Contact IT Masters
Enrolments: 160,208

Master Degree and Graduate Certificate Course Enrolments: 7,138

The total number of Master degree and Graduate Certificate enrolments since Charles Sturt University and IT Masters launched our first qualification in 2003.

Short Course Enrolments: 153,070

The total number of enrolments in our free short courses that we offer as a ‘taster’ of what it is like to study via Distance Education with Charles Sturt University.

Student Testimonials

Master of Information Systems Security

The Master of Information Systems Security prepares students for the challenging task of identifying and producing solutions to threats that endanger information system resources. Preparation for the world’s leading IT Security industry certifications is included as an integral part of the course.

Duration
2 years part-time
Intakes
Three sessions a year
Study mode
Distance
Units of Study
12 subjects
Course Details

What is this course about?

The aim of this course is to provide computing professionals with the theoretical knowledge and technical and communication skills necessary to further their career as a computer security professional with either the corporate or government sector. The course also provides a pathway to doctorate level study in the field of computer and network security. Upon completion of this course, graduates will be able to :

  • demonstrate and apply knowledge of current trends in ICT security, particularly those that relate to security protocols and policy, cryptography, malware, digital forensics, and legal evidence;
  • investigate emerging security trends and their application to professional practice;
  • effectively communicate IT security concepts and solutions in a variety of professional settings;
  • apply skills in the identification of security threats, implementation of secure system properties, security testing, and incident response;
  • critically evaluate and reflect on ethical issues that relate to the IT discipline;
  • employ research skills that apply to the practice of computer security in a professional context;
  • demonstrate application of knowledge and skills through a capstone experience.

Subjects
Core Subjects
ITC506
Topics in Information Technology Ethics
ITC571
Emerging Technologies and Innovation
ITC593
Network Security
ITC595
Information Security

ITC506 - Topics in Information Technology Ethics will cover the following topics:

  • Introduction to ICT ethics.
  • Introduction to critical thinking techniques.
  • Professionalism and professional ethics.
  • Ethical theories and analysis.
  • Privacy.
  • Security and crime in cyberspace.
  • Intellectual property.
  • Freedom of speech and Internet content regulation.
  • Emerging technologies and ethics.
  • ICT and Society.

Assessment

Ethics analysis  (700 words - 12%), Code of Conduct (800 words - 13%), Essay (1300 words - 25%), Exam (50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

ITC571 - Emerging Technologies and Innovation will cover the following topics:

  • Introduction and selecting a capstone topic area to review.
  • Project design, planning, execution and reporting.
  • Research Skills: locating and evaluating information, credibility of sources and referencing.
  • Extracting information from readings for critical analysis.
  • Preparing and writing a literature review or capstone report.
  • Presenting your project.

Assessment

  1. Online Quiz (5%)
  2. Capstone Project Proposal and Plan (2000 words - 10%)
  3. Literature Review (2000 words – 25%)
  4. Weekly Progress Reports (10%)
  5. Capstone Project Report and Seminar (3500-5000 words – 50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

ITC593 - Network Security will cover the following topics:

  • Introduction to computer and network security.
  • Introduction to cryptography.
  • Secret key (symmetric) algorithms.
  • Modes of operation.
  • Public key (asymmetric) algorithms.
  • Number theory.
  • Authentication systems.
  • User authentication.
  • Security handshakes.
  • Kerberos.
  • Public key infrastructure (PKI).

Assessment

  1. Assignment 1: Online Quizzes (Five quizzes - 20%)
  2. Assignment 2 (3 tasks - 15%)
  3. Assignment 3 (2 tasks - 15%)
  4. Final Exam (50%)

Subject Availability

Session 2 (July), Session 3 (Nov)

ITC595 - Information Security will cover the following topics:

  • Overview of computer security.
  • Introduction to cryptography.
  • Malicious code.
  • Operating systems security.
  • Access Control Theory.
  • Trusted operating systems.
  • User authentication.
  • Security policies and models.
  • Networking threats.
  • Networking controls.
  • Database and data security.

Assessment

  1. Online quiz (5 quizzes - 10%)
  2. Assessment 2 (2 tasks - 20%)
  3. Report (2000 words  20%)
  4. Final Exam (50%)

Subject Availability

Session 1 (Feb), Session 2 (July)

ITC597
Digital Forensics
ITE514
Professional Systems Security
ITI581
Security Fundamentals
MGI521
Professional Communications

ITC597 - Digital Forensics will cover the following topics:

  • Relevant legislation and codes of ethics
  • Digital crime, civil and criminal law
  • Computer forensics and the digital detective
  • Forensic processes, policies and procedures
  • Fraud and forensic accounting
  • E-Discovery, guidelines and standards
  • E-Evidence, tools, environments and equipment
  • Systems basics and file systems
  • Investigating operating systems
  • Email and web forensics
  • Network forensics and intrusion detection
  • Reporting and presenting

Assessment

  1. Assignment 1 (3 tasks - 20%)
  2. Forensics Report (3 tasks - 30%)
  3. Final Exam (50%)

Subject Availability

Session 1 (Feb)

ITE514 - Professional Systems Security will cover the following topics:

  • Access Control
  • Application Development Security
  • Business Continuity and Disaster Recovery planning
  • Information Security Risk and Governance
  • Cryptography
  • Legal, Regulations, Investigations and Compliance
  • Operations Security
  • Physical (Environmental) Security
  • Security Architecture and Design
  • Telecommunications Security

Assessment

  1. Access Control Policy (2000-3000 words - 25%)
  2. Incident Analysis (2000-3000 words - 25%)
  3. Final Exam (50%)

Subject Availability

Session 2 (July)

ITI581 - Security Fundamentals will cover the following topics:

  • Network security
  • Network design elements and components
  • Compliance and operational security
  • Threats and vulnerabilities
  • Types of attacks
  • Risk mitigation strategies
  • Appropriate security controls
  • Disaster recovery plans and procedures
  • Application, data and host security
  • Access control and identity management
  • Cryptography
  • Intrusion detection systems

Assessment

  1. Online quiz (15%)
  2. Security Case Study (5000 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 1 (Feb), Session 3 (Nov)

MGI521 - Professional Communications will cover the following topics:

  • Communication Psychology of Knowledge Exchange
  • Business Language & Document Writing
  • Digital Communications & The Media Experience
  • Creating Business Proposals & Reports
  • Digital Presentations & Tools
  • Selling & Obtaining Buy-In
  • Facilitating Workshops & Meetings
  • Managing Business Conflict & Negotiation
  • Differences Between Leadership, Management & Mentors
  • Personal Presentations & Public Speaking

Assessment

  1. Recorded Audio Presentation (3 mins - 15%)
  2. Proposal Critique/Design (3000 words - 35%)
  3. Presentation (500 words / 10-15 slides / 10 minute presentation - 50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

Elective Subjects (Choose 1)
ITC514
Network and Security Administration
ITC561
Cloud Computing
ITC596
IT Risk Management

ITC514 - Network and Security Administration will cover the following topics:

  • Introduction to server administration
  • Automating system tasks
  • Data organisation
  • Data Integrity
  • Network administration
  • Network services
  • UNIX security
  • Performance analysis
  • Security management, policy and politics

Assessment

  1. Introduction to Linux (10%)
  2. Assignment 2 (Quiz and practical task - 20%)
  3. Assignment 3 (Quiz and practical task - 20%)
  4. Final Exam (50%)

Subject Availability

Session 2 (July)

ITC561 - Cloud Computing will cover the following topics:

  • Fundamentals of Cloud Computing.
  • Cloud Architectures.
  • Cloud Delivery Models.
  • Cloud Risk Management.
  • Cloud Security.
  • Planning a migration to the Cloud.
  • Cloud Governance and Management.
  • Managing the Cloud Infrastructure.

Assessment

  1. Online quiz (5%)
  2. Assessment 2 (3 questions - 15%)
  3. Risk Management Evaluation (Practical exercise - 20%)
  4. Management, Backup & DR (20%)
  5. Final Exam (40%)

Subject Availability

Session 1 (Feb)

ITC596 - IT Risk Management will cover the following topics:

  • Information security basics.
  • Fundamental security rules.
  • Security decision making.
  • Practising security.
  • Foundations of risk management.
  • Quantitative risk assessment.
  • Qualitative risk assessment.
  • Risk mitigation.
  • Risk transference.
  • Business continuity planning.

Assessment

  1.  Forum discussions (10%)
  2. Case study (25%)
  3. Case study (25%)
  4. Risk assessment report (40%).

Subject Availability

Session 3 (Nov)

Elective Industry Subjects (Choose 3)
ITE512
Incident Response
ITE513
Forensic Investigation
ITE516
Hacking Countermeasures
ITE523
Virtualization

ITE512 - Incident Response will cover the following topics:

  • Computer attack methods
  • Computer attack vectors
  • Defence methods
  • Computer scanning
  • Platform and device-specific attacks and defences
  • Application-level attacks and defences
  • Incident handling processes
  • Legal issues
  • Recovery and restoration issues

Assessment

  1. Incident Response Plan (2500 words - 30%)
  2. Incident Report (2500 words - 30%)
  3. Final Exam (40%)

Subject Availability

Session 1 (Feb)

ITE513 - Forensic Investigation will cover the following topics:

  • Computer forensic analysis.
  • The latest computer attack vectors and how you can stop them.
  • Proactive and reactive defences for each stage of a computer attack.
  • Investigation of attacks against Windows, Unix, switches, routers and other systems.
  • Application-level vulnerabilities, attacks, and defences.
  • Legal issues in incident handling.
  • Recovering from computer attacks and restoring systems for business.

Assessment

  1. Online quiz (15%)
  2. Forensic Essay (4000 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 2 (July)

ITE516 - Hacking Countermeasures will cover the following topics:

  • Footprinting, Scanning and Enumeration.
  • Penetration Testing, System Hacking, Session Hacking and Linux Hacking.
  • Trojans, Back Doors, Viruses and Worms.
  • Sniffers.
  • Denial of Service.
  • Social Engineering.
  • Hacking networks and exploiting vulnerabilities.
  • SQL Injections.
  • Physical Security.
  • Evading IDS, Firewalls and Honeypots.
  • Buffer Overflows.
  • Cryptography.

Assessment

Lab Task 1 (5%), Lab Task 2 (5%), Social Engineering Essay (40%), Lab Task 3 (5%), Final Exam (45%)

Subject Availability

Session 3 (Nov)

ITE523 - Virtualization will cover the following topics:

  • Subject Introduction & Virtualization Introduction
  • Virtual Machines
  • VMware vCenter Server
  • Configuring & Managing Virtual Networks
  • Configuring & Managing Virtual Storage
  • Access & Authentication Control
  • Resource Management & Monitoring
  • High Availability & Fault Tolerance
  • Host Scalability
  • Patch Management
  • Installing VMware vSphere Components

Assessment

  1. Practical Lab Tasks (5 tasks - 10%)
  2. Data Centre Migration & Implementation (40%)
  3. Final Exam (50%)

Subject Availability

Session 1 (Feb)

ITE527
Server Administration
MGI511
Project Management Fundamentals

ITE527 - Server Administration will cover the following topics:

  • Server installation and configuration.
  • Network security Policies.
  • Active Directory.
  • Group Policy.
  • Virtualization.
  • File and print services.
  • Domain Controllers.
  • Network access protection.
  • Audit policies.
  • Service authentication.
  • Network deployment.

Assessment

  1. Online quiz (15%)
  2. Server Administration Handbook (7500 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 2 (July)

MGI511 - Project Management Fundamentals will cover the following topics:

  • Introduction to Project Management Principles
  • Project Integration Management
  • Project Scope Management
  • Project Time Management
  • Project Cost Management
  • Project Quality Management
  • Project Human Resource Management
  • Project Communications Management
  • Project Risk Management
  • Project Procurement Management

Assessment

  1. Online quiz (15%)
  2. Case Study Analysis (3500 words - 35%)
  3. Project Management Plan (3500 words - 50%)

Subject Availability

Session 1 (Feb), Session 3 (Nov)

Note: Assessment items are subject to change. Your official subject assessments should be confirmed in your online Subject Outline upon enrolment in that subject.

Sample Assessment

Assessments in your subjects will take a variety of forms, all designed to test and enhance your learning. You might be called upon to sit an exam, write a marketing plan, design an application, produce a video presentation, sit a quiz or any number of tasks. Why not try a small sample based on the exam from the subject ITE514 – Professional Systems Security?

  1. Why is prevention alone NOT enough to deal with attackers?
    1. Because upkeep of preventive measures is labour intensive
    2. Because it is difficult to implement preventive measures
    3. Because prevention alone is an expensive option
    4. Because even the best preventive measures are subject to failure
  2. Which of these choices best describes a buffer overflow attack?
    1. The input data exceeds the memory allocated for it.
    2. A buffer overflow is the common result of a SYN flood attack.
    3. Data formatted differently than expected by the receiving process.
    4. There is insufficient input data to fill the programs memory buffer.
  3. In a /24 subnet, the address x.x.x.255 BEST represents which of the following?
    1. An unusable address
    2. A broadcast address
    3. A standard IP address
    4. A network address
  4. What is NOT a method of social engineering?
    1. Impersonating a corporate VP over the phone
    2. Sending an e-mail that persuades a user to open a dangerous attachment
    3. Dumpster diving for sensitive corporate information
    4. Sending a popup window asking the user to re-authenticate
  5. Which of the following characterizes UDP as compared to TCP?
    1. More complex
    2. Connection oriented
    3. Faster
    4. Guaranteed delivery
  6. What specific action did the Melissa virus take that caused it to spread so fast?
    1. It broadcast itself to remote hosts with a spoofed address, echoing it to machines all over the Internet.
    2. It mailed itself to the first 50 entries in a victim’s Microsoft Outlook address book.
    3. It invaded root DNS servers, pointing addresses everywhere to infected hosts.
    4. It opened a user’s Internet Explorer browser to a site with the virus.
  7. Which of the following is FALSE about loopback addresses?
    1. They are assigned by the local ISP.
    2. They fall into the range 127.0.0.0/8.
    3. They are non-routable on the Internet.
    4. They are often used by services that must contact other services running on the same machine
  8. Network systems are located at different locations within our environment. Which of the following sections would be the best location for a web server that you want external customers to access?
    1. Semi-public
    2. Public
    3. Private
    4. Intranet
  9. Which of the following is the main problem with default passwords?
    1. They are difficult for valid users to guess.
    2. Frequently administrators do not know they are there and attackers do.
    3. They are usually hard to obtain.
    4. A default password can never be removed from a system.

Answers: D, A, B, C, C, B, B, A, B.

Entry requirements

There are two pathways to entry into the Master of Information Systems Security.

  1. An undergraduate degree from a recognised Australian tertiary institution (or equivalent).
  2. Professional attainment and/or work experience.

Applicants without a tertiary qualification may be admitted first to the Graduate Certificate in Information Systems Security. Upon successful completion of the four subjects in the Graduate Certificate, students will then be admitted with full credit into the Master of Information Systems Security to complete their remaining units of study.

Information on applying can be found on the How to Apply help page.

Graduate Certificate

The Master of Information Systems Security is an articulated course that incorporates the Graduate Certificate in Information Systems Security.  The certificate can be stand alone or, upon successful completion, students may proceed (with full credit) into the Master of Information Systems Security.

Fees

Domestic Students
$3000 AUD per subject
International Students
$3100 AUD per subject

More information on Fees can be found on the Fees page

If you want to reduce your cost per course you may be eligible for credit. 

Credit

Academic credit is available to students who can provide proof they have passed relevant industry certification examinations or who have completed previous study. No fees are charged for subjects students receive credit for.  

Prospective students can obtain an estimate of credit entitlements from Industry Examinations by filling out the Credit Eligibility Form.

NOTE: The actual level of credit awarded will be confirmed upon acceptance into the Degree.

Find out more with a personalised assessment of your eligibility, or apply now!