USQ LogoCourse specification
The current and official versions of the course specifications are available on the web at //
Please consult the web for updates that may occur during the year.

CIS8018 Strategic Information Security

Semester 2, 2014 External Toowoomba
Units : 1
Faculty or Section : Faculty of Business, Education, Law and Arts
School or Department : School of Management and Enterprise

Contents on this page


Examiner: Jianming Yong
Moderator: Mustafa Ally

Other requisites

Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at //


The rapid diffusion of technology through industry and society means a greater reliance on electronic media to support business activities. The amount of data and information stored electronically is of great concern to all parties involved. It is vitally important that future managers and IS professionals recognise the need to ensure that information systems are secure from unintentional and intentional threats from both authorised and unauthorised users and still maintain a high level of service. The emergence of online business has raised several important issues regarding how secure transactions are over an inherently insecure medium - the Internet.


This course examines the security concerns and problems resulting from the increased reliance on information technology to enhance business functions. There is an urgent need for management and professionals to have an in-depth understanding of the threats information and communication systems face and the controls or countermeasures that can prevent or limit their devastating effects. This course assists you to recognise the threats and vulnerabilities. Furthermore this course addresses how to design and develop the secure computing systems. This course focuses on information security management, including planning for security, security policy, security management models and practices, risk management, protection mechanisms, security and personnel, law and ethics, and information security project management.


On successful completion of this course, students should be able to:

  1. demonstrate academic and professional literacy by discussing the major security concerns and identify important legal issues impacting upon information security in the global context
  2. demonstrate an understanding of the skills required to work in non-traditional and virtual working environments by planning security measures for information systems
  3. demonstrate an understanding of change on organisations in the global environment and the impact of these on organisational systems by planning business continuity
  4. communicate professionally and effectively in both oral and written communication to various audiences to achieve targeted outcomes demonstrating and collating concepts of information security policy
  5. identify and solve complex organisational problems creatively and practically to increase the effectiveness of management processes through the development of a security program for an organisation
  6. evaluate, synthesise and critically review theoretical frameworks with other evidence to provide solutions to real-world problems by understanding security management models and practices
  7. demonstrate an understanding of change on organisations in the global environment and the impact of these on organisational systems by understanding risk management
  8. demonstrate reflective practice and apply learning to different contexts by critically analysing protection mechanisms for information systems to build sound knowledge
  9. demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by understanding the relationships between security and personnel, between security and law, between security and ethics
  10. demonstrate an understanding of the impact of interpersonal communication on specific management processes and outcomes using relevant theories and concepts by properly applying security principles into information security project management.


Description Weighting(%)
1. Introduction to the management of information security 5.00
2. Planning security 20.00
3. Information security policy 10.00
4. Developing the security program 10.00
5. Security management models and practices 10.00
6. Risk management 20.00
7. Protection mechanism 10.00
8. Personnel and security 10.00
9. Security, law and ethics 5.00

Text and materials required to be purchased or accessed

ALL textbooks and materials available to be purchased can be sourced from USQ's Online Bookshop (unless otherwise stated). (

Please contact us for alternative purchase options from USQ Bookshop. (

  • Whitman, ME & Mattord, HJ 2014, Hands-on information security lab manual, 4th edn, Thomson Course Technology, Boston, Massachusetts.
  • Whitman, ME & Mattord, HJ 2014, Management of information security, 4th edn, Thomson Course Technology, Boston, Massachusetts.

Reference materials

Reference materials are materials that, if accessed by students, may improve their knowledge and understanding of the material in the course and enrich their learning experience.
  • Ford, W & Baum, MS 2001, Secure electronic commerce: building the infrastructure for digital signatures and encryption, 2nd edn, Prentice Hall, Upper Saddle River, New Jersey.
  • Ghosh, AK 2001, Security and privacy for e-business, John Wiley & Sons, New York.
  • Greenstein, M & Vasarhelyi, M 2002, Electronic commerce: security, risk management and control, 2nd edn, McGraw-Hill, Boston, Massachusetts.
  • Miyazaki, AD & Fernandez, A 2000, 'Internet privacy and security: an examination of online retailer disclosures', Journal of Public Policy and Marketing, vol. 19, no. 1, pp. 54 - 62.
    (available from EBSCOhost MegaFILE Premier, Business Source Complete AN 3215143.)
  • Panko, RR 2004, Corporate computer and network security, Pearson Education, New York.
    (international edition.)
  • Schneider, GP 2013, Electronic commerce, 10th edn, Course Technology Cengage Learning, Boston, Massachusetts.
  • Standing, C & Benson, S 2000, 'An effective framework for evaluating policy and infrastructure issues for e-commerce', Information Infrastructure and Policy, vol. 6, no. 4, pp. 227 - 237.
    (available from EBSCOhost MegaFILE Premier, Academic Search Complete, AN 4055720.)
  • Ellison, C & Schneier, B 2000, Risks of PKI: e-commerce, communications of the ACM available at 2/p152-ellison/p152-ellison.pdf - vol. 43, no. 2, p. 152.
  • Neumann, PG 2000, Practical architectures for survivable systems and networks, SRI-report for the US Army Research Laboratory available at

