Contact IT Masters
Enrolments: 173,435

Master Degree and Graduate Certificate Course Enrolments: 7,138

The total number of Master degree and Graduate Certificate enrolments since Charles Sturt University and IT Masters launched our first qualification in 2003.

Short Course Enrolments: 166,297

The total number of enrolments in our free short courses that we offer as a ‘taster’ of what it is like to study via Distance Education with Charles Sturt University.

Student Testimonials

Master of Information Systems Security

The Master of Information Systems Security prepares students for the challenging task of identifying and producing solutions to threats that endanger information system resources. Preparation for the world’s leading IT Security industry certifications is included as an integral part of the course.

Duration
2 years part-time
Intakes
Three sessions a year
Study mode
Online
Units of Study
12 subjects
Course Details

What is this course about?

The aim of this course is to provide computing professionals with the theoretical knowledge and technical and communication skills necessary to further their career as a computer security professional with either the corporate or government sector. The course also provides a pathway to doctorate level study in the field of computer and network security. Upon completion of this course, graduates will be able to :

  • demonstrate and apply knowledge of current trends in ICT security, particularly those that relate to security protocols and policy, cryptography, malware, digital forensics, and legal evidence;
  • investigate emerging security trends and their application to professional practice;
  • effectively communicate IT security concepts and solutions in a variety of professional settings;
  • apply skills in the identification of security threats, implementation of secure system properties, security testing, and incident response;
  • critically evaluate and reflect on ethical issues that relate to the IT discipline;
  • employ research skills that apply to the practice of computer security in a professional context;
  • demonstrate application of knowledge and skills through a capstone experience.

Subjects
Core Subjects
ITC506
Topics in Information Technology Ethics
ITC571
Emerging Technologies and Innovation
ITC593
Network Security
ITC595
Information Security

Abstract

This subject allows students to develop skills that are necessary to identify ethical issues that are raised as a result of the advancement of information and communications technology (ICT). The subject will cover areas such as critical thinking, professionalism, ethical theories, privacy, security and crime in cyberspace, intellectual property, freedom of speech and regulation of the internet, systems reliability, and social and ethical issues of emerging technologies. By the end of the subject students should be able to argue consistently and rationally about the moral problems raised by the adoption and use of ICT and propose solutions to those moral problems.

ITC506 - Topics in Information Technology Ethics will cover the following topics:

  • Introduction to ICT ethics.
  • Introduction to critical thinking techniques.
  • Professionalism and professional ethics.
  • Ethical theories and analysis.
  • Privacy.
  • Security and crime in cyberspace.
  • Intellectual property.
  • Freedom of speech and Internet content regulation.
  • Emerging technologies and ethics.
  • ICT and Society.

Assessment

Ethics analysis  (700 words - 12%), Code of Conduct (800 words - 13%), Essay (1300 words - 25%), Exam (50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

Abstract

This subject requires research and project work, at an advanced level, on a topic related to emerging technologies and innovation. In the context of professional practice, students will draw upon prior learning in their Masters course to execute an independent capstone project in a selected topic in Information Technology.

ITC571 - Emerging Technologies and Innovation will cover the following topics:

  • Introduction and selecting a capstone topic area to review.
  • Project design, planning, execution and reporting.
  • Research Skills: locating and evaluating information, credibility of sources and referencing.
  • Extracting information from readings for critical analysis.
  • Preparing and writing a literature review or capstone report.
  • Presenting your project.

Assessment

  1. Online Quiz (5%)
  2. Capstone Project Proposal and Plan (2000 words - 10%)
  3. Literature Review (2000 words – 25%)
  4. Weekly Progress Reports (10%)
  5. Capstone Project Report and Seminar (3500-5000 words – 50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

Abstract

ITC593 provides a practical survey of network security protocols and standards, along with an in-depth introduction to the field of cryptography. ITC593 explores how digital signatures, encryption algorithms, and hash functions are used to satisfy various security goals, such as authentication, confidentiality, and integrity. ITC593 also includes a comprehensive coverage of two important network security services, Kerberos and PKI (Public Key Infrastructure).

ITC593 - Network Security will cover the following topics:

  • Introduction to computer and network security.
  • Introduction to cryptography.
  • Secret key (symmetric) algorithms.
  • Modes of operation.
  • Public key (asymmetric) algorithms.
  • Number theory.
  • Authentication systems.
  • User authentication.
  • Security handshakes.
  • Kerberos.
  • Public key infrastructure (PKI).

