Information Security Consulting

This subject has the following teaching availabilities in 2016:

200 hours

None

None

None

None

For the purposes of considering request for Reasonable Adjustments under the Disability Standards for Education (Cwth 2005), and Students Experiencing Academic Disadvantage Policy, academic requirements for this subject are articulated in the Subject Overview, Objectives, Assessment and Generic Skills sections of this entry.

It is University policy to take all reasonable steps to minimise the impact of disability upon academic study, and reasonable adjustments will be made to enhance a student's participation in the University's programs. Students who feel their disability may impact on meeting the requirements of this subject are encouraged to discuss this matter with a Faculty Student Adviser and the Disability Liaison Unit: http://www.services.unimelb.edu.au/disability/

Aims

This subject introduces a range of information security consulting services typically provided by leading management consultants in industry. The subject will cover the fundamental principles and practice of security risk assessment, incident response and disaster recovery, knowledge leakage, systems and network security, and policy and culture. Students will develop an appreciation for the kinds of consulting services that can be developed and marketed to industry in each of these areas. Consulting techniques in proposal writing, pricing, and marketing to prospective clients will also be discussed.

This subject supports course-level objectives by allowing students to have in-depth knowledge of the specialist area of information security management. The subject’s assessment tasks include the writing of a comprehensive consulting proposal and research into critical security issues faced by organizations. These tasks will encourage students to work in a team to develop a high-level of achievement in writing, research activities, and presentation skills.

Indicative Content

Security principles and techniques discussed are: Models for understanding knowledge leakage, Security Risk Assessment Methods including OCTAVE, Firewall and VPN security scenarios, SANS Incident Response Methodology. Real world cases will be drawn from a range of organization types including critical infrastructure installations in Australia.

Intended Learning Outcomes (ILOs)

On completion of this subject the student is expected to:

1. Identify a range of opportunities for information security consulting in organizations
2. Develop and document a competitive business proposal to undertake information security consulting services inside an organization
3. Describe a high-level strategy for managing an organization’s information security issues
4. Appreciate the critical role of information security in organizations and the controls available for enforcement

• One group based seminar presentation of a research paper (10%) with 5-6 group members of approximately 20 minutes duration, requiring 13-15 hours of work per student. Intended Learning Outcomes (ILOs) 3 and 4 are addressed in the research paper presentation.
• One group based seminar paper (20%) with 5-6 group members of approximately 3000 words (5 to 6 students) seminar paper, requiring 25-30 hours of work per student. ILOs 3 and 4 are addressed in the seminar paper.
• One group based presentation of the seminar paper (10%) with 5-6 group members of approximately 10 minutes duration, requiring 13-15 hours of work per student. ILOs 3 and 4 are addressed in the seminar paper presentation.
• Demonstration of individual expertise in class discussions (10%), requiring13-15 hours of work. ILO 4 is addressed in class discussions.
• One individual consulting proposal (50%) of approximately 4000 words, requiring 50-60 hours of work. ILOs 1 and 2 are addressed in the consulting proposal.

None

A range of readings will be provided during the course, including current articles and reports.

This subject is not available as a breadth subject.

On completion of this subject, students should have developed the following generic skills:

• Have in-depth knowledge of a specialist area through exposure and study of information security areas of knowledge
• Reach a high level of achievement in writing, research or project activities problem-solving and communication through the writing of a comprehensive consulting proposal
• Team-work, through working on a group project.
• Report-writing skills
• Presentation skills

Learning and Teaching Methods

The subject is delivered over three weekends in 6 hour classes where each class contains a series of lecture presentations, collaborative discussion and activities, and self-study of research related articles.

Indicative Key Learning Resources

Students will have access to lecture slides as well as a range of research articles and real-world cases will be provided through the subject LMS site.

Careers/Industry Links

This subject is relevant to students pursuing management consulting careers as well as IT professionals in general. Students will be studying real-world security challenges to organizations and developing realistic consulting proposals. The lecturer is formerly a security consultant and guest speakers from industry will also be invited.