Overview
This unit is the capstone to the Cyber Security specialisation of the Bachelor of Information Technology course. The unit is designed so that you can demonstrate your learning across the whole course of study before making the transition to the next stage of your career. To this end, you are to conduct a group project including the design and implementation of a cyber security plan that meets the client's requirements. Deliverables will include the formal security plan and configured secure infrastructure as part of an overall portfolio of planning and design documentation, scripts, and rules. In order to deliver a robust solution, you will need to choose and employ an appropriate project management methodology. The delivered infrastructure will undergo stress testing and simulated security attack scenarios.
Details
Pre-requisites or Co-requisites
Prerequisites: (COIS13064 ICT Project Management or COIT12208 ICT Project Management) and COIT12202 Network Security Concepts Corequisites: COIT13146 System and Network Administration and (COIT13229 Applied Distributed Systems or COIT13240 Applied Cryptography)
Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework).
Offerings For Term 1 - 2025
Attendance Requirements
All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 12-credit Undergraduate unit at CQUniversity requires an overall time commitment of an average of 25 hours of study per week, making a total of 300 hours for the unit.
Class Timetable
Assessment Overview
Assessment Grading
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of 'pass' in order to pass the unit. If any 'pass/fail' tasks are shown in the table above they must also be completed successfully ('pass' grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the 'assessment task' section (note that in some instances, the minimum mark for a task may be greater than 50%). Consult the University's Grades and Results Policy for more details of interim results and final grades.
All University policies are available on the CQUniversity Policy site.
You may wish to view these policies:
- Grades and Results Policy
- Assessment Policy and Procedure (Higher Education Coursework)
- Review of Grade Procedure
- Student Academic Integrity Policy and Procedure
- Monitoring Academic Progress (MAP) Policy and Procedure - Domestic Students
- Monitoring Academic Progress (MAP) Policy and Procedure - International Students
- Student Refund and Credit Balance Policy and Procedure
- Student Feedback - Compliments and Complaints Policy and Procedure
- Information and Communications Technology Acceptable Use Policy and Procedure
This list is not an exhaustive list of all University policies. The full list of University policies are available on the CQUniversity Policy site.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Feedback from Teaching Team's feedback
Students lack skills with industry-standard tools needed to facilitate version control, collaboration, and code management for projects, which are essential for their future careers.
Review available options (such as GitHub, DevOps, etc.), make it mandatory for students to use one of these tools for their projects, and include it in the marking criteria for all assessments.
Feedback from Teaching Team and students' feedback
Students encounter difficulties in managing team dynamics, such as dealing with unequal participation and resolving conflicts.
Provide resources on teamwork skills to help students effectively manage team dynamics, including participation and conflict resolution, and incorporate teamwork assessment into the evaluation process.
- Analyse cyber security requirements to produce a comprehensive cyber security plan
- Implement well-documented and tested security technologies to meet a cyber security plan
- Evaluate security protections for compliance and effectiveness
- Produce the project management artefacts required in a typical cyber security project
- Demonstrate productive participation and contribution to a project team or work environment
- Demonstrate work readiness in terms of technical skills, communication skills, and both professional and ethical behaviour.
The Australian Computer Society (ACS) recognises the Skills Framework for the Information Age (SFIA). SFIA is adopted by organisations, governments and individuals in many countries and provides a widely used and consistent definition of ICT skills. SFIA is increasingly being used when developing job descriptions and role profiles. ACS members can use the tool MySFIA to build a skills profile.
This unit contributes to the following workplace skills as defined by SFIA 9 (the SFIA code is included):
- Project Management (PRMG)
- Information security (SCTY)
- Security Administration (SCAD)
- Specialist Advice (TECH)
- IT Infrastructure (ITOP)
- Network support (NTAS)
- Network Design (NTDS)
- Penetration testing (PENT)
- Information Assurance (INAS)
- Risk management (BURM)
- Threat intelligence (THIN)
- Vulnerability assessment (VUAS)
Alignment of Assessment Tasks to Learning Outcomes
| Assessment Tasks | Learning Outcomes | |||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 1 - Report - 40% | ||||||
| 2 - Portfolio - 20% | ||||||
| 3 - Written Assessment - 20% | ||||||
| 4 - Presentation - 20% | ||||||
Alignment of Graduate Attributes to Learning Outcomes
| Graduate Attributes | Learning Outcomes | |||||
|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | |
| 1 - Communication | ||||||
| 2 - Problem Solving | ||||||
| 3 - Critical Thinking | ||||||
| 4 - Information Literacy | ||||||
| 5 - Team Work | ||||||
| 6 - Information Technology Competence | ||||||
| 7 - Cross Cultural Competence | ||||||
| 8 - Ethical practice | ||||||
| 9 - Social Innovation | ||||||
| 10 - Aboriginal and Torres Strait Islander Cultures | ||||||
Textbooks
There are no required textbooks.