Assessment

  1. Assignment 1: Online Quizzes (Five quizzes - 20%)
  2. Assignment 2 (3 tasks - 15%)
  3. Assignment 3 (2 tasks - 15%)
  4. Final Exam (50%)

Subject Availability

Session 2 (July), Session 3 (Nov)

Abstract

This subject provides a broad overview of information security concepts, with an emphasis on combating security threats to operating systems, computer programs, databases and networked systems. Students will also study foundational security policies that stipulate requirements about integrity, confidentiality and availability. Techniques for implementing these policies are also investigated, including memory management techniques, access control mechanisms, user authentication, and networking tools.

ITC595 - Information Security will cover the following topics:

  • Overview of computer security.
  • Introduction to cryptography.
  • Malicious code.
  • Operating systems security.
  • Access Control Theory.
  • Trusted operating systems.
  • User authentication.
  • Security policies and models.
  • Networking threats.
  • Networking controls.
  • Database and data security.

Assessment

  1. Online quiz (5 quizzes - 10%)
  2. Assessment 2 (2 tasks - 20%)
  3. Report (2000 words  20%)
  4. Final Exam (50%)

Subject Availability

Session 1 (Feb), Session 2 (July)

ITC597
Digital Forensics
ITE514
Professional Systems Security
ITI581
Security Fundamentals
MGI521
Professional Communications

Abstract

This subject provides an in-depth study of the rapidly changing and fascinating field of computer forensics. It combines both the technical expertise and the knowledge required to investigate, detect and prevent digital crimes. The subject covers the knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-evidence collection and preservation, investigating operating systems and file systems, network forensics, art of steganography and mobile device forensics, email and web forensics, presenting reports and testimony as an expert witness.

ITC597 - Digital Forensics will cover the following topics:

  • Relevant legislation and codes of ethics
  • Digital crime, civil and criminal law
  • Computer forensics and the digital detective
  • Forensic processes, policies and procedures
  • Fraud and forensic accounting
  • E-Discovery, guidelines and standards
  • E-Evidence, tools, environments and equipment
  • Systems basics and file systems
  • Investigating operating systems
  • Email and web forensics
  • Network forensics and intrusion detection
  • Reporting and presenting

Assessment

  1. Assignment 1 (3 tasks - 20%)
  2. Forensics Report (3 tasks - 30%)
  3. Final Exam (50%)

Subject Availability

Session 1 (Feb)

Abstract

In this subject students will analyse and apply content from the ten domains that comprise a Common Body of Knowledge (CBK) for information systems security professionals. Students in this subject will also be prepared for the Certified Information Systems Security Professional (CISSP) industry certification exam from the International Information Systems Security Certification Consortium (ISC²) .

ITE514 - Professional Systems Security will cover the following topics:

  • Access Control
  • Application Development Security
  • Business Continuity and Disaster Recovery planning
  • Information Security Risk and Governance
  • Cryptography
  • Legal, Regulations, Investigations and Compliance
  • Operations Security
  • Physical (Environmental) Security
  • Security Architecture and Design
  • Telecommunications Security

Assessment

  1. Access Control Policy (2000-3000 words - 25%)
  2. Incident Analysis (2000-3000 words - 25%)
  3. Final Exam (50%)

Subject Availability

Session 2 (July)

Abstract

This subject provides an introduction to the field of IT security with a focus on the areas of information systems and internetworking. Students will first survey the IT security landscape before analysing key concepts in depth. Topics covered include authentication protocols, communication and network infrastructure security, basics of encryption, application and user security, operational and organisational security, and intrusion detection systems.

ITI581 - Security Fundamentals will cover the following topics:

  • Network security
  • Network design elements and components
  • Compliance and operational security
  • Threats and vulnerabilities
  • Types of attacks
  • Risk mitigation strategies
  • Appropriate security controls
  • Disaster recovery plans and procedures
  • Application, data and host security
  • Access control and identity management
  • Cryptography
  • Intrusion detection systems

Assessment

  1. Online quiz (15%)
  2. Security Case Study (5000 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 1 (Feb), Session 3 (Nov)

Abstract

This subject is designed for those in professional positions with a need to communicate effectively and manage the communication of others to a high standard. Students who undertake this subject will gain a wide breadth of practical communication skills supported by the latest intellectual and psychological behavioural theory. This subject will equip students to communicate at all levels of professional business.

