ITC358 ICT Management and Information Security (8)

CSU Discipline Area: Computing (COMPU)

Duration: One session

Abstract:

Successful use of ICT involves ongoing management, development, persistence and most importantly security of ICT assets. The IT professional's knowledge and skills mix in information security are critical for business continuity. Identifying risk and implementing effective policy and practice to secure information is recognised clearly as a management issue. This subject comprises a series of topics that investigate information security and the implications for the management of ICT; and managerial and technical aspects of information security to provide a practical insight into information technology security practices. The foundational concepts of information security processes of Control Objectives for Information and related Technology (COBIT) and risk management of IT Infrastructure Library (ITIL) as an industry best practice for ICT security Management are also included.

+ Subject Availability Modes and Locations

Session 1
Internal	CSU Study Centre Sydney
Session 2
Internal	Albury-Wodonga
Internal	Bathurst
Internal	CSU Study Centre Melbourne
Internal	CSU Study Centre Sydney
Internal	Wagga Wagga
Distance	Wagga Wagga
Session 3
Internal	CSU Study Centre Sydney

Continuing students should consult the SAL for current offering details: ITC358

Where differences exist between the Handbook and the SAL, the SAL should be taken as containing the correct subject offering details.

Enrolment restrictions:

Available only to students in: Bachelor of Applied Science (Parks, Recreation and Heritage)/ Bachelor of Information Technology Bachelor of Business (with specialisations)/ Bachelor of Information Technology Bachelor of Information Technology Bachelor of Science/ Bachelor of Information Technology Bachelor of Applied Science (Library and Information Management)/Bachelor of Information Technology Bachelor of Industry Computing Bachelor of Information Technology (Business Services)

Objectives:

Upon successful completion of this subject, students should:

- be able to analyse the foundational concepts of management of ICT and information security;
- be able to develop ICT and information security plans;
- be able to analyse issues associated with security policy and programs;
- be able to assess and control risks related to an organisation's ICT assets;
- be able to identify methods used to attack ICT assets and information security systems;
- be able to apply the protection mechanisms to protect ICT resources and information security;
- be able to compare and contrast the effectiveness of various security mechanisms;
- be able to define virtual private networks and describe their security aspects;
- be able to determine the security implications of wireless and sensor networks;
- be able to evaluate security aspects of applications such as email and web services;
- be able to explain legal and ethical issues in information security; and
- be able to outline the information security processes of COBIT and risk management of ITIL as an
industry best practices for ICT security management.

Syllabus:

The subject will cover the following topics:

1. Principles of ICT management and information security 2. Planning for security and contingencies 3. Development and management of information security policies 4. Risk management: identifying, assessing and controlling risk 5. Attack models: identifying sources and types of attacks 6. Countermeasures: security management models and practices 7. Protection mechanisms and their effectiveness: OS Security and Cryptography 8. Network security infrastructure: IDSs, Firewalls, and VPNs, 9. Securing ad-hoc, wireless and sensor networks 10. Security of network applications 11. Law and ethics in information security 12. COBIT and ITIL information security processes

Back