IT Resources
- CQUniversity Student Email
- Internet
- Unit Website (Moodle)
- Access to computer with webcam, microphone and speakers
- Zoom
- Github.com Account
- Microsoft Teams
- Portfolium
All submissions for this unit must use the referencing style: Harvard (author-date)
For further information, see the Assessment Tasks.
y.lin@cqu.edu.au
Module/Topic
Weekly meeting with Unit Coordinator (UC)
Chapter
Events and Submissions/Topic
Meet the entire class to select a topic, create a team, and formulate project specifications. Agree upon a specific meeting time, discuss assessments and reporting requirements for each week.
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Introduce yourself to the project mentor and lay out a plan for the term.
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverables:
- Project Plan (9 AM AEST, Monday, Week 3)
- Self-Assessment (9 AM AEST, Monday, Week 3)
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverable:
Discussion on progress report during weekly consultation with mentor.
Module/Topic
No meeting
Chapter
Events and Submissions/Topic
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverable:
Draft Report (9 AM AEST, Week 7)
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverable:
Discussion on progress report during weekly consultation with mentor.
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverable:
Practice Presentation (9 AM AEST, Monday, Week 11)
Module/Topic
Weekly meeting with project mentor.
Chapter
Events and Submissions/Topic
Deliverable:
Project Reflection (9 AM AEST, Monday, Week 12)
Module/Topic
Chapter
Events and Submissions/Topic
Deliverables:
- Final Report (9 AM AEST, Monday, Week 13)
- Final Presentation (10 June 2025)
For any term-specific information, please get in touch with the Unit Coordinator via E-mail.
Unit Coordinator: Dr Yufeng Lin
E-mail: y.lin@cqu.edu.au
1 Report
In this unit, you integrate and apply the knowledge and skills you have gained in your course to create an industry-relevant team project. Students must form teams of a minimum of 3 students and a maximum of 4 students, with any larger teams at the discretion of the Unit Coordinator. Teams should be formed before the end of Week 1, with roles and responsibilities agreed upon at your project meeting in Week 2. Change of topic or team once the Project Plan deadline has passed is only allowed in special circumstances with approval from the Unit Coordinator.
Components
This assessment is split into two (2) deliverables:
1. Draft Report
2. Final Report
Expectations of Final Report
Your Final Report must document technical artefacts of the entire project. The content may vary depending on the chosen topic and the problem being addressed. As well as the technical artefacts, all Final Reports must include an overview of the entire project and an evaluation of the ethical and professional issues encountered during the project and/or envisaged in the future. The following are examples of technical artefacts that may be included in a Final Report.
• Detailed description of the problem from a business and technical perspective
• Review of existing/competing products, solutions, or literature
• Identification, selection and justification of appropriate network and security technologies to solve the problem
• Specification of requirements, for example, functional, usability, reliability, performance, security
• Logical and/or physical network designs
• Design of network/security architectures, protocols or algorithms
• Network and security policies, for example, disaster recovery plan, password policies, and business continuity plan
• Risk assessment
• Recommended security controls to solve the problem
• Documentation of a rapid prototype of a solution to the problem
• Results from security/penetration testing on a system
• Deploy network/security components, such as database/web servers in the cloud.
As different groups are undertaking various projects, you should discuss with your Project Mentor (tutor) the expected artefacts for your project.
Expectations of Draft Report
Your Draft Report consists of the latest versions of your technical artefacts produced by the deadline. See the list above for examples of technical artefacts from the Final Report. Some artefacts will be complete (or close to the final version), and some may be partially complete (e.g., some sections complete, others empty). You will typically not include artefacts you have started but made very little progress (e.g. less than 50% complete). The Draft Report is an opportunity to get feedback on your current progress. As with the Final Report, discuss with your Project Mentor what is expected for your project. Your Project Mentor will advise you on which artefacts to include or omit from the Draft Report. Your Draft Report will be released to other students.
Format and Submission
The Final Report should be presented as a formal, technical document (e.g. with title, section headings, references, diagrams, tables). The report must be submitted as a Microsoft Word document. You are encouraged to use separate documents/files for different artefacts. For example, if your group has developed a privacy policy and undertaken a risk assessment, they should be submitted as separate documents, with the Final Report simply referring to them. That is, you may submit a Final Report (Word doc), Privacy Policy (Word doc), Risk Assessment (Word doc), Network Design (Visio file) and so on.