Student workload requirements

Activity Hours
Assessments 40.00
Directed Study 105.00
Private Study 20.00

Assessment details

Description Marks out of Wtg (%) Due Date Notes
ESSAY 100 5 11 Aug 2014
RESEARCH PAPER 1 (REPORT) 100 30 01 Sep 2014
RESEARCH PAPER 2 (REPORT) 100 30 22 Sep 2014
RESEARCH PAPER 3 (REPORT) 100 35 20 Oct 2014

Important assessment information

  1. Attendance requirements:
    If you are an international student in Australia, you are advised to attend all classes at your campus. For all other students, there are no attendance requirements for this course. However, it is the students' responsibility to study all material provided to them or required to be accessed by them to maximise their chance of meeting the objectives of the course and to be informed of course-related activities and administration.

  2. Requirements for students to complete each assessment item satisfactorily:
    To satisfactorily complete an individual assessment item a student must achieve at least 50% of the marks. (Depending upon the requirements in Statement 4 below, students may not have to satisfactorily complete each assessment item to receive a passing grade in this course.)

  3. Penalties for late submission of required work:
    Students should refer to the Assessment Procedure (point 4.2.4)

  4. Requirements for student to be awarded a passing grade in the course:
    To be assured of receiving a passing grade a student must achieve at least 50% of the total weighted marks available for the course.

  5. Method used to combine assessment results to attain final grade:
    The final grades for students will be assigned on the basis of the aggregate of the weighted marks obtained for each of the summative assessment items in the course.

  6. Examination information:
    There is no examination in this course.

  7. Examination period when Deferred/Supplementary examinations will be held:
    Not applicable.

  8. University Student Policies:
    Students should read the USQ policies: Definitions, Assessment and Student Academic Misconduct to avoid actions which might contravene University policies and practices. These policies can be found at

Assessment notes

  1. Assignments:
    1. The due date for an assignment is the date by which a student must despatch the assignment to the USQ. The onus is on the student to provide proof of the despatch date, if requested by the examiner.
    2. Students must retain a copy of each assignment submitted for assessment. This must be produced within 24 hours if required by the examiner.
    3. In accordance with university policy, the examiner may grant an extension of the due date of an assignment in extenuating circumstances.
    4. The examiner will normally only accept assignments which are electronically submitted through the USQ Study Desk for this course. Students who are unable to meet this submission requirement should contact the examiner of the course to negotiate alternative arrangements.
    5. In the event that a due date for an assignment falls on a local public holiday in their area, such as a show holiday, the due date for the assignment will be the next day. Students are to note on the assignment cover the date of the public holiday for the examiner's convenience.

  2. Referencing in assignments:
    Harvard (AGPS) is the referencing system required in this course. Students should use Harvard (AGPS) style in their assignments to format details of the information sources they have cited in their work. The Harvard (AGPS) style to be used is defined by the USQ Library's referencing guide at //

  3. Make-up work:
    Students who have undertaken all of the required assessments in a course but who have failed to meet some of the specified objectives of a course within the normally prescribed time may be awarded the temporary grade: IM (Incomplete - Make up). An IM grade will only be awarded when, in the opinion of the examiner, a student will be able to achieve the remaining objectives of the course after a period of non-directed personal study.

  4. Deferred work:
    Students who, for medical, family/personal, or employment-related reasons, are unable to complete an assessment item at the scheduled time may apply to defer an assessment in a course. Such a request must be accompanied by appropriate supporting documentation. A temporary grade of IDM (Incomplete Deferred Make-up) may be awarded.

Other requirements

  1. Computer, e-mail and Internet access:
    Students are required to have access to a personal computer, e-mail capabilities and Internet access to UConnect. Current details of computer requirements can be found at //