BN324 - Enterprise Cyber Security and Management

Credit Points: 15 credit points

Workload: 48 hours

Prerequisite: BN223 Cyber Security Principles

Co-requisite: N/A

Aims & Objectives

This is a core unit out of a total of 24 units in the Bachelor of Networking (BNet). This unit addresses the BNet course learning outcomes and complements other courses in a related field by developing students’ specialised knowledge in cyber security in enterprise systems under the framework of management. For further course information refer to: http://www.mit.edu.au/study-with-us/programs/bachelor-networking. This unit is part of the AQF level 7 (BNet) course.

Students will be able to addresses key strategic cyber security issues from the perspective of an organisation's Chief Information Security Officer. Topics include communicating cyber issues to a board in terms that are relevant to them. Identity is addressed; especially the challenges that are associated with access control in a federated environment during times of transition such as during merger and acquisition. The highly interconnected nature of Cyber-Physical systems are analysed to help provide a framework to reason about consequences (and their mitigation) in the face of cyber threat. Trends in cloud, IOT, analytics, mobile and social are looked at from the cyber perspective.

This unit will cover the following topics:

  • Enterprise organisations and trends: cloud, IOT, analytics, mobile and social
  • Risk Management and Cybersecurity Strategy 
  • Aligning Risk to the Business Strategy, Enterprise Cybersecurity Strategy & Risk Management Solutions
  • Secure personal, network, devices and web application 
  • Building Security in Maturity Model (BSIMM)
  • Aligning the ICT Organization with Regulatory Requirements

Learning Outcomes

4.1 Course Learning Outcomes
The Course learning outcomes applicable to this unit are listed on the Melbourne Institute of Technology’s website: www.mit.edu.au 

4.2 Unit Learning Outcomes
At the completion of this unit students should be able to:
a. Articulate cyber security imperatives to key decision makers in an enterprise organisation.
b. Evaluate the cyber security posture of an organisation.
c. Analyse the cyber security of an organisation's mission, considering both those inside and those outside the organisation.
d. Analyse the cyber security consequences of the increasing connectedness of end-point devices and control systems to an organisation's mission.
e. Devise strategies and risk management solutions.

Weekly Topics

This unit will cover the content below:

Week Topics
1 Enterprise organisations and trends: cloud, IOT, analytics, mobile and social
2 Understanding the Business Strategy and initiatives
3 Risk Management and Cybersecurity Strategy
4 Aligning Risk to the Business Strategy, Enterprise Cybersecurity Strategy & Risk Management Solutions
5 Securing the web front of enterprise: web application protection
6 Securing personnel:identify theft and social media
7 Securing devices: mobile, IOT, WSN
8 Securing databases: distributed database security
9 Securing cloud network and applications
10 Building Security in Maturity Model (BSIMM)
11 Aligning the ICT Organization with Regulatory Requirements
12 Review and Future Trends in Information Security Tools and Technologies

Assessment

Assessment Task Due Date A B Learning Outcomes Assessed
Formative Assignment 1 Week 3 (10/04/2022) 5%   a
In-Class Test Week 7 (06/05/2022)   10% a-c
Assignment 2 Week 11 (05/06/2022) 25%   a-e
Laboratory and Problem Based Learning participation & submission Week 2 – 11 (12/06/2022) 10%   a-e
Final Examination (3 hours)     50% a-e
TOTALS   40% 60%  

Task Type: Type A: unsupervised, Type B: supervised.

Contribution and participation (in class) (10%)

This unit has class participation and student contribution as an assessment. The assessment task and marking rubric will follow the Guidelines on Assessing Class Participation (https://www.mit.edu.au/about-us/governance/institute-rules-policies-andplans/policies-procedures-and-guidelines/Guidelines_on_Assessing_Class_Participation). Further details will be provided in the assessment specification on the type of assessment tasks and the marking rubrics.

Presentations (if applicable)
For presentations conducted in class, students are required to wear business attire.

Textbook and Reference Materials

Textbook: 

None

References:

  • M. T. Simpson, N. Antill, Hands-On Ethical Hacking and Network Defense, Cengage, 3rd Ed., 2018 
  • M. E. Whitman, H. J. Mattord, Principles of Information Security, Cengage, 6th Ed., 2018
  • S. Donaldson,‎ S. Siegel,‎ C. K. Williams, Enterprise Cybersecurity: How to Build a Successful Cyberdefense Program against Advanced Threats, Apress, USA, 2015
  • W. R. Simpson, Enterprise Level Security: Finding Security in an Uncertain Environment, Auerbach Publishers, USA, 2016
  • A. Basta, N. Basta, M. Brown, Computer Security and Penetration Testing, Cengage, 2nd Ed., 2014

Internet references

Journals

  • Journal of Computer Virology and Hacking Techniques
  • IEEE Security and Privacy Magazine
  • International Journal of Information Security and Privacy
  • Journal of Information Privacy and Security
  • Journal of Computer Security
  • Journal of Information System Security

Adopted Reference Style: IEEE

Graduate Attributes

MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:

Ability to communicate Independent and Lifelong Learning Ethics Analytical and Problem Solving Cultural and Global Awareness Team work Specialist knowledge of a field of study

Legend

Levels of attainment Extent covered
The attribute is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations.
The attribute is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations.
The attribute is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations.
The attribute is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by activities such as lectures or tutorials.
The attribute is not considered, there is no theory or practice or activities associated with this attribute.