COMMGMT 7026 - Policies & Procedures in Organisational Cyber Security (M)
North Terrace Campus - Semester 1 - 2020
-
General Course Information
Course Details
Course Code COMMGMT 7026 Course Policies & Procedures in Organisational Cyber Security (M) Coordinating Unit Adelaide Business School Term Semester 1 Level Postgraduate Coursework Location/s North Terrace Campus Units 3 Contact Up to 3 hours per week Available for Study Abroad and Exchange N Incompatible COMMGMT 2509 Assessment Situation analysis, report and reflective journal Course Staff
Course Coordinator: Dr Cate Jerram
Dr Cate Jerram
10.34 Nexus 10
cate.jerram@adelaide.edu.au
#8313 4757Course Timetable
The full timetable of all activities for this course can be accessed from .
-
Learning Outcomes
Course Learning Outcomes
On successful completion of this course, students will be able to:
1. Identify policy needs (incorporating procedures, standards, and guidelines) to address cyber security requirements for a specific organisation and prioritise realistically.
2. Research national and international policies for organisational cyber security, identifying the most relevant contextually.
3. Interpret cyber security policies, identifying nuances; evaluate their relevance and appropriateness for a specific industry or organisation; and adopt and adapt them to specifically address identified organisational needs.
4. Draft and polish core cyber security policies, procedures and guidelines (compliant with standards), and accompanying documentation, for a specific industry or organisation and phrase and present them to a professional standard.
5. Log, analyse, and report on, interaction with clients, demonstrating reflection that leads to planned change.最新糖心Vlog Graduate Attributes
This course will provide students with an opportunity to develop the Graduate Attribute(s) specified below:
最新糖心Vlog Graduate Attribute Course Learning Outcome(s) Deep discipline knowledge
- informed and infused by cutting edge research, scaffolded throughout their program of studies
- acquired from personal interaction with research active educators, from year 1
- accredited or validated against national or international standards (for relevant programs)
1 - 4 Critical thinking and problem solving
- steeped in research methods and rigor
- based on empirical evidence and the scientific approach to knowledge development
- demonstrated through appropriate and relevant assessment
1 - 5 Teamwork and communication skills
- developed from, with, and via the SGDE
- honed through assessment and practice throughout the program of studies
- encouraged and valued in all aspects of learning
- Career and leadership readiness
- technology savvy
- professional and, where relevant, fully accredited
- forward thinking and well informed
- tested and validated by work based experiences
1 - 5 Intercultural and ethical competency
- adept at operating in other cultures
- comfortable with different nationalities and social contexts
- able to determine and contribute to desirable social outcomes
- demonstrated by study abroad or with an understanding of indigenous knowledges
2 - 5 Self-awareness and emotional intelligence
- a capacity for self-reflection and a willingness to engage in self-appraisal
- open to objective and constructive feedback from supervisors and peers
- able to negotiate difficult social situations, defuse conflict and engage positively in purposeful debate
4, 5 -
Learning Resources
Required Resources
Students will be researching and sourcing material.Recommended Resources
A Vaseashta, P Susmann, & E Braman. Cyber Security and Resiliency Policy Framework. IOS Press. 2014-09-19 (Free download through ProQuest Ebook Central, via 最新糖心Vlog of Adelaide Library)
Potentially helpful (not required):
Michael N. Schmitt (Ed). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.
Cambridge 最新糖心Vlog Press, 2017. -
Learning & Teaching Activities
Learning & Teaching Modes
This course is taught in seminars - weekly 3-hour classes.
It is industry-based. In teams, students apply what they are learning in the course to real businesses who are their team client.
INTEGRITY is critical in this class as clients must be able to expect absolute CONFIDENTIALITY.
Timetables are worked around client need and interaction more than around normal 'semester timetable' or 'student expectations' - as students are being entrusted with the well-being of real businesses, it is necessary for students to understand the requirement to work to client need, not just classroom norms.
Workload
No information currently available.
Learning Activities Summary
Week
Seminar Topic
Learning Activities
Week 1
Course overview
§ Learning Outcomes
§ Assessment
Topic overview:
§ Policy
§ Procedures & Processes
§ Standards
§ Guidelines
§ Organisational Cyber Security
§ Business Writing
§ Writing for a Lay Audience
Client & Teams Allocation
Discussion of
§ assessments & rubrics
§ Individual Contribution to Team Project
§ Communicating with Clients
§ Professionalism
§ Mentoring & Being Mentored
§ Team Process Documentation
Teams start work:
§ Developing team protocols
§ Researching clients
Week 2
The role of policy in organisations.
§ The role of drafting policy in organisations.
§ The challenges of drafting policy in organisations.
Hierarchy of data uses – hierarchy or policy criticality
Data Governance & Policy (& Culture)
§ Modernising Data Governance
§ Changing Data Culture & Policy
Policy Framework
Guest speaker:
Special Guest speaker: tbc
Ensuring all organisational policies are privacy- & security-centric
Contact Clients – First Visit
Research national and international policies for organisational cyber security
Discuss: adopt, adapt, write from scratch
Week 3
Needs Analysis
Prioritization
The 4 steps of Policy Development:
1. Plan
2. Analyse
3. Research
4. Pre-Write
Consultation throughout 4 stages
§ Consultation vs collaboration
Workshop – Needs Analysis
Workshop - The 4 steps of Policy Development:
§ Step 1 – Plan.
Creating & Working with Templates
Wording, phrasing & formatting for:
§ clarity and communication
§ being read
§ being followed
Consultation & Collaboration Processes for Semester
Week 4
Strategic Policy Setting (primary)
§ Set a strategic direction
§ Maximise positive impacts
§ Engage stakeholders
§ Establish clear levels of accountability
Workshop – writing, wording, formatting.
Workshop - The 4 steps of Development:
Step 1 – Plan.
Step 2 – Analyse.
Week 5
Operational Policy Setting (secondary)
§ Clearly outline processes to be followed
§ Meet legislative requirements
§ Address audit findings
§ Address stakeholder concerns
Special Guest speaker: tbc
Workshop - The 4 steps of Development:
Step 3 - Research
Step 4 – Pre-writing
Week 6
Open Mic Share Session – Challenges to Date
Processes, Procedures and Standards
§ Designing
§ Writing
Workshop
Algorithms & Algorithmic thinking & planning
Workshop
Common Cyber Security Policies
Ongoing communication and work with clients, as required by client/team arrangements.
Week 7
Policy Frameworks & Roadmaps
Core Policies required
§ Prevention
§ Control
§ Damage mitigation
Core Cyber Security Policies required
· Hygiene
· Mitigation
· Incident Reporting
· Hiring, Firing, & Retirement
· Access
· BYOD & Mobile
· Retention, Storage & Disposal
· etc
Workshop
Common Cyber Security Policies (continued)
Understanding categories, priorities, criticality.
Week 8
Standards:
§ Prescriptive Standards
§ Performance Standards
§ Researching Standards
§ Making standards intelligible
§ Compliance & Non-compliance
Special Guest speaker: tbc
Explore PCI standards, docs, compliance…
Week 9
Scope & Future Work Declarations
Creating standard forms.
Workshop templates & standard forms eg:
§ Account Setup Request
§ Guest Access Request
§ Notice of Policy Noncompliance
§ Policy Acknowledgement Form
§ Request for Policy Exemption
§ Security Incident Report
§ etc
Week 10
Guidelines and Handbooks
§ Designing
Writing
Workshop
Special Guest speaker: tbc
Week 11
Verification and Validation
Maintaining & Updating Policies
Retiring Policies
Workshop: verification & validation
Workshop: Layout, Proofing & Editing
Writing policies on policy management
Week 12
Publishing Policies:
§ Online
§ On paper
Notifying, Training and Updating Users
Open Mic Share Session – Challenges to Date
Workshop: Publishing Policies
Workshop: Training & Notifying
Anonymous Feedback for Cate Survey (found in Quiz)
Week 13
Week 15
-
Assessment
The 最新糖心Vlog's policy on Assessment for Coursework Programs is based on the following four principles:
- Assessment must encourage and reinforce learning.
- Assessment must enable robust and fair judgements about student performance.
- Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
- Assessment must maintain academic standards.
Assessment Summary
Please note that the Assessment Summary below incorporates both Undergraduate and Postgraduate Assessments - there are some slight differences.Note: Assessments are linked to Course Learning Outcomes.
Assessment Task
Weighting
Word Count / Time
Due
Learning Outcome
Client Project
80%
Note: Individual Contribution to Team Reports (& client & teacher observations) will modify all team grades for individuals.
Step 1: Policy Situation Analysis, Needs Analysis, & Prioritization
15%
n/a
Class *Week 4
1 - 4
Step 2: Research & Client Consultation Report – A (mark redeemable/overwritten by 2B mark).
15%
n/a
Class Week 7
5
Step 3: Process & Procedures Needs Analysis & Prioritization
15%
n/a
Class Week 6 & 12
1 - 4
Step 4: Policy, Procedures & Documentation
UG: Draft
PG: Finalised with Recommendations
35%
n/a
Class Week 12
Week 13
1 - 4
Step 2a: Research & Client Consultation Report – B
15%
n/a
Week 13+
3 - 5
Report Log & Reflective Journal
Draft week 3 journal – Provisional Grade
Final – after final submission to client
20%
20%
13 entries
500-1000 words each
Class Week 3
Week 13+
5
Total
100%
Due to the current COVID-19 situation modified arrangements have been made to assessments to facilitate remote learning and teaching. Assessment details provided here reflect recent updates.
