| Effective Term: | 2024/05 |
| Institute / School : | Institute of Innovation, Science & Sustainability |
| Unit Title: | Cyber Risk and Incident Management |
| Unit ID: | ITECH7615 |
| Credit Points: | 15.00 |
| Prerequisite(s): | (ITECH7614) |
| Co-requisite(s): | Nil |
| Exclusion(s): | Nil |
| ASCED: | 029901 |
| Other Change: | |
| Brief description of the Unit |
With the continuously growing cyber threats and attacks, managing cyber security risks and incidents is becoming an increasing challenge for enterprises operating in global digital environments. Cyber risk management is about managing the effects of uncertainty on organizational objectives in a way that makes the most effective and efficient use of limited resources. The unit will address designing a framework of risk management processes that ensure engagement by key stakeholders, aligning risk management to organizational goals and objectives, and setting up policies, procedures, and guidance throughout the enterprise. The unit will further look into the impact of cyber risk on society and ethical issues.
|
| Grade Scheme: | Graded (HD, D, C, P, MF, F, XF) |
| Work Experience Indicator: |
| No work experience |
| Placement Component: No |
| Supplementary Assessment:Yes |
| Where supplementary assessment is available a student must have failed overall in the Unit but gained a final mark of 45 per cent or above, has completed all major assessment tasks (including all sub-components where a task has multiple parts) as specified in the Unit Description and is not eligible for any other form of supplementary assessment |
| Course Level: |
| Level of Unit in Course | AQF Level(s) of Course | | 5 | 6 | 7 | 8 | 9 | 10 | | Introductory | | | | | | | | Intermediate | | | | |  | | | Advanced | | | | | | |
|
| Learning Outcomes: |
| Knowledge: |
| K1. | Explain enterprise information security risk management framework and its practices. |
|
| K2. | Articulate the business consequences of identified information security risks. |
|
| K3. | Discover the relationship between the cyber security risk and business value. |
|
| K4. | Discuss risk control, micro safeguards, business impact analysis, and ethical and societal impacts. |
|
| K5. | Discuss the cyber risk landscape and cyber security metrics. |
|
| Skills: |
| S1. | Identify and model information security risks. |
|
| S2. | Research and apply qualitative and quantitative techniques for risk assessment. |
|
| S3. | Evaluate and select the most appropriate analytical tools for assessing cyber risks in business continuity management, substantiating choices with research findings. |
|
| S4. | Analyse challenges and problems in cyber risk assessment. |
|
| Application of knowledge and skills: |
| A1. | Develop strategic security and cyber Incident response plan |
|
| A2. | Create effective cyber risk and incident management policy |
|
| A3. | Conduct an in-depth cyber-risk assessment utilizing selected tools, and provide a rationale for the tools used based on their assessed capabilities. |
|
| Unit Content: |
Topics may include:
- Risk management principles and concepts
- Risk identification and assessment
- Risk response strategies
- Risk monitoring and reporting
- The Role of internal/external audit in risk management
- Risk management tools and techniques
- Risk management in the public/Defense/different industries
- International Standards, Frameworks, and Best Practices
- Incident management (frameworks, identification, detection, response planning)
- Incident analysis, investigation, mitigation, and containment
- Incident recovery, review, and reporting
- Legal and regulatory compliance
- Tools and technologies for incident management
- Metrics, Key Performance Indicators, case studies
- Emerging trends and challenges
|
| Graduate Attributes: |
| Federation University recognises that students require key transferable employability skills to prepare them for their future workplace and society. FEDTASKS (Transferable Attributes Skills and Knowledge) provide a targeted focus on five key transferable Attributes, Skills, and Knowledge that are be embedded within curriculum, developed gradually towards successful measures and interlinked with cross-discipline and Co-operative Learning opportunities. One or more FEDTASK, transferable Attributes, Skills or Knowledge must be evident in the specified learning outcomes and assessment for each FedUni Unit, and all must be directly assessed in each Course.
|
| FED TASK and descriptor | Development and acquisition of FEDTASKS in the Unit | Learning outcomes
(KSA) | Assessment task
(AT#) | FEDTASK 1
Interpersonal | Students at this level will demonstrate an advanced ability in a range of contexts to effectively communicate, interact and work with others both individually and in groups. Students will be required to display high level skills in-person and/or online in: • Using and demonstrating a high level of verbal and non-verbal communication • Demonstrating a mastery of listening for meaning and influencing via active listening • Demonstrating and showing empathy for others • High order skills in negotiating and conflict resolution skills\\ • Demonstrating mastery of working respectfully in cross-cultural and diverse teams. | Not applicable | Not applicable | FEDTASK 2
Leadership | Students at this level will demonstrate a mastery in professional skills and behaviours in leading others. • Creating and sustaining a collegial environment • Demonstrating a high level of self -awareness and the ability to self-reflect and justify decisions • Inspiring and initiating opportunities to lead others • Making informed professional decisions • Demonstrating initiative in new professional situations. | Not applicable | Not applicable | FEDTASK 3
Critical Thinking and Creativity | Students at this level will demonstrate high level skills in working in complexity and ambiguity using the imagination to create new ideas. Students will be required to display skills in: • Reflecting critically to generate and consider complex ideas and concepts at an abstract level • Analysing complex and abstract ideas, concepts and information • Communicate alternative perspectives to justify complex ideas • Demonstrate a mastery of challenging conventional thinking to clarify complex concepts • Forming creative solutions in problem solving to new situations for further learning. | K1,K2,K3,K4,K5, S1,S2,S3,S4,A1,A2,A3 | AT1, AT2, AT3 | FEDTASK 4
Digital Literacy | Students at this level will demonstrate the ability to work competently across a wide range of tools, platforms and applications to achieve a range of tasks. Students will be required to display skills in: • Mastering, exploring, evaluating, managing, curating, organising and sharing digital information professionally • Collating, managing complex data, accessing and using digital data securely • Receiving and responding professionally to messages in a range of professional digital media • Contributing competently and professionally to digital teams and working groups • Participating at a high level in digital learning opportunities. | K1,K2,K3,K4,K5, S1,S2,S3,S4,A1,A2,A3 | AT1, AT2, AT3 | FEDTASK 5
sustainable and Ethical Mindset | Students at this level will demonstrate a mastery of considering and assessing the consequences and impact of ideas and actions in enacting professional ethical and sustainable decisions. Students will be required to display skills in: • Demonstrate informed judgment making that considers the impact of devising complex solutions in ambiguous global economic environmental and societal contexts • Professionally committing to the promulgation of social responsibility • Demonstrate the ability to evaluate ethical, socially responsible and/or sustainable challenges and generating and articulating responses • Communicating lifelong, life-wide and life-deep learning to be open to the diverse professional others • Generating, leading and implementing required actions to foster sustainability in their professional and personal life | Not applicable | Not applicable |
|
| | Learning Outcomes Assessed | Assessment Tasks | Assessment Type | Weighting | | 1. | K1-5, S1-4, A1-3 | The task involves the application of knowledge and skills in analyzing and evaluating risks and managing incidents through real-life use cases. | Report/project/Use cases | 20-30% | | 2. | K1-5, S1-2, A1-2 | Develop a viable risk and incident management framework based on organizational context, requirements, and compliance through employing knowledge and skills acquired. | Assignment(s) and Presentation(s)
| 30-50% | | 3. | K1-5, A-2, S1-2 | Perform risk assessment and incident management from a cybersecurity perspective and solve associated problems. | Test(s)/case study/Use case assessment | 30-50% |
|
Professional Standards / Competencies: |
| | Standard / Competency | | 1. | Australian Computer Society - Core Body of Knowledge: 2023 accreditation |
|
| Attribute | Assessed | Level | | Core ICT Knowledge | |
Cyber Security
| | |
Nature of Cyber Security: forms of attack, prevention, detection, mitigation and repair
| | Yes | Intermediate | | |
Information assets to be secured (hardware, networks, software, data) and the different means of securing them, cryptography
| | Yes | Intermediate | | |
Human security roles and behaviours, rights and obligations (privacy)
| | Yes | Intermediate | | |
Cyber Security risk assessment, policy, management and testing, forensics
| | Yes | Advanced | |
ICT Management and Governance
| | |
Fundamental governance principles (strategy development, establishment and monitoring systems for management and policy)
| | Yes | Introductory | | |
Organisational context, staffing roles and skills (SFIA, e-CF), organisational culture
| | Yes | Introductory | | Professionalism as it applied in ICT | | Professional ICT Ethics | | |
ICT specific ethics issues: adverse stakeholder impacts of ICT, surveillance and privacy, data matching, autonomous computing, digital divide, etc.
| | Yes | Introductory | |
Impacts of ICT
| | |
Impacts of ICT on society (cyber warfare; surveillance, privacy and civil liberties, cybercrime and hacking, digital divide, technology reliance, intellectual property and legal issues)
| | Yes | Introductory |
| | 2. | Skills Framework for the Information Age (SFIA): Version 8 |
|
| Attribute | Assessed | Level | | Strategy and architecture | | Strategy and planning | | | EMRG Emerging technology monitoring (Levels 4 - 6) Identifying and assessing new and emerging technologies, products, services, methods and techniques. | | Yes | 4 | | | COPL Continuity management (Levels 2 - 6) Developing, implementing and testing a business continuity framework. | | Yes | 3 | | Security and privacy | | | SCTY Information security (Levels 3 - 7) Defining and operating a framework of security controls and security management strategies. | | Yes | 5 | | | INAS Information assurance (Levels 3 - 7) Protecting against and managing risks related to the use, storage and transmission of data and information systems. | | Yes | 5 | | | PEDP Personal data protection (Levels 5 - 6) Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation. | | Yes | 4 | | | VURE Vulnerability research (Levels 3 - 6) Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses. | | Yes | 3 | | Governance, risk and compliance | | | BURM Risk management (Levels 3 - 7) Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise. | | Yes | 5 | | Delivery and operation | | Service management | | | USUP Incident management (Levels 2 - 5) Coordinating responses to incident reports, minimising negative impacts and restoring service as quickly as possible. | | Yes | 4 | | Security services | | | SCAD Security operations (Levels 1 - 6) Delivering management, technical and administrative services to implement security controls and security management strategies. | | Yes | 2 |
|
|