COMMGMT 7026 - Policies & Procedures in Organisational Cyber Security (M)
North Terrace Campus - Semester 1 - 2020
- 
        General Course Information
        Course DetailsCourse Code COMMGMT 7026 Course Policies & Procedures in Organisational Cyber Security (M) Coordinating Unit ÌÇÐÄvlog¹ÙÍø Business School Term Semester 1 Level Postgraduate Coursework Location/s North Terrace Campus Units 3 Contact Up to 3 hours per week Available for Study Abroad and Exchange N Incompatible COMMGMT 2509 Assessment Situation analysis, report and reflective journal Course StaffCourse Coordinator: Dr Cate Jerram Dr Cate Jerram
 10.34 Nexus 10
 cate.jerram@adelaide.edu.au
 #8313 4757Course TimetableThe full timetable of all activities for this course can be accessed from . 
- 
        Learning Outcomes
        Course Learning OutcomesOn successful completion of this course, students will be able to:
 1. Identify policy needs (incorporating procedures, standards, and guidelines) to address cyber security requirements for a specific organisation and prioritise realistically.
 2. Research national and international policies for organisational cyber security, identifying the most relevant contextually.
 3. Interpret cyber security policies, identifying nuances; evaluate their relevance and appropriateness for a specific industry or organisation; and adopt and adapt them to specifically address identified organisational needs.
 4. Draft and polish core cyber security policies, procedures and guidelines (compliant with standards), and accompanying documentation, for a specific industry or organisation and phrase and present them to a professional standard.
 5. Log, analyse, and report on, interaction with clients, demonstrating reflection that leads to planned change.University Graduate AttributesThis course will provide students with an opportunity to develop the Graduate Attribute(s) specified below: University Graduate Attribute Course Learning Outcome(s) Deep discipline knowledge 
 - informed and infused by cutting edge research, scaffolded throughout their program of studies
- acquired from personal interaction with research active educators, from year 1
- accredited or validated against national or international standards (for relevant programs)
 1 - 4 Critical thinking and problem solving 
 - steeped in research methods and rigor
- based on empirical evidence and the scientific approach to knowledge development
- demonstrated through appropriate and relevant assessment
 1 - 5 Teamwork and communication skills 
 - developed from, with, and via the SGDE
- honed through assessment and practice throughout the program of studies
- encouraged and valued in all aspects of learning
 - Career and leadership readiness 
 - technology savvy
- professional and, where relevant, fully accredited
- forward thinking and well informed
- tested and validated by work based experiences
 1 - 5 Intercultural and ethical competency 
 - adept at operating in other cultures
- comfortable with different nationalities and social contexts
- able to determine and contribute to desirable social outcomes
- demonstrated by study abroad or with an understanding of indigenous knowledges
 2 - 5 Self-awareness and emotional intelligence 
 - a capacity for self-reflection and a willingness to engage in self-appraisal
- open to objective and constructive feedback from supervisors and peers
- able to negotiate difficult social situations, defuse conflict and engage positively in purposeful debate
 4, 5 
- 
        Learning Resources
        Required ResourcesStudents will be researching and sourcing material.Recommended ResourcesA Vaseashta, P Susmann, & E Braman. Cyber Security and Resiliency Policy Framework. IOS Press. 2014-09-19 (Free download through ProQuest Ebook Central, via University of ÌÇÐÄvlog¹ÙÍø Library)
 Potentially helpful (not required):Michael N. Schmitt (Ed). Tallinn Manual 2.0 on the International Law Applicable to Cyber Operations.
 Cambridge University Press, 2017.
- 
        Learning & Teaching Activities
        Learning & Teaching ModesThis course is taught in seminars - weekly 3-hour classes.
 It is industry-based. In teams, students apply what they are learning in the course to real businesses who are their team client.
 INTEGRITY is critical in this class as clients must be able to expect absolute CONFIDENTIALITY.
 Timetables are worked around client need and interaction more than around normal 'semester timetable' or 'student expectations' - as students are being entrusted with the well-being of real businesses, it is necessary for students to understand the requirement to work to client need, not just classroom norms.
