ATMC NZ is delivering this NZQA Approved and accredited programme on behalf of NMIT
Organisations now seek skilled professionals who have both technical and management skills who can lead the development and implementation of internet security policies and procedures, who are able to monitor and audit enterprise information systems in the defence against cyber threats.
|Length||Fees||Locations and dates|
40 weeks full-time, consisting of 34 teaching weeks plus 6 holiday weeks
$20,900 Plus a Student Services Levy charges NZ $240
|25 November 2019 ATMC Auckland Campus|
The NMIT Postgraduate Diploma in IT Security Management has been developed by staff with experience in international IT security and digital forensics programmes.
Academic requirements: Applicants must have
- An undergraduate degree in a discipline related to IT, computer science, or information systems from a New Zealand tertiary institution accredited to offer those qualifications at that level or a degree in one of these disciplines from a foreign tertiary institution deemed by the New Zealand Qualifications Authority to be of equivalent standing.
English language requirements
All applicants must have a level of English sufficient to be able to study at this level. Those students whose first language is not English must have:
- An International English Language Testing System (IELTS) overall academic score of at least 6.5 (with at least 6.0 in each band) issued within the last two years, or equivalent.
Applicants may be interviewed to assess their suitability for the Programme.
It is recommended that students have IT working experience.
This programme is designed to provide students with skills needed to bridge the gap that often exists between enterprise managers and the technical aspects of IT security in the modern digital and internetconnected environment.
Using a balance of practical work, case studies and theory, the courses prepare students with effective communication and project management knowledge for innovative and effective leadership in crucial areas of IT security. The programme also lays the foundations of research skills which are relevant to IT security and to further postgraduate-level study.
This programme is made up of the following eight courses:
- Research Methods in Information Technology and IT Management
- Ethical Hacking and Incident Handling
- Governance and Development of IT Security Programme and Policies
- Legal Aspects of IT Security, Privacy and Investigations
- Auditing of IT Assets
- Vulnerability Assessment and Risk Analysis
- IT Project Management
- Information Systems Development, Implementation and Support
Research Methods in Information Technology and IT Management
This course aims to enable students to develop the skills and knowledge to source, interpret, evaluate and utilise data and information for research into IT security management and plan a research project in IT security management. Upon successful completion of this course you will be able to:
- Evaluate the nature of research and the research process including sources of bias and ethical considerations.
- Analyse the sources of research evidence and demonstrate through critical appraisal how such evidence should be interpreted and evaluated.
- Apply extensive understanding of the issues involved in defining and scoping a useful research or investigative question.
- Demonstrate understanding of the fundamental principles of common research methods or investigative tools and apply these to the construction of an appropriately designed method for investigation of a specific research question.
- Create and defend an appropriate research proposal and methodology for an individually selected research question or investigation.
Ethical Hacking and Incident Handling
This course aims to enable students to develop the skills and knowledge to test and assess the security of an organisation’s IT systems and user data and analyse and manage IT security breach incidents. Upon successful completion of this course you will be able to:
- Critically evaluate the scope and impact of cyber-attacks by determining the techniques used by hackers to exploit a system.
- Identify and analyse organisational risks and weaknesses by deployment of a variety of IT tools and management frameworks.
- Determine, using ethical hacking techniques, the ease of access to organisational IT assets that a hacker may attack and report findings with evidence.
- Critically evaluate the range of security techniques potentially used by an enterprise to protect system and user data.
- Create a framework for the incident handling process to effectively and adaptively respond to cyber-attacks in an organised and systematic way.
Governance and Development of IT Security Programme and Policies
This course aims to enable students to develop the skills and knowledge to integrate IT best practice into the corporate governance of an organisation and align IT security strategies with organisational missions, goals and strategies. Upon successful completion of this course you will be able to:
- Create and justify an IT security governance framework, based on enterprise information and organisational analysis, that conforms to contemporary industry-standard practices.