MGI521 - Professional Communications will cover the following topics:

  • Communication Psychology of Knowledge Exchange
  • Business Language & Document Writing
  • Digital Communications & The Media Experience
  • Creating Business Proposals & Reports
  • Digital Presentations & Tools
  • Selling & Obtaining Buy-In
  • Facilitating Workshops & Meetings
  • Managing Business Conflict & Negotiation
  • Differences Between Leadership, Management & Mentors
  • Personal Presentations & Public Speaking

Assessment

  1. Recorded Audio Presentation (3 mins - 15%)
  2. Proposal Critique/Design (3000 words - 35%)
  3. Presentation (500 words / 10-15 slides / 10 minute presentation - 50%)

Subject Availability

Session 1 (Feb), Session 2 (July), Session 3 (Nov)

Academic Elective Subjects (Choose 1)
ITC514
Network and Security Administration
ITC561
Cloud Computing
ITC596
IT Risk Management

Abstract

This subject is designed to introduce students to systems administration of Linux servers that provide information services accessed through the internet. Students learn to operate servers via the command line, write scripts to automate management tasks, create and manage networked information services, and assess tools for improving data and service protection.

ITC514 - Network and Security Administration will cover the following topics:

  • Introduction to server administration
  • Automating system tasks
  • Data organisation
  • Data Integrity
  • Network administration
  • Network services
  • UNIX security
  • Performance analysis
  • Security management, policy and politics

Assessment

  1. Introduction to Linux (10%)
  2. Assignment 2 (Quiz and practical task - 20%)
  3. Assignment 3 (Quiz and practical task - 20%)
  4. Final Exam (50%)

Subject Availability

Session 2 (July)

Abstract

This subject provides students with an in-depth study of cloud computing technologies and their use in business.  It looks into various standards based cloud systems and architectures. It further discusses various cloud delivery models, planning for migration to a cloud model. It also discusses governance and security issues in a cloud model and managing the cloud infrastructure.

ITC561 - Cloud Computing will cover the following topics:

  • Fundamentals of Cloud Computing.
  • Cloud Architectures.
  • Cloud Delivery Models.
  • Cloud Risk Management.
  • Cloud Security.
  • Planning a migration to the Cloud.
  • Cloud Governance and Management.
  • Managing the Cloud Infrastructure.

Assessment

  1. Online quiz (5%)
  2. Assessment 2 (3 questions - 15%)
  3. Risk Management Evaluation (Practical exercise - 20%)
  4. Management, Backup & DR (20%)
  5. Final Exam (40%)

Subject Availability

Session 1 (Feb)

Abstract

This subject provides students with a thorough background in IT security risk management issues. Comprehensive selections of risk management techniques for IT security are covered, including quantitative and qualitative methods. Other topics include security decision-making, risk mitigation, risk transference and business continuity planning.

ITC596 - IT Risk Management will cover the following topics:

  • Information security basics.
  • Fundamental security rules.
  • Security decision making.
  • Practising security.
  • Foundations of risk management.
  • Quantitative risk assessment.
  • Qualitative risk assessment.
  • Risk mitigation.
  • Risk transference.
  • Business continuity planning.

Assessment

  1.  Forum discussions (10%)
  2. Case study (25%)
  3. Case study (25%)
  4. Risk assessment report (40%).

Subject Availability

Session 3 (Nov)

Industry Elective Subjects (Choose 3)
ITE512
Incident Response
ITE513
Forensic Investigation
ITE516
Hacking Countermeasures
ITE523
Virtualization

Abstract

In this subject students will investigate the current threats to systems and networks, along with effective countermeasures. Students will also be prepared for the GIAC Certified Incident Handler (GCIH) industry certification exam.

ITE512 - Incident Response will cover the following topics:

  • Computer attack methods
  • Computer attack vectors
  • Defence methods
  • Computer scanning
  • Platform and device-specific attacks and defences
  • Application-level attacks and defences
  • Incident handling processes
  • Legal issues
  • Recovery and restoration issues

Assessment

  1. Incident Response Plan (2500 words - 30%)
  2. Incident Report (2500 words - 30%)
  3. Final Exam (40%)

Subject Availability

Session 1 (Feb)

Abstract

In this subject students will acquire an in-depth knowledge and practical understanding of how to scan, test, hack and secure a computer system against potential vulnerabilities. Students will also be prepared for the Computer Hacking Forensic Investigator (CHFI) industry certification exam from the EC-Council.

ITE513 - Forensic Investigation will cover the following topics:

  • Computer forensic analysis.
  • The latest computer attack vectors and how you can stop them.
  • Proactive and reactive defences for each stage of a computer attack.
  • Investigation of attacks against Windows, Unix, switches, routers and other systems.
  • Application-level vulnerabilities, attacks, and defences.
  • Legal issues in incident handling.
  • Recovering from computer attacks and restoring systems for business.

Assessment

  1. Online quiz (15%)
  2. Forensic Essay (4000 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 2 (July)

Abstract

In this subject students will learn how to scan, test, hack and secure computing systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work before learning to scan and attack networks. Students will be prepared for the EC-Council Certified Ethical Hacker (CEH) industry certification exam during this subject.

ITE516 - Hacking Countermeasures will cover the following topics:

  • Footprinting, Scanning and Enumeration.
  • Penetration Testing, System Hacking, Session Hacking and Linux Hacking.
  • Trojans, Back Doors, Viruses and Worms.
  • Sniffers.
  • Denial of Service.
  • Social Engineering.
  • Hacking networks and exploiting vulnerabilities.
  • SQL Injections.
  • Physical Security.
  • Evading IDS, Firewalls and Honeypots.
  • Buffer Overflows.
  • Cryptography.

Assessment

Lab Task 1 (5%), Lab Task 2 (5%), Social Engineering Essay (40%), Lab Task 3 (5%), Final Exam (45%)

Subject Availability

Session 3 (Nov)

Abstract

The subject explores the installation, configuration, and management of VMware virtualization software. The subject will prepare students to take the examination to become a VMware Certified Professional.

ITE523 - Virtualization will cover the following topics:

  • Subject Introduction & Virtualization Introduction
  • Virtual Machines
  • VMware vCenter Server
  • Configuring & Managing Virtual Networks
  • Configuring & Managing Virtual Storage
  • Access & Authentication Control
  • Resource Management & Monitoring
  • High Availability & Fault Tolerance
  • Host Scalability
  • Patch Management
  • Installing VMware vSphere Components

Assessment

  1. Practical Lab Tasks (5 tasks - 10%)
  2. Data Centre Migration & Implementation (40%)
  3. Final Exam (50%)

Subject Availability

Session 1 (Feb)

ITE527
Server Administration
MGI511
Project Management Fundamentals

Abstract

The aim of this subject is to enable students to plan, deploy, optimise and maintain Microsoft Servers. Students will learn how to analyse network performance and create an optimisation strategy, design and apply a network security policy, analyse and configure Core Network Services, and design and implement an Active Directory solution. Students will also prepare for Microsoft industry certification exams during this subject.

ITE527 - Server Administration will cover the following topics:

  • Server installation and configuration.
  • Network security Policies.
  • Active Directory.
  • Group Policy.
  • Virtualization.
  • File and print services.
  • Domain Controllers.
  • Network access protection.
  • Audit policies.
  • Service authentication.
  • Network deployment.

Assessment

  1. Online quiz (15%)
  2. Server Administration Handbook (7500 words - 40%)
  3. Final Exam (45%)

Subject Availability

Session 2 (July)

Abstract

This is an industry subject based on the Project Management Institute (PMI®) methodology (as defined by the PMBoK® - Project Management Body of Knowledge) to prepare students for subsequent PMP® (Project Management Professional) or similar certification. In this subject students will look at how to initiate, plan, control and complete projects effectively and ensure that projects are performed to meet objectives within specific cost and time constraints.

MGI511 - Project Management Fundamentals will cover the following topics:

  • Introduction to Project Management Principles
  • Project Integration Management
  • Project Scope Management
  • Project Time Management
  • Project Cost Management
  • Project Quality Management
  • Project Human Resource Management
  • Project Communications Management
  • Project Risk Management
  • Project Procurement Management

Assessment

  1. Online quiz (15%)
  2. Case Study Analysis (3500 words - 35%)
  3. Project Management Plan (3500 words - 50%)

Subject Availability

Session 1 (Feb), Session 3 (Nov)

Note: Assessment items are subject to change. Your official subject assessments should be confirmed in your online Subject Outline upon enrolment in that subject.

Sample Assessment

Assessments in your subjects will take a variety of forms, all designed to test and enhance your learning. You might be called upon to sit an exam, write a marketing plan, design an application, produce a video presentation, sit a quiz or any number of tasks. Why not try a small sample based on the exam from the subject ITE514 – Professional Systems Security?

  1. Why is prevention alone NOT enough to deal with attackers?
    1. Because upkeep of preventive measures is labour intensive
    2. Because it is difficult to implement preventive measures
    3. Because prevention alone is an expensive option
    4. Because even the best preventive measures are subject to failure
  2. Which of these choices best describes a buffer overflow attack?
    1. The input data exceeds the memory allocated for it.
    2. A buffer overflow is the common result of a SYN flood attack.
    3. Data formatted differently than expected by the receiving process.
    4. There is insufficient input data to fill the programs memory buffer.
  3. In a /24 subnet, the address x.x.x.255 BEST represents which of the following?
    1. An unusable address
    2. A broadcast address
    3. A standard IP address
    4. A network address
  4. What is NOT a method of social engineering?
    1. Impersonating a corporate VP over the phone
    2. Sending an e-mail that persuades a user to open a dangerous attachment
    3. Dumpster diving for sensitive corporate information
    4. Sending a popup window asking the user to re-authenticate
  5. Which of the following characterizes UDP as compared to TCP?
    1. More complex
    2. Connection oriented
    3. Faster
    4. Guaranteed delivery
  6. What specific action did the Melissa virus take that caused it to spread so fast?
    1. It broadcast itself to remote hosts with a spoofed address, echoing it to machines all over the Internet.
    2. It mailed itself to the first 50 entries in a victim’s Microsoft Outlook address book.
    3. It invaded root DNS servers, pointing addresses everywhere to infected hosts.
    4. It opened a user’s Internet Explorer browser to a site with the virus.
  7. Which of the following is FALSE about loopback addresses?
    1. They are assigned by the local ISP.
    2. They fall into the range 127.0.0.0/8.
    3. They are non-routable on the Internet.
    4. They are often used by services that must contact other services running on the same machine
  8. Network systems are located at different locations within our environment. Which of the following sections would be the best location for a web server that you want external customers to access?
    1. Semi-public
    2. Public
    3. Private
    4. Intranet
  9. Which of the following is the main problem with default passwords?
    1. They are difficult for valid users to guess.
    2. Frequently administrators do not know they are there and attackers do.
    3. They are usually hard to obtain.
    4. A default password can never be removed from a system.

Answers: D, A, B, C, C, B, B, A, B.

Entry requirements

There are two pathways to entry into the Master of Information Systems Security.

  1. An undergraduate degree from a recognised Australian tertiary institution (or equivalent).
  2. Professional attainment and/or work experience.

Applicants without a tertiary qualification may be admitted first to the Graduate Certificate in Information Systems Security. Upon successful completion of the four subjects in the Graduate Certificate, students will then be admitted with full credit into the Master of Information Systems Security to complete their remaining units of study.

Information on applying can be found on the How to Apply help page.

Graduate Certificate

The Master of Information Systems Security is an articulated course that incorporates the Graduate Certificate in Information Systems Security.  The certificate can be stand alone or, upon successful completion, students may proceed (with full credit) into the Master of Information Systems Security.

Fees

Domestic Students
$3000 AUD per subject
International Students
$3100 AUD per subject

More information on Fees can be found on the Fees page

If you want to reduce your cost per course you may be eligible for credit. 

Credit

Academic credit is available to students who can provide proof they have passed relevant industry certification examinations or who have completed previous study. No fees are charged for subjects students receive credit for.  

Prospective students can obtain an estimate of credit entitlements from Industry Examinations by filling out the Credit Eligibility Form.

NOTE: The actual level of credit awarded will be confirmed upon acceptance into the Degree.

Information Session

Find out more with a personalised assessment of your eligibility, or apply now!