The Draft Report should be presented and submitted in the same manner as the final report. Where sections are missing or incomplete, you should mark them (e.g. "This section is not yet complete.").
All group documents and technical artefacts must be stored on a Microsoft Teams channel created for your group by the Unit Coordinator and shared with your Project Mentor (tutor) and Unit Coordinator. With prior approval of the Unit Coordinator, a collaborative platform other than Microsoft Teams may be used. While documents are stored in Teams, they must be submitted on Moodle.
See the Schedule for due dates of deliverables.
Certification of Grades day for Final Report; Two weeks after the submission for the Draft Report
Contribution to Grade
- Draft Report: 10% with a minimum requirement of 5 marks.
- Final Report: 30% with a minimum requirement of 15 marks.
Individual and Group Contributions
Both reports are group work. If all team members make similar contributions, then all team members will typically receive the same mark. However, if there are noticeably different contributions from some team members, different individual marks may be awarded for some or all parts of the assessment. In the report, you must declare individual contributions (even if you contributed equally) with specific details. If your report does not have a particular contribution declaration, you may receive a deduction as specified in the marking guide in Moodle. The project mentor or Unit Coordinator may seek further information from team members, including via interviews, to evaluate the contributions.
Marking Criteria
Your Final Report will be marked based on:
- Problem definition. You must clearly and concisely describe the problem your project is attempting to solve.
- Approach. The methodologies, tools and techniques you use to solve the problem must be appropriate.
- Solution quality and depth. Your solution must demonstrate an investigation into significant depth, and the resulting outputs must be of the quality expected of a graduate.
- Evaluation of ethical and professional issues. Your evaluation must demonstrate an understanding of the issues and identify appropriate strategies for handling the issues.
- Presentation. For example, formatting, grammar, and referencing.
The reports, especially the solution quality and depth, will be assessed considering the project management activities (for example, Project Plan, progress reports, and quality review). For instance, a low score may be awarded if the project does not deliver what the Project Plan promised and the changes have not been justified in progress reports. However, if the project delivers what is promised but lacks technical depth in that deliverable, then a low score may still be awarded.
The Draft Report will be marked in the same manner as the Final Report.
This unit is 12 credit points and requires significant work every week with frequent assessment deadlines. If you get behind and miss a deadline, catching up will be very hard. Therefore, any late submissions more than 7 days after the original deadline for all assessments will receive zero marks.
In this unit, a minimum mark requirement applies to both the Draft Report and the Final Report. Any score below 50% on either report will fail the unit.
Detailed marking criteria are available on Moodle.
- Analyse cyber security requirements to produce a comprehensive cyber security plan
- Implement well-documented and tested security technologies to meet a cyber security plan
- Evaluate security protections for compliance and effectiveness
- Demonstrate work readiness in terms of technical skills, communication skills, and both professional and ethical behaviour.
2 Portfolio
Components
This assessment is split into two (2) deliverables:
- Self-Assessment
- Progress reporting
Expectations of Self-Assessment:
At the start of the project, you must identify your career goals, including your preferred job role upon graduation, and self-assess your current knowledge, skills and abilities against those expected of an IT professional. You will highlight gaps and identify tasks you aim to focus on in the project to fill those gaps.
At the end of the project, you must reflect on your work, your achievement in filling gaps identified at the start of the term, and your plans for the next steps in your career.
Expectations of Progress Reporting:
You must use a GitHub repository to maintain all project documentation and track project management, e.g., with a Kanban board. You must use Microsoft Teams for all communications within your group, including online meetings. You must meet weekly with your project mentor to discuss project status (e.g., on the Kanban board), significant issues or risks, and resource utilisation (e.g., budget usage).
You will be expected to answer questions about your progress report during week 5 and week 9 consultations. The final part of the progress report will be included in the final report.
Format and Submission
Self-Assessment:
A self-assessment report (individual submission) should be uploaded to Moodle. Details are available on Moodle.
Progress Reporting:
All groups must create a GitHub private repository at the start of the term (one student creates and invites other students, the project mentor and the unit coordinator as collaborators). All working documents and code should be uploaded to the GitHub repository containing all working documents and code. Contributions (commits) to the repository indicate student contribution to the project. Individual marks may be awarded based on this and other information. Groups must create and maintain a GitHub project, e.g. a Kanban board, that lists tasks. Each weekly meeting with the project mentor starts with 10 minutes of the groups showing and updating the Kanban board.
See the Schedule for due dates of deliverables.
Two weeks after submission due date.
