rgb(255,165,0)
rgb(154,206,235)
rgb(0,0,128)
rgb(255,165,0)
rgb(0,0,128)
rgb(154,206,235)
rgb(255,0,0)
BN323 - Ethical Hacking and Security Governance
Credit Points: 15 credit points
Workload: 48 hours
Prerequisite: BN223 Cyber Security Principles
Co-requisite: N/A
Aims & Objectives
This is a core unit out of a total of 24 units in the Bachelor of Networking (Cyber Security) (BNet(CybSec)). This unit addresses the BNet(CybSec) course learning outcomes and complements other courses in a related field by developing students’ specialised knowledge in ethical hacking and vulnerability testing for enterprise systems under the framework of ethical, professional, and legal standards. For further course information refer to: http://www.mit.edu.au/study-with-us/programs/bachelor-networking. This unit is part of the AQF level 7 (BNet(CybSec)) course.
Students will be able to perform ethical hacking and vulnerability testing on enterprise systems with demonstrated knowledge of network vulnerabilities and security protocols. They will also update their skills in cybersecurity technologies with in-depth knowledge of ethical, legal, and professional governance and standards.
This unit will cover the following topics:
- Vulnerability testing (reconnaissance, scanning, and penetration testing tools and technologies)
- Network vulnerabilities (TCP/IP and network devices vulnerabilities, wireless network vulnerabilities, and web application vulnerabilities)
- Legal, ethical, and professional issues in information security
- Information security architecture planning and ICT governance
Learning Outcomes
4.1 Course Learning Outcomes
The Course learning outcomes applicable to this unit are listed on the Melbourne Institute of Technology’s website: www.mit.edu.au
4.2 Unit Learning Outcomes
At the completion of this unit students should be able to:
a. Analyse security vulnerabilities
b. Evaluate advanced network security tools and technologies
c. Analyse vulnerability testing outcomes in a realistic computing environment
d. Apply security solutions in accordance with the relevant governance policies, laws and standards
e. Develop and apply information security architecture in consideration of ethical and professional standards.
Weekly Topics
This unit will cover the content below:
| Week | Topics |
|---|---|
| 1 | Introduction to ethical hacking and security governance |
| 2 | Art of vulnerability testing: Reconnaissance |
| 3 | Art of vulnerability testing: Scanning Tools |
| 4 | Art of vulnerability testing: Scanning Technologies |
| 5 | Vulnerabilities in Web Applications |
| 6 | Vulnerabilities in TCP/IP and Network Devices |
| 7 | Vulnerabilities in Wireless Networking |
| 8 | Laws and Ethics in Information Security |
| 9 | Commercial Standards and Regulations in Information Security |
| 10 | Enterprise Policy and Governance in Information Security |
| 11 | Planning, Training and Reinforcement of Information Security |
| 12 | Review and Future Trends in Information Security Tools and Technologies |
Assessment
| Assessment Task | Due Date | A | B | Learning Outcomes Assessed |
|---|---|---|---|---|
| Formative Assignment 1 | Week 3 (10/04/2022) | 5% | a | |
| In-Class Test | Week 7 (06/05/2022) | 10% | b-c | |
| Assignment 2 | Week 11 (05/06/2022) | 25% | a-e | |
| Laboratory and Problem Based Learning participation & submission | Week 2 – 11 (12/06/2022) | 10% | a-e | |
| Final Examination (2 hours) | 50% | a-e | ||
| TOTALS | 40% | 60% |
Task Type: Type A: unsupervised, Type B: supervised.
Contribution and participation
This unit has class participation and student contribution as an assessment. The assessment task and marking rubric will follow the Guidelines on Assessing Class Participation (https://www.mit.edu.au/about-us/governance/institute-rules-policies-andplans/policies-procedures-and-guidelines/Guidelines_on_Assessing_Class_Participation). Further details will be provided in the assessment specification on the type of assessment tasks and the marking rubrics.
Presentations (if applicable)
For presentations conducted in class, students are required to wear business attire.
Textbook and Reference Materials
Textbook:
- M. T. Simpson, N. Antill, Hands-On Ethical Hacking and Network Defense, Cengage, 3rd Ed., 2018
References:
- A. Basta, N. Basta, M. Brown, Computer Security and Penetration Testing, Cengage, 2nd Ed., 2014
- M. E. Whitman, H. J. Mattord, Principles of Information Security, Cengage, 6th Ed., 2018
Adopted Reference Style: IEEE
Graduate Attributes
MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:
| Ability to communicate | Independent and Lifelong Learning | Ethics | Analytical and Problem Solving | Cultural and Global Awareness | Team work | Specialist knowledge of a field of study |
|---|---|---|---|---|---|---|
Legend
| Levels of attainment | Extent covered |
|---|---|
| The attribute is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations. | |
| The attribute is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations. | |
| The attribute is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations. | |
| The attribute is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by activities such as lectures or tutorials. | |
| The attribute is not considered, there is no theory or practice or activities associated with this attribute. |