Unit Synopsis
This unit provides you with a thorough understanding of the managerial aspects of information security in a business organisation. You will complement your existing knowledge of information and communication technologies by studying the organisational and management issues relevant to information security. You will learn about the importance of information security plans, security risk management and compliance monitoring, and develop and apply security policies and best practices. Through case studies, you will consider information security strategies that support business objectives while being aware of legal and ethical obligations. As a result, you will have the knowledge and skills to contribute to information security governance in accordance with standards set by governments, professional bodies and industry.
Details
| Level | Postgraduate |
|---|---|
| Unit Level | 9 |
| Credit Points | 6 |
| Student Contribution Band | SCA Band 2 |
| Fraction of Full-Time Student Load | 0.125 |
| Pre-requisites or Co-requisites |
Prerequisite: COIT20261 Network Routing and Switching Important note: Students enrolled in a subsequent unit who failed their pre-requisite unit, should drop the subsequent unit before the census date or within 10 working days of Fail grade notification. Students who do not drop the unit in this timeframe cannot later drop the unit without academic and financial liability. See details in the Assessment Policy and Procedure (Higher Education Coursework). |
| Class Timetable | View Unit Timetable |
| Residential School | No Residential School |
Unit Availabilities from Term 1 - 2026
Attendance Requirements
All on-campus students are expected to attend scheduled classes - in some units, these classes are identified as a mandatory (pass/fail) component and attendance is compulsory. International students, on a student visa, must maintain a full time study load and meet both attendance and academic progress requirements in each study period (satisfactory attendance for International students is defined as maintaining at least an 80% attendance record).
Recommended Student Time Commitment
Each 6-credit Postgraduate unit at CQUniversity requires an overall time commitment of an average of 12.5 hours of study per week, making a total of 150 hours for the unit.
Assessment Tasks
| Assessment Task | Weighting |
|---|---|
| 1. In-class Test(s) | 30% |
| 2. Presentation | 30% |
| 3. Written Assessment | 40% |
This is a graded unit: your overall grade will be calculated from the marks or grades for each assessment task, based on the relative weightings shown in the table above. You must obtain an overall mark for the unit of at least 50%, or an overall grade of ‘pass’ in order to pass the unit. If any ‘pass/fail’ tasks are shown in the table above they must also be completed successfully (‘pass’ grade). You must also meet any minimum mark requirements specified for a particular assessment task, as detailed in the ‘assessment task’ section (note that in some instances, the minimum mark for a task may be greater than 50%).
Past Exams
All University policies are available on the Policy web site, however you may wish to directly view the following policies below.
This list is not an exhaustive list of all University policies. The full list of policies are available on the Policy web site .
Term 1 - 2025 : The overall satisfaction for students in the last offering of this course was 87.50% (`Agree` and `Strongly Agree` responses), based on a 20% response rate.
Feedback, Recommendations and Responses
Every unit is reviewed for enhancement each year. At the most recent review, the following staff and student feedback items were identified and recommendations were made.
Source: Unit coordinator's reflection
The introduction of in-class tests, spread throughout the term, encouraged students to review and understand their unit topics consistently
Continue administering in-class tests and refine them as needed.
In Term 3, 2024, the in-class quizzes were replaced with online quizzes, and this approach continued in Term 1, 2025.
Source: Unit coordinator's reflection
Student may resort to GenAI to develop content for their presentation and report.
Develop and implement strategies to mitigate the impacts of GenAI on the assessments.
Oral interview has been implemented in Assessment 3 to reduce overreliance on GenAI.
Source: Unit coordinator's reflection
The current content does not clearly emphasise awareness, culture, and human factors in information security.
Incorporate a dedicated lecture topic that focuses on fostering a strong security culture and promoting human-centred approaches to security.
In Progress
Source: Teaching team's reflection
Expand the lecture content and tutorials to cover emerging technologies such as privacy-enhancing technologies and threat intelligence practices.
While advanced concepts, such as the Zero Trust model, are included, there remains scope to integrate more emerging topics and case studies.
In Progress
On successful completion of this unit, you will be able to:
- Develop security policies and program for an organisations based on national and international standards and industry's best practice
- Apply appropriate security control mechanism to protect critical infrastructure
- Assess security risks and develop risk management strategies for an organisation
- Justify appropriate risk treatment options
- Integrate laws and ethics of information security management into the organisation's security framework.
- Information Management (IRMG)
- Information Security (SCTY)
- Risk Management (BURM);
- Continuity Management (COPL)
- Methods and Tools (METL)
The National Initiative for Cybersecurity Education (NICE) Framework defines knowledge, skills and tasks needed to perform various cyber security roles. Developed by the National Institute of Standards and Technology (NIST), the NICE Framework is used by organisations to plan their workforce, including recruit into cyber security positions.
This unit helps prepare you for roles such as Systems Security Analyst, Network Operations Specialist and Systems Administrator, contributing to the following knowledge and skills:
- K0002 Knowledge of risk management processes (e.g., methods for assessing and mitigating risk).
- K0003 Knowledge of laws, regulations, policies, and ethics as they relate to cybersecurity and privacy.
- K0004 Knowledge of cybersecurity and privacy principles.
- K0038 Knowledge of cybersecurity and privacy principles used to manage risks related to the use, processing, storage, and transmission of information or data.
- K0040 Knowledge of vulnerability information dissemination sources (e.g., alerts, advisories, errata, and bulletins).
- K0263 Knowledge of information technology (IT) risk management policies, requirements, and procedures.
- K0267 Knowledge of laws, policies, procedures, or governance relevant to cybersecurity for critical infrastructures.
- K0276 Knowledge of security management.
| Assessment Tasks | Learning Outcomes | ||||
|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | |
| 1 - In-class Test(s) | • | • | • | • | |
| 2 - Presentation | • | • | • | ||
| 3 - Written Assessment | • | • | • | ||
| Graduate Attributes | Learning Outcomes | ||||
|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | |
| 1 - Knowledge | • | • | • | • | • |
| 2 - Communication | • | • | • | ||
| 3 - Cognitive, technical and creative skills | • | • | • | • | |
| 4 - Research | • | • | • | • | |
| 6 - Ethical and Professional Responsibility | • | • | • | • | • |
| Assessment Tasks | Graduate Attributes | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 8 | |