Contribution to Grade
- Self-Assessment = 5 %
- Progress Reporting: 15%
Marking Criteria
Your Self Assessment will be marked based on:
- Genuine and in-depth self-assessment of knowledge, skills and abilities
- Ability to identify specific, relevant activities to fill in gaps that will contribute to future career goals
Your progress reporting will be marked based on the following:
- Effective use of tools and techniques for project management
- Regular contributions to the project activities by all team members
- Depth and quality of your technical contributions
- Identification of challenges in the project and practical approaches to deal with those challenges
Failure to publish artefacts on GitHub will result in 0 marks for the individual and group Project progress reports. Attendance at the scheduled project meeting with the mentor is required for each week that a progress report is due (weeks 5 and 9). If you do not attend (and do not have a valid reason, for example, a medical certificate), then you may receive zero marks for the progress report.
This unit is 12 credit points and requires a significant amount of work every week with frequent assessment deadlines. If you get behind and miss a deadline, it will be very hard to catch up. Therefore, any late submissions more than 7 days after the original deadline for all assessments will receive zero marks.
Detailed marking criteria are available on Moodle.
- Produce the project management artefacts required in a typical cyber security project
- Demonstrate productive participation and contribution to a project team or work environment
- Demonstrate work readiness in terms of technical skills, communication skills, and both professional and ethical behaviour.
3 Written Assessment
Components
This assessment is split into two (2) deliverables:
- Project Plan
- Project Reflection
Expectations of Project Plan
Your Project Plan must:
- Define the problem your team will solve
- Identify the roles and responsibilities of team members
- Schedule a set of tasks and deliverables, i.e. artefacts
- List anticipated challenges and mitigation strategies
- Budget for software or hardware costs, as well as access to resources (e.g. labs, cloud computing)
- Predict ethical or professional issues that may arise during or after the project (e.g., due to the product you deliver) and identify strategies to deal with those issues.
Expectations of Reflection
This is a written task where you will reflect on your project experience, including the technical and management issues that arose in the project and your key learnings from the project. You will also be expected to reflect on how the project will contribute to your future career goals.
Format and Submission
The Project Plan and Reflection must be submitted as reports (for example, Microsoft Word documents). Where appropriate, other documents (for example, initial network designs) may be submitted in other file formats as appendices to the report.
All group documents and technical artefacts must be stored on a Microsoft Teams channel created for your group by the Unit Coordinator and shared with your Project Mentor (tutor) and Unit Coordinator. With prior approval of the Unit Coordinator, a collaborative platform other than Microsoft Teams may be used. While documents are stored in Teams, they must be submitted on Moodle.
Online via Moodle
Two weeks after the due date via Moodle for project plan. Certification of Grades day for Project Reflection.
Contribution to Grade
- Project Plan: 12%
- Project Reflection: 8%
Individual and Group Contributions
The Project Plan is group work, and the Project Reflection is individual work.
Marking Criteria
Your Project Plan will be marked based on:
- Depth and quality of planning.
- Ability to identify issues relevant to your specific project.
Usually, all group members will receive the same mark for the project plan. However, suppose the project mentor or Unit Coordinator detects significant differences in contributions among group members. In that case, interviews may be held to determine individual contributions and individual marks may be allocated based on those contributions.
Your Project Reflection will be marked based on:
- Genuine and in-depth reflection on your experience of doing the project tasks.
- Ability to identify what you have learnt during this project.
- Analysis of hurdles faced while doing this project and how you overcame those hurdles. Discussion on lessons learnt from this experience.
- Analysis of how this project experience will contribute to your future career goals.
- Ethical and professional issues were handled during this project.
Failure to publish artefacts on Portfolium will result in 0 marks for the Project Reflection.
This unit is 12 credit points and requires a significant amount of work every week with frequent assessment deadlines. If you get behind and miss a deadline, it will be very hard to catch up. Therefore, any late submissions more than 7 days after the original deadline for all assessments will receive zero marks.
Detailed marking criteria are available on Moodle.
- Analyse cyber security requirements to produce a comprehensive cyber security plan
- Implement well-documented and tested security technologies to meet a cyber security plan
- Evaluate security protections for compliance and effectiveness
- Produce the project management artefacts required in a typical cyber security project
4 Presentation
Components
This assessment is split into two (2) deliverables:
- Practice Presentation
- Final Presentation
Expectations of Final Presentation
In your final presentation, you must convince the audience that your work is substantial, of high quality, relevant to your major and that you have applied appropriate processes to complete the job. The audience may include students from this unit, other students, your project mentor, the Unit Coordinator, other academic staff, alumni, and industry representatives. The presentation will be time-limited (to be confirmed during the term). Therefore, you must design your presentation to convey the key aspects of your project, taking into account the audience and time limitations. While the content/structure of your presentation is mainly your choice, it must at least include:
- Identification of your project topic, mentor, group members and major contributions of group members.