 WorkloadNo information currently available. Learning Activities SummaryWeek Seminar Topic Learning Activities Week 1 Course overview § Learning Outcomes § Assessment Topic overview: § Policy § Procedures & Processes § Standards § Guidelines § Organisational Cyber Security § Business Writing § Writing for a Lay Audience Client & Teams Allocation Discussion of § assessments & rubrics § Individual Contribution to Team Project § Communicating with Clients § Professionalism § Mentoring & Being Mentored § Team Process Documentation Teams start work: § Developing team protocols § Researching clients Week 2 The role of policy in organisations. § The role of drafting policy in organisations. § The challenges of drafting policy in organisations. Hierarchy of data uses – hierarchy or policy criticality Data Governance & Policy (& Culture) § Modernising Data Governance § Changing Data Culture & Policy Policy Framework Guest speaker: Special Guest speaker: tbc Ensuring all organisational policies are privacy- & security-centric Contact Clients – First Visit Research national and international policies for organisational cyber security Discuss: adopt, adapt, write from scratch Week 3 Needs Analysis Prioritization The 4 steps of Policy Development: 1. Plan 2. Analyse 3. Research 4. Pre-Write Consultation throughout 4 stages § Consultation vs collaboration Workshop – Needs Analysis Workshop - The 4 steps of Policy Development: § Step 1 – Plan. Creating & Working with Templates Wording, phrasing & formatting for: § clarity and communication § being read § being followed Consultation & Collaboration Processes for Semester Week 4 Strategic Policy Setting (primary) § Set a strategic direction § Maximise positive impacts § Engage stakeholders § Establish clear levels of accountability Workshop – writing, wording, formatting. Workshop - The 4 steps of Development: Step 1 – Plan. Step 2 – Analyse. Week 5 Operational Policy Setting (secondary) § Clearly outline processes to be followed § Meet legislative requirements § Address audit findings § Address stakeholder concerns Special Guest speaker: tbc Workshop - The 4 steps of Development: Step 3 - Research Step 4 – Pre-writing Week 6 Open Mic Share Session – Challenges to Date Processes, Procedures and Standards § Designing § Writing Workshop Algorithms & Algorithmic thinking & planning Workshop Common Cyber Security Policies Ongoing communication and work with clients, as required by client/team arrangements. Week 7 Policy Frameworks & Roadmaps Core Policies required § Prevention § Control § Damage mitigation Core Cyber Security Policies required · Hygiene · Mitigation · Incident Reporting · Hiring, Firing, & Retirement · Access · BYOD & Mobile · Retention, Storage & Disposal · etc Workshop Common Cyber Security Policies (continued) Understanding categories, priorities, criticality. Week 8 Standards: § Prescriptive Standards § Performance Standards § Researching Standards § Making standards intelligible § Compliance & Non-compliance Special Guest speaker: tbc Explore PCI standards, docs, compliance… Week 9 Scope & Future Work Declarations Creating standard forms. Workshop templates & standard forms eg: § Account Setup Request § Guest Access Request § Notice of Policy Noncompliance § Policy Acknowledgement Form § Request for Policy Exemption § Security Incident Report § etc Week 10 Guidelines and Handbooks § Designing Writing Workshop Special Guest speaker: tbc Week 11 Verification and Validation Maintaining & Updating Policies Retiring Policies Workshop: verification & validation Workshop: Layout, Proofing & Editing Writing policies on policy management Week 12 Publishing Policies: § Online § On paper Notifying, Training and Updating Users Open Mic Share Session – Challenges to Date Workshop: Publishing Policies Workshop: Training & Notifying Anonymous Feedback for Cate Survey (found in Quiz) Week 13 Week 15 
- 
        Assessment
        The University's policy on Assessment for Coursework Programs is based on the following four principles: - Assessment must encourage and reinforce learning.
- Assessment must enable robust and fair judgements about student performance.
- Assessment practices must be fair and equitable to students and give them the opportunity to demonstrate what they have learned.
- Assessment must maintain academic standards.
 Assessment SummaryPlease note that the Assessment Summary below incorporates both Undergraduate and Postgraduate Assessments - there are some slight differences.Note: Assessments are linked to Course Learning Outcomes. Assessment Task Weighting Word Count / Time Due Learning Outcome Client Project 80% Note: Individual Contribution to Team Reports (& client & teacher observations) will modify all team grades for individuals. Step 1: Policy Situation Analysis, Needs Analysis, & Prioritization 15% n/a Class *Week 4 1 - 4 Step 2: Research & Client Consultation Report – A (mark redeemable/overwritten by 2B mark). 15% n/a Class Week 7 5 Step 3: Process & Procedures Needs Analysis & Prioritization 15% n/a Class Week 6 & 12 1 - 4 Step 4: Policy, Procedures & Documentation UG: Draft PG: Finalised with Recommendations 35% n/a Class Week 12 Week 13 1 - 4 Step 2a: Research & Client Consultation Report – B 15% n/a Week 13+ 3 - 5 Report Log & Reflective Journal Draft week 3 journal – Provisional Grade Final – after final submission to client 20% 20% 13 entries 500-1000 words each Class Week 3 Week 13+ 5 Total 100% 
 Due to the current COVID-19 situation modified arrangements have been made to assessments to facilitate remote learning and teaching. Assessment details provided here reflect recent updates.