Client Project Phase 1 - 10%
Client Project Phase 2 - 10%
Client Project Phase 3 - 15%
Client Project Phase 4 - 30%
Report Log & Reflective Journal - 20%
Online engagenment - 15%Assessment Detail
Please note that the Assessment Details below incorporate both Undergraduate and Postgraduate Assessments - there are some slight differences.Note: Assessments are linked to Course Learning Outcomes.
Client Project
Step 1: Cyber Security Situation Analysis, Policy Needs Analysis & Prioritization
In teams, students will research the needs of the client, and present a Situation Analysis (broad brush) that outlines the organisation’s cyber security status compared to existing appropriate national or international policies and known current threats.
Building on the Situation Analysis, teams will then conduct a Needs Analysis (focused and specific) of the most critical cyber security policy needs of the organisation, and prioritize them in terms of urgency of need and value to the organisation. Rubrics available in MyUni.
Step 2: Research & Client Consultation Report
Students will (in consultation with the client) select two of the most critical policy needs, and research how best to address them (in terms of adapting a known policy or developing a new policy) – to be specific to that organisation’s situation and needs. The report will summarise the research conducted and the client consultation process, and final decisions made collaboratively between client and student. Rubrics available in MyUni.
Step 3: Process & Procedures Needs Analysis & Prioritization
Teams will research the best procedures to address the policies created for the client, prioritize them in consultation with the client, and then develop the procedures and documentation to support them.
Rubrics available in MyUni.
Step 4: Client Policies, Procedures & Documentation (UG: Draft/ PG: Final)
Teams will draft the Policies and core Procedures selected in consultation with the client, ensuring that they are written in such a way that Policies and Procedures are implementable. Teams are responsible to ensure (& document) that their Policies & Procedures ensure that their client is enabled to meet their requisite industry and government Standards. They will accompany their Policies & Procedures with supporting documentation for client implementation (eg: posters, employee handouts or handbooks…)
Teams will, after marking and feedback, be able to submit their finalised Policies & Procedures, with support documentation, to their client. Rubrics available in MyUni.
Report Log & Reflective Journal
Each week students will be expected to log their interaction with clients and write 500 – 1000 words of analysis and reflection on that week’s learning. This includes reflection on the work involved in polishing and submitting the final Policies Procedures and Documentation for and to their client.
Logs & Journals are to be entered and updated weekly on assigned Journal Pages in MyUni completed each week before the following week’s class. Students may be called upon to show their up-to-date log & journal at any class throughout the semester.
Week 3 due date & grade
Students do not need to submit their journal entries as they will be read on site in the Canvas Journal entry pages. The first three entries to each journal will be marked and graded with feedback before Census Date. The final grading of the completed journal at the end of semester will over-write the week 3 grading.
Rubric available in MyUni.
Submission
Critical: all work for clients must be cleared with the Course Coordinator (during class) before being submitted to the client.
Submission
No information currently available.
Course Grading
Grades for your performance in this course will be awarded in accordance with the following scheme:
M10 (Coursework Mark Scheme) Grade Mark Description FNS Fail No Submission F 1-49 Fail P 50-64 Pass C 65-74 Credit D 75-84 Distinction HD 85-100 High Distinction CN Continuing NFE No Formal Examination RP Result Pending Further details of the grades/results can be obtained from Examinations.
Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs.
Final results for this course will be made available through .
-
Student Feedback
The 最新糖心Vlog places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews.
SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the 最新糖心Vlog to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available.
-
Student Support
- Academic Integrity for Students
- Academic Support with Maths
- Academic Support with writing and study skills
- Careers Services
- Library Services for Students
- LinkedIn Learning
- Student Life Counselling Support - Personal counselling for issues affecting study
- Students with a Disability - Alternative academic arrangements
-
Policies & Guidelines
This section contains links to relevant assessment-related policies and guidelines - all university policies.
- Academic Credit Arrangements Policy
- Academic Integrity Policy
- Academic Progress by Coursework Students Policy
- Assessment for Coursework Programs Policy
- Copyright Compliance Policy
- Coursework Academic Programs Policy
- Intellectual Property Policy
- IT Acceptable Use and Security Policy
- Modified Arrangements for Coursework Assessment Policy
- Reasonable Adjustments to Learning, Teaching & Assessment for Students with a Disability Policy
- Student Experience of Learning and Teaching Policy
- Student Grievance Resolution Process
-
Fraud Awareness
Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student鈥檚 disciplinary procedures.
The 最新糖心Vlog of Adelaide is committed to regular reviews of the courses and programs it offers to students. The 最新糖心Vlog of Adelaide therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.