- Reflection on technical challenges, for example, what new things you learned, what was difficult, and how you solved problems.
- Demonstrate the system you develop or solve the problem.
You may use various presentation tools (including live demonstrations, videos, and screenshots), but slides must support your presentation.
Expectations of Practice Presentation
This will be practice for the Final Presentation, and therefore, the instructions for the Final Presentation apply. As your project may not be finished, not all aspects will be able to be presented. However, a demonstration is expected to be included (that is, you cannot just discuss your design without demonstrating any parts).
Format and Submission
Your group must deliver your Practice Presentation live in your regular project meeting with your mentor.
Your group must deliver your Final Presentation live using Zoom video conferencing. The final presentations will be scheduled as a conference-style event lasting up to one day. Groups will be assigned time slots during the day and must view other groups' presentations. The presentation day is planned for Monday of Week 13; the final date and detailed presentation schedule will be announced during the term.
For both the Practice Presentation and Final Presentation, you must submit at least PowerPoint slides on Moodle by the deliverable deadline. Other slide formats (including PDF) are not acceptable unless permission is granted in advance by the unit coordinator. You may optionally submit other resources (e.g., videos) besides the slides.
All group documents and technical artefacts must be stored on a Microsoft Teams channel created for your group by the Unit Coordinator and shared with your Project Mentor (tutor) and Unit Coordinator. With prior approval of the Unit Coordinator, a collaborative platform other than Microsoft Teams may be used. While documents are stored in Teams, they must be submitted on Moodle.
You may receive a Zero (0) in this assessment If you fail to appear on the planned demonstration/presentation day. The assessment specification on your Moodle website will further detail each of the points above.
See the Schedule for due dates of deliverables
One week after presentation for Practice Presentation; Certification of Grades day for Final Presentation
Contribution to Grade
- Practice Presentation: 5%
- Final Presentation: 15%
Individual and Group Contributions
Both presentations are group presentations; however, some marks will be allocated to individuals. All members of the group must present. All members will receive the same group score (unless exceptional circumstances, e.g., one member does not present). The score will be based on how you present your part and answer questions. Different students in your team may receive different individual scores.
Marking Criteria
Both presentations will be marked based on the following:
- Content quality and relevance [Group]. For example, sufficient technical depth, appropriate contributions presented, engaging and clearly explained content, and reflections on learnings.
- Demonstration of prototype/system [Group]. For example, appropriate technologies are chosen and shown, demonstrating the application of knowledge and skills.
- Presentation organisation and flow [Group]: for example, keeping to the time limit, preparedness, visual aids, and quality of demonstrations.
- Presentation skills [Individual]: For example, speaking skills, confidence, responding to questions, and demonstrating an understanding of the content.
Detailed marking criteria are available on Moodle.
- Demonstrate productive participation and contribution to a project team or work environment
As a CQUniversity student you are expected to act honestly in all aspects of your academic work.
Any assessable work undertaken or submitted for review or assessment must be your own work. Assessable work is any type of work you do to meet the assessment requirements in the unit, including draft work submitted for review and feedback and final work to be assessed.
When you use the ideas, words or data of others in your assessment, you must thoroughly and clearly acknowledge the source of this information by using the correct referencing style for your unit. Using others’ work without proper acknowledgement may be considered a form of intellectual dishonesty.
Participating honestly, respectfully, responsibly, and fairly in your university study ensures the CQUniversity qualification you earn will be valued as a true indication of your individual academic achievement and will continue to receive the respect and recognition it deserves.
As a student, you are responsible for reading and following CQUniversity’s policies, including the Student Academic Integrity Policy and Procedure. This policy sets out CQUniversity’s expectations of you to act with integrity, examples of academic integrity breaches to avoid, the processes used to address alleged breaches of academic integrity, and potential penalties.
What is a breach of academic integrity?
A breach of academic integrity includes but is not limited to plagiarism, self-plagiarism, collusion, cheating, contract cheating, and academic misconduct. The Student Academic Integrity Policy and Procedure defines what these terms mean and gives examples.
Why is academic integrity important?
A breach of academic integrity may result in one or more penalties, including suspension or even expulsion from the University. It can also have negative implications for student visas and future enrolment at CQUniversity or elsewhere. Students who engage in contract cheating also risk being blackmailed by contract cheating services.
Where can I get assistance?
For academic advice and guidance, the Academic Learning Centre (ALC) can support you in becoming confident in completing assessments with integrity and of high standard.
What can you do to act with integrity?