 Client Project Phase 1 - 10%
 Client Project Phase 2 - 10%
 Client Project Phase 3 - 15%
 Client Project Phase 4 - 30%
 Report Log & Reflective Journal - 20%
 Online engagenment - 15%Assessment DetailPlease note that the Assessment Details below incorporate both Undergraduate and Postgraduate Assessments - there are some slight differences.Note: Assessments are linked to Course Learning Outcomes. Client Project Step 1: Cyber Security Situation Analysis, Policy Needs Analysis & Prioritization In teams, students will research the needs of the client, and present a Situation Analysis (broad brush) that outlines the organisation’s cyber security status compared to existing appropriate national or international policies and known current threats. Building on the Situation Analysis, teams will then conduct a Needs Analysis (focused and specific) of the most critical cyber security policy needs of the organisation, and prioritize them in terms of urgency of need and value to the organisation. Rubrics available in MyUni. Step 2: Research & Client Consultation Report Students will (in consultation with the client) select two of the most critical policy needs, and research how best to address them (in terms of adapting a known policy or developing a new policy) – to be specific to that organisation’s situation and needs. The report will summarise the research conducted and the client consultation process, and final decisions made collaboratively between client and student. Rubrics available in MyUni. Step 3: Process & Procedures Needs Analysis & Prioritization Teams will research the best procedures to address the policies created for the client, prioritize them in consultation with the client, and then develop the procedures and documentation to support them. Rubrics available in MyUni. Step 4: Client Policies, Procedures & Documentation (UG: Draft/ PG: Final) Teams will draft the Policies and core Procedures selected in consultation with the client, ensuring that they are written in such a way that Policies and Procedures are implementable. Teams are responsible to ensure (& document) that their Policies & Procedures ensure that their client is enabled to meet their requisite industry and government Standards. They will accompany their Policies & Procedures with supporting documentation for client implementation (eg: posters, employee handouts or handbooks…) Teams will, after marking and feedback, be able to submit their finalised Policies & Procedures, with support documentation, to their client. Rubrics available in MyUni. Report Log & Reflective Journal Each week students will be expected to log their interaction with clients and write 500 – 1000 words of analysis and reflection on that week’s learning. This includes reflection on the work involved in polishing and submitting the final Policies Procedures and Documentation for and to their client. Logs & Journals are to be entered and updated weekly on assigned Journal Pages in MyUni completed each week before the following week’s class. Students may be called upon to show their up-to-date log & journal at any class throughout the semester. Week 3 due date & grade Students do not need to submit their journal entries as they will be read on site in the Canvas Journal entry pages. The first three entries to each journal will be marked and graded with feedback before Census Date. The final grading of the completed journal at the end of semester will over-write the week 3 grading. Rubric available in MyUni. SubmissionCritical: all work for clients must be cleared with the Course Coordinator (during class) before being submitted to the client. SubmissionNo information currently available. Course GradingGrades for your performance in this course will be awarded in accordance with the following scheme: M10 (Coursework Mark Scheme) Grade Mark Description FNS Fail No Submission F 1-49 Fail P 50-64 Pass C 65-74 Credit D 75-84 Distinction HD 85-100 High Distinction CN Continuing NFE No Formal Examination RP Result Pending Further details of the grades/results can be obtained from Examinations. Grade Descriptors are available which provide a general guide to the standard of work that is expected at each grade level. More information at Assessment for Coursework Programs. Final results for this course will be made available through . 
- 
        Student Feedback
        The University places a high priority on approaches to learning and teaching that enhance the student experience. Feedback is sought from students in a variety of ways including on-going engagement with staff, the use of online discussion boards and the use of Student Experience of Learning and Teaching (SELT) surveys as well as GOS surveys and Program reviews. SELTs are an important source of information to inform individual teaching practice, decisions about teaching duties, and course and program curriculum design. They enable the University to assess how effectively its learning environments and teaching practices facilitate student engagement and learning outcomes. Under the current SELT Policy (http://www.adelaide.edu.au/policies/101/) course SELTs are mandated and must be conducted at the conclusion of each term/semester/trimester for every course offering. Feedback on issues raised through course SELT surveys is made available to enrolled students through various resources (e.g. MyUni). In addition aggregated course SELT data is available. 
- 
        Student Support
        - Academic Integrity for Students
- Academic Support with Maths
- Academic Support with writing and study skills
- Careers Services
- Library Services for Students
- LinkedIn Learning
- Student Life Counselling Support - Personal counselling for issues affecting study
- Students with a Disability - Alternative academic arrangements
 
- 
        Policies & Guidelines
        This section contains links to relevant assessment-related policies and guidelines - all university policies. - Academic Credit Arrangements Policy
- Academic Integrity Policy
- Academic Progress by Coursework Students Policy
- Assessment for Coursework Programs Policy
- Copyright Compliance Policy
- Coursework Academic Programs Policy
- Intellectual Property Policy
- IT Acceptable Use and Security Policy
- Modified Arrangements for Coursework Assessment Policy
- Reasonable Adjustments to Learning, Teaching & Assessment for Students with a Disability Policy
- Student Experience of Learning and Teaching Policy
- Student Grievance Resolution Process
 
- 
        Fraud Awareness
        Students are reminded that in order to maintain the academic integrity of all programs and courses, the university has a zero-tolerance approach to students offering money or significant value goods or services to any staff member who is involved in their teaching or assessment. Students offering lecturers or tutors or professional staff anything more than a small token of appreciation is totally unacceptable, in any circumstances. Staff members are obliged to report all such incidents to their supervisor/manager, who will refer them for action under the university's student’s disciplinary procedures. 
The University of ÌÇÐÄvlog¹ÙÍø is committed to regular reviews of the courses and programs it offers to students. The University of ÌÇÐÄvlog¹ÙÍø therefore reserves the right to discontinue or vary programs and courses without notice. Please read the important information contained in the disclaimer.
