School of Engineering and Computer Science Te Kura

School of Engineering and Computer Science Te Kura Mātai Pūkaha, Pūrorohiko CYBR 373 Human and Organisational Security Masood Mansoori & Lisa Patterson CYBR 373: Human and Organisational Security

Staff • Masood Mansoori (Course coordinator) – masood. mansoori@ecs. vuw. ac. nz – Room CO 130 – Office hour: Friday 2: 30 – 3 pm • Lisa Patterson (Lecturer) – lisa. patterson@vuw. ac. nz – Room CO 130 – Office hour: Monday 11 am - 12 noon CYBR 373: Human and Organisational Security

Course Description (Masood) • This course addresses how the behaviour and values of people as individuals or within an organisation affects cyber security threats and mitigation strategies. • Topics include policies, risk management, Security standards such as ISO 27000, NIST 800 and NZISM CYBR 373: Human and Organisational Security

Course Description (Lisa) • Contingency planning – practical ways to recognise and mitigate potential risks. • Understand the role that government and legislation play in the environment, explore legislation relevant from an Information Security angle. • Investigate ethics, and appropriate conduct. • Explore Information Security in the context of Te Tiriti o Waitangi. CYBR 373: Human and Organisational Security

Course Learning Objectives • Describe different types of attacks, calculate risk and identify potential mitigation strategies based upon awareness, training, education, operational and technical security. • Compare and contrast different approaches to risk management in relation to cyber security such as Octave, NIST CSF, COBIT, ITIL as well as the role of international and local standards. • Explain the role of international and local security standards to the development and evaluation of cyber systems. • Demonstrate an understanding of the relationship between individual and social and cultural norms to the evaluation of the security of a given system. CYBR 373: Human and Organisational Security

Course Organisation • Lectures: – 13 July 2020 - 16 August 2020 • Monday 13: 10 - 14: 00 – 306, 77 Fairlie Tce, Kelburn – 31 August 2020 - 18 October 2020 • Monday 13: 10 - 14: 00 – 306, 77 Fairlie Tce, Kelburn • Tutorials: – In person: Thursdays - 12: 10 - 13: 00 - CO 139 (max 30) – Over Zoom: Thursdays - 14: 10 - 15: 00 *You will receive a link to My. Allocator to sign up for a tutorial session. CYBR 373: Human and Organisational Security

Workload • The total workload for CYBR 373 is 150 hours. • You should plan to spend an average of 10 hours per week on this course. – Lectures and tutorial sessions: 2 hours per week – Readings the provided notes: 4 hours per week – Assignments: 4 hours per week CYBR 373: Human and Organisational Security

Where to find us CYBR 373: Human and Organisational Security

Communicating with you • Lectures and reading notes are posted on the ECS course website. • Recorded videos are uploaded to Blackboard. • Submit work via ECS website. https: //pixabay. com/ • Announcements are made via Blackboard (& emailed to your myvuw address). • Zoom links for helpdesks will be announced later. CYBR 373: Human and Organisational Security

Required Textbook • VUW Library (URL) • The. Nile (116 NZ$) (URL) • Additional notes are provided before/after each lecture session accordingly. CYBR 373: Human and Organisational Security

E-book Etiquette • Library e-book access varies between books. It is not always possible to get unlimited access. The Library gets the best access it can for you. • Be aware that all students and staff share e-book access, similar to sharing a print format library book. • Limited numbers of simultaneous views may be enforced by the publisher. Remember to close your browser window when you have finished. A browser window open in the background on your device counts as one of those views. • If you’ve failed to get access because of the restricted number of simultaneous views, consider trying again at a time of day when other students are less likely to be reading online. CYBR 373: Human and Organisational Security

E-book Etiquette • Download PDF files of chapters or sections to read offline, where this is allowed. Download limits often refresh after 24 hours. Return to the ebook one day later to download another chapter or section. You’ll need to plan ahead if you have a deadline. • Contact your Subject Librarian if you have technical difficulties accessing a library ebook. • Inform your Course Coordinator if access restrictions are negatively impacting your work. CYBR 373: Human and Organisational Security

Withdrawal Dates Withdrawal with refund - up to and including 24 th July - no consequences Withdrawal without refund - after 18 th September - Withdrawal Recorded - No grade recorded on transcript - Withdrawal counts as a fail for demonstrating "Satisfactory Academic Progress" Late withdrawal with Dean’s permission: - after 18 th September. - Requires permission of Associate Dean (Pondy). - Given – only for medical or exceptional circumstances. CYBR 373: Human and Organisational Security

Class Representative • https: //www. vuwsa. org. nz/class-representatives • Representing your class has many benefits; Vic. Plus points, Class Rep certificates, professional and personal growth, and links to other representation opportunities. • Who is interested? CYBR 373: Human and Organisational Security

Expectations of ECS students • 300 -Level: Practice • Students are expected to learn how to synthesise the knowledge and skills acquired in different courses to analyse and design more complicated artefacts. The requirements for professional reports and presentations will be developed. Students will be expected to perform in a professional setting. Several courses will involve team work. • Courses will expect students to take an increased level of responsibility for their work, including seeking out of appropriate research material to support their learning. Work will often focus on the analysis and design of systems. Students should expect staff associated with courses or projects to set clear goals and to assist with methodology without directly specifying how work should be completed. • Assessment of practical work will focus on the achievement of goals and the application of methodologies appropriate to the course and the problem. Exams and tests may draw on recommended reading as well as required material. CYBR 373: Human and Organisational Security

Assessments, Extensions and Penalties There are three major assessments which will apply theory learnt in the lectures. The final assessment includes an oral presentation component. Assessment Item Due Date or Test Date CLO(s) Percentage Assessment 1 - Risk management case study Week 5 CLO: 1, 2 30% Assessment 2 - Incidence response, D. R. and B. C. Case Study Week 9 CLO: 1, 2, 3 30% Assessment 3 - Group project and oral presentation Week 12 CLO: 2, 3, 4 30% Tutorial/Workshop activities and hand-ins - 4 x 2. 5% Week 2 -11 CLO: 1, 2, 3, 4 10% Penalties Late submissions will result in 10% deduction of the total assessment mark per day late. Late submissions will not be accepted more than five days after the submission due date. Extensions Individual extensions will only be granted in exceptional personal circumstances, and should be approved by the course coordinator before the deadline. Documentation (eg, medical certificate) may be required. CYBR 373: Human and Organisational Security

Mandatory Course Requirement • Mandatory Course Requirements – In addition to achieving an overall pass mark of at least 50%, students must: – Attend and submit at least two of the four tasks assigned in the tutorial sessions over the duration of the course. – Make a reasonable attempt at all assessments/assignments. CYBR 373: Human and Organisational Security