MN604- IT Security Management

Credit Points: 20

Prerequisite: MN502 Overview of Network Security

Co-requisite: N/A

Workload: 60 contact hours

Campus: Melbourne, Sydney

Aims & Objectives

This is a third trimester core unit out of a total of 12 units in the Master of Networking (MNet). This unit addresses the MNet course learning outcomes and complement other courses in a related field by developing students’ specialised knowledge in network advance security and applying critical skills in networking security such as hacking skills, computer hardening and vulnerabilities. For further course information refer to: This unit is part of the AQF level 9 (MNet) course.

This unit provides students with understanding and appreciation of the discipline of IT Information Security Management. They will also learn how information security management interacts with other organisational groups, especially with general management and with information technology groups.

This unit will cover the following topics:

  1. Introduction to the management of information security
  2. Planning for information security
  3. Planning for contingencies
  4. Information Security Policy
  5. Developing the security program
  6. Security Management Practices
  7. Risk Management: identifying and assessing risk
  8. Risk Management: Assessing and controlling risk
  9. Protection Mechanisms

Learning Outcomes

On successful completion of this unit, students should be able to:

  1. Analyse and discuss the significance of IT security management for organisations;
  2. Develop and implement IT security management structure for small, medium and large size businesses and corporations;
  3. Evaluate on the security of the existing organisation architecture, data, application, technology, etc;
  4. Investigate and discuss for the appropriate design and secure solution for varieties of organisations;
  5. Implement a process to support the administration and the management of organisations’ security;
  6. Conduct practical investigations into Network Systems including industry procedures of Information Gathering, Vulnerability Identification, Exploitation and privilege escalation.

Teaching Method

Lecture: 2 hours
Laboratory: 2 hours
PBL Tutorial: 1 hours
Face to Face


Assessment Task
Learning Outcomes Assessed
Mid Semester Testa,b*10%
Assignment 1 Reporta-c*15%
Assignment 2 Report and PBL submissionsd-f*25%
Final Examination (2 hours)a-e*50%
Total 100%

*refer to learning outcomes above.


  • Michael E. Whitman and Herbert J. Mattord, “Management of Information Security”, 4th  Edition: 9781285062297
  • Michael E. Whitman, “Hands-on Information Security” Lab Manual 4th Edition. 9781285167572
  • Alfred Basta, Nadine Basta and Mary Brown,  “Computer Security and Penetration” Testing  2nd edition 9780840020932

Reference Reading

  • Michael E. Whitman, Herbert J. Mattord, “Readings and Cases in the Management of Information Securit”, Course Technology Cengage Learning
  • Hands-on Ethical Hacking and Network Defense Michael T. Simpson,  9781133935612/ 9781435486096 2nd international edition  (Need to check which edition is available in Australia)
  • Editor in Chief Hossein Bidgoli, Handbook of Information Security Volume 1, 2 and 3 John Wiley & Sons, Inc.

MIT is committed to ensure the course is current, practical and relevant so that graduates are “work ready” and equipped for life-long learning. In order to accomplish this, the MIT Graduate Attributes identify the required knowledge, skills and attributes that prepare students for the industry.
The level to which Graduate Attributes covered in this unit are as follows:

Ability to communicateIndependent and Lifelong LearningEthicsAnalytical and Problem SolvingCultural and Global AwarenessTeamwork Cooperation, Participation and LeadershipSpecialist knowledge of a field of study


Colour coding    

Extent covered

                               The standard  is covered by theory and practice, and addressed by assessed activities in which the students always play an active role, e.g. workshops, lab submissions, assignments, demonstrations, tests, examinations
 The standard is covered by theory or practice, and addressed by assessed activities in which the students mostly play an active role, e.g. discussions, reading, intepreting documents, tests, examinations
 The standard is discussed in theory or practice; it is addressed by assessed activities in which the students may play an active role, e.g. lectures and discussions, reading, interpretation, workshops, presentations 
 The standard is presented as a side issue in theory or practice; it is not specifically assessed, but it is addressed by  activities such as lectures or tutorials
 The standard  is not considered, there is no theory or practice or activities associated with this standard