- Critically evaluate the degree of alignment between information security policies and organisational mission, goals and strategy.
- Evaluate the roles and responsibilities of information security-related roles in an enterprise and recommend changes if necessary based on critical analysis.
- Recommend and justify appropriate metrics, and evaluation methods, that provide enterprise management with accurate information regarding the effectiveness of an IT security strategy.
Legal Aspects of IT Security, Privacy and Investigations
This course aims to enable students to develop the skills and knowledge to review laws and regulations from a range of jurisdictions that are relevant to IT security management and compliance implications for a range of organisations and assess an organisation’s compliance with relevant laws and regulations related to IT security management. Upon successful completion of this course you will be able to:
- Justify and recommend adoption of practices and procedures, in line with appropriate laws and regulations, for enterprise practices for IT security investigation, data protection and privacy.
- Critically evaluate the IT security plans and privacy policies of an enterprise to identify any points of non-compliance with laws, or possible regulatory risk, and make recommendations for revision.
- Critically assess the practical implications for an enterprise of new IT laws and industry standards.
Auditing of IT Assets
This course aims to enable students to develop the skills and knowledge to design an.IT security validation programme and plan and implement an IT audit for an organisation. Upon successful completion of this course you will be able to:
- Critically evaluate the types of controls used during the phases of an IT audit and explain the intended outcomes.
- Analyse operational data and define an ‘optimum security baseline’ for an organisation’s IT infrastructure and systems that can be audited against.
- Critically assess risks, evaluate security vulnerabilities, and prioritize activities of the IT auditing process in terms of risk intensity.
- Perform an IT network and perimeter audit using an industry standard process(es) and make judgements on enterprise compliance and IT security vulnerability.
- Collate and critically analyse data from a continuous remediation process and prepare a report for managers about risk and resources with justified recommendations for improvement.
Vulnerability Assessment and Risk Analysis
This course aims to enable students to develop the skills and knowledge to use tools and methodologies to manage IT security that comply with relevant laws, regulations and organisational policies, and meet business operational requirements and to determine appropriate IT risk-treatment options for an organisation. Upon successful completion of this course you will be able to:
- Critically evaluate the current and desired IT security risk levels for an enterprise.
- Critically review functional level (e.g., Finance, Operations) policies and procedures to evaluate the degree of compliance across the enterprise with corporate level policy.
- Estimate the potential impact of identified vulnerabilities and evaluate the related risk and affects to an organisation and its stakeholders.
- Create an effective IT risk-management strategy for an enterprise and recommend associated assessment procedures with justifications.
- Critically assess the trade-off between ‘acceptable level of risk’ and the cost of deployment of new IT security measures that might be implemented by an enterprise.
IT Project Management
This course aims to enable students to develop the skills and knowledge to critically analyse IT security project management and processes, and to plan and initiate IT security projects. Upon successful completion of this course you will be able to:
- Construct and defend an implementable plan to deliver an IT security project with an associated timeline, budget and technical constraint scope that utilises standard project management tools.
- Critically identify the potential source and scope of changes and slippage throughout a project lifecycle and describe the importance of project documentation from pre-planning to post-project evaluation.
- Critically analyse management and organisational processes to identify potential communication gaps between managers and technical staff and design interventions to ‘bridge the gap’ in a project context.
Information Systems Development, Implementation and Support
This course aims to enable students to develop the skills and knowledge to assess and mitigate IT security risks for organisations. Upon successful completion of this course you will be able to:
- Critically evaluate security risks in the software development lifecycle and devise implementable security controls in the development environment.
- Evaluate potential security risks of third-party software solutions.
- Develop appropriate and justified recommendations to enterprise management on systems development, acquisition, and maintenance to ensure overall product or solution security.
- Critique information, analyse for, and recognise unauthorized changes or ‘drift’ to IT systems under development and devise justified and appropriate process control or improvement practices.