IAB246 Organisations and Security: Governance, Risk and Compliance
To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.
| Unit code: | IAB246 |
|---|---|
| Prerequisite(s): | IFB240 (can be studied concurrently) |
| Credit points: | 12 |
| Timetable | Details in HiQ, if available |
| Availabilities |
|
| CSP student contribution | $1,192 |
| Domestic tuition unit fee | $4,704 |
| International unit fee | $5,640 |
Unit Outline: Semester 1 2026, Gardens Point, Internal
| Unit code: | IAB246 |
|---|---|
| Credit points: | 12 |
| Pre-requisite: | IFB240 (can be studied concurrently) |
| Coordinator: | Gowri Ramachandran | g.ramachandran@qut.edu.au |
Overview
Cybersecurity is the practice of safeguarding an organisation's critical infrastructure from cyber threats, including ransomware, malware, and phishing. Critical infrastructure encompasses IT components (software, platforms, computing infrastructure, networks, and other assets) and physical spaces. Infrastructure attacks have increased the need for cyber risk management skills. This unit introduces cybersecurity and governance frameworks, covering security practices across people, processes, and technology. Topics include threat assessment, risk management, incident response, security compliance, and policy management. From real-world case studies and problems, you will learn to prepare for roles as cybersecurity professionals, gaining theoretical knowledge and practical skills to prevent and respond to cyberattacks. This unit also prepares you for advanced studies in the cybersecurity major.
Learning Outcomes
On successful completion of this unit you will be able to:
- Analyse and apply governance frameworks, risk management strategies, and compliance standards to effectively address organisational security challenges.
- Design, document, communicate, and implement risk assessment and incident response plans to mitigate security threats and ensure business continuity.
- Assess the impact of regulatory and legal requirements on organisational security practices, adapting policies to align with current standards and emerging issues.
- Recognise the importance of collaborating with interdisciplinary teams to develop comprehensive security strategies that incorporate governance, risk, and compliance insights from diverse professional perspectives.
- Evaluate ethical and social implications of security practices, showing sensitivity to cultural, legal, and societal impacts within organisational governance, risk, and compliance frameworks.
Content
This unit introduces you to the multifaceted aspects of cybersecurity, exploring the evolving cyber threat landscape and its impact on individuals and organisations. You will learn to apply cybersecurity frameworks and strategies within the organizational context to enhance information security and conduct thorough cybersecurity risk assessments, identifying vulnerabilities and threats. You will be exposed to different risk management, governance, and security management frameworks, including methods, tools, and vulnerability and threat management techniques. The unit also discusses risk management, incident response, and disaster recovery in an organizational context. Through the unit, you will develop important employability skills, such as written and oral communication and learn to work as an effective team member. One of the assessments will include an industry problem with direct engagement with one or more industry partners. Guest lecturers from industry will highlight career opportunities, including the skills needed to succeed in this field. You will engage with practical frameworks, explore the governance, risk, and compliance career pathways, and identify the necessary skills for roles such as security analyst, GRC analyst, risk manