BAN311 - Managing Enterprise Cyber Security and Governance

Credit Points: 15 credit points

Workload: 36 hours

Prerequisite: N/A

Co-requisite: N/A

Aims & Objectives

This is a third-year Core Unit in the Bachelor of Business, Major in Business Analytics. For Course Learning Outcomes and further information relating to Bachelor of Business programs, please visit our website: http://www.mit.edu.au/study-with-us/programs/bachelor-business.  

In a globalised world, the management and governance of cybersecurity have paramount concerns across businesses and government institutions. This unit is designed to provide students with a wealth of knowledge and a comprehensive understanding of the critical components and best practices for safeguarding enterprises’ digital assets. It also includes critical components, strategies, governance principles, managerial practices, and compliance with relevant regulations and standards. After successful completion of this unit, students will be able to effectively manage cybersecurity and governance within an enterprise and address cybersecurity challenges, including safeguarding sensitive data and ensuring compliance with appropriate laws, standards, and regulations.   

Unit topics include: 

  • Cybersecurity policy and governance with reference to organisations, formats, & styles   
  • Cybersecurity framework and information risk assessment  
  • Cybersecurity, governance, and risk management 
  • Asset & financial management and data loss prevention 
  • Cybersecurity with reference to people, physical and environment management, information, communications, and operations 
  • Information systems acquisition, development, and maintenance 
  • Cybersecurity auditing, assessment, and incident response 
  • Laws and compliance relating to cybersecurity frameworks and standards. 
  • Regulatory compliance with reference to PCI compliance to merchants, financial institutions, and the childcare sector 
  • Business applications and continuity management 

Learning Outcomes

  1. Course learning outcomes 

  • The Course learning outcomes applicable to this unit are listed on the Melbourne Institute of Technology's website: www.mit.edu.au   

  1. Unit learning outcomes  

  • Analyse the current cybersecurity threat landscape to identify the evolving nature of future threats and attack trends. 
  • Identify and critique the current cybersecurity principles, standards, and management and governance frameworks. 
  • Apply risk assessment methods and techniques to identify data and information vulnerabilities and assess potential impact on enterprises. 
  • Identify ethical, legal and regulatory aspects of cybersecurity and industry-established policies and frameworks and apply those to the governance and management of enterprises.  

Assessment

Assessment Task Due Date A B Learning Outcomes Assessed 
1. Assessment 1: (Individual) – Cyberattacks Report Week 3 - 10%  a
2. Assessment 2: (individual) – Analytical Report   Week 8  30%  - c-d 
3. Assessment 3: Contribution and Participation Weeks 1 to 12  - 10% a-d 
4. Assessment 4: (Group) Project Report (3,000 words) (30%) and Role Play Presentation (20%) Week 12  30%  20% a-d 
TOTALS   60%  40%   

Task Type: Type A: unsupervised, Type B: supervised.

Contribution and Participation (10%)

This unit has class participation as an assessment. The assessment task and marking rubric will follow the Guidelines on Assessing Class Participation (https://www.mit.edu.au/about-us/governance/institute-rules- policies-and-plans/policies-procedures-and-guidelines/Guidelines_on_Assessing_Class_Participation). 

Further details on the type of assessment tasks and the marking rubrics will be provided in the assessment specification. 

Textbook and Reference Materials

Note: Students are required to purchase the prescribed textbook and have it available each week in class. 

Prescribed Text Book

  • Evans, A (2022), Enterprise Cybersecurity in Digital Business, Building a Cyber Resilient Organization, 1st Edition, Routledge. 

Recommended Texts

  • Santos, O. (2018). Developing cybersecurity programs and policies. Pearson 
  • Stallings, W. (2018). Effective cybersecurity: a guide to using best practices and standards. Pearson. 

Journal articles

  • Journal of cybersecurity and information management 
  • Journal of information security and applications 
  • Journal of information security and cybercrimes 
  • International journal of information management 
  • International journal of information security 
  • Information systems frontiers 

The Referencing style for this unit is APA:  

See the MIT Library Referencing webpage: https://library.mit.edu.au/referencing/APA and the Unit Moodle page for additional referencing support material and web links. 

Graduate Attributes

MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:

Ability to communicate Independent and Lifelong Learning Ethics Analytical and Problem Solving Cultural and Global Awareness Team work Specialist knowledge of a field of study

Legend

Levels of attainment Extent covered
The attribute is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations.
The attribute is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations.
The attribute is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations.
The attribute is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by activities such as lectures or tutorials.
The attribute is not considered, there is no theory or practice or activities associated with this attribute.