satisfactory -  failure to meet the basic requirements of the assessment.
Below 50%.

We will aim to have assignment results made available to you within two weeks after assignment receipt.

Feedback Feedback to you

You will receive feedback on your work and progress in this unit. This feedback may be provided through your participation in tutorials and class discussions, as well as through your assignment submissions. It may come in the form of individual advice, marks and comments, or it may be provided as comment or reflection targeted at the group. It may be provided through personal interactions, such as interviews and on-line forums, or through other mechanisms such as on-line self-tests and publication of grade distributions.

Feedback from you

You will be asked to provide feedback to the Faculty through a Unit Evaluation survey at the end of the semester. You may also be asked to complete surveys to help teaching staff improve the unit and unit delivery. Your input to such surveys is very important to the faculty and the teaching staff in maintaining relevant and high quality learning experiences for our students.

And if you are having problems

It is essential that you take action immediately if you realise that you have a problem with your study. The semester is short, so we can help you best if you let us know as soon as problems arise. Regardless of whether the problem is related directly to your progress in the unit, if it is likely to interfere with your progress you should discuss it with your lecturer or a Community Service counsellor as soon as possible.

Plagiarism and cheating

Plagiarism and cheating are regarded as very serious offences. In cases where cheating  has been confirmed, students have been severely penalised, from losing all marks for an assignment, to facing disciplinary action at the Faculty level. While we would wish that all our students adhere to sound ethical conduct and honesty, I will ask you to acquaint yourself with Student Rights and Responsibilities and the Faculty regulations that apply to students detected cheating as these will be applied in all detected cases.

In this University, cheating means seeking to obtain an unfair advantage in any examination or any other written or practical work to be submitted or completed by a student for assessment. It includes the use, or attempted use, of any means to gain an unfair advantage for any assessable work in the unit, where the means is contrary to the instructions for such work. 

When you submit an individual assessment item, such as a program, a report, an essay, assignment or other piece of work, under your name you are understood to be stating that this is your own work. If a submission is identical with, or similar to, someone else's work, an assumption of cheating may arise. If you are planning on working with another student, it is acceptable to undertake research together, and discuss problems, but it is not acceptable to jointly develop or share solutions unless this is specified by your lecturer. 

Intentionally providing students with your solutions to assignments is classified as "assisting to cheat" and students who do this may be subject to disciplinary action. You should take reasonable care that your solution is not accidentally or deliberately obtained by other students. For example, do not leave copies of your work in progress on the hard drives of shared computers, and do not show your work to other students. If you believe this may have happened, please be sure to contact your lecturer as soon as possible.

Cheating also includes taking into an examination any material contrary to the regulations, including any bilingual dictionary, whether or not with the intention of using it to obtain an advantage.

Plagiarism involves the false representation of another person's ideas, or findings, as your own by either copying material or paraphrasing without citing sources. It is both professional and ethical to reference clearly the ideas and information that you have used from another writer. If the source is not identified, then you have plagiarised work of the other author. Plagiarism is a form of dishonesty that is insulting to the reader and grossly unfair to your student colleagues.

Communication

Tutors will provide tutor open hours and contact details to students at the beginning of the semester. 

Meetings with your lecturer should be arranged via email or during the lecturer open hours; or after the lecture.

Notices

Notices related to the unit during the semester will be placed on the Unit Website. Check this regularly. Failure to read the unit wesite is not grounds for special consideration.

Consultation Times

TBA

If direct communication with your unit adviser/lecturer or tutor outside of consultation periods is needed you may contact the lecturer and/or tutors at:

This person's profile is not available.Image of this person is not available.

This person's profile is not available.Image of this person is not available.

This person's profile is not available.Image of this person is not available.

All email communication to you from your lecturer will occur through your Monash student email address. Please ensure that you read it regularly, or forward your email to your main address. Also check that your contact information registered with the University is up to date in My.Monash.

Last updated: Feb 27, 2006