Information Security Consulting (ISYS90070)

AIMS

This subject introduces a range of information security consulting services typically provided by leading management consultants in industry. The subject will cover the fundamental principles and practice of security risk assessment, incident response and disaster recovery, knowledge leakage, systems and network security, and policy and culture. Students will develop an appreciation for the kinds of consulting services that can be developed and marketed to industry in each of these areas. Consulting techniques in proposal writing, pricing, and marketing to prospective clients will also be discussed.

This subject supports course-level objectives by allowing students to have in-depth knowledge of the specialist area of information security management. The subject’s assessment tasks include the writing of a comprehensive consulting proposal and research into critical security issues faced by organisations. These tasks will encourage students to work in a team to develop a high-level of achievement in writing, research activities, and presentation skills.

Students who have a weighted average mark of at least 75% in the Master of Information Systems have the option to complete the on-line Advanced Elective ISYS90090 Cyber Security Management instead of ISYS90070 Information Security Consulting.

INDICATIVE CONTENT

Security principles and techniques discussed are: Models for understanding knowledge leakage, Security Risk Assessment Methods including OCTAVE, Firewall and VPN security scenarios, SANS Incident Response Methodology. Real world cases will be drawn from a range of organisation types including critical infrastructure installations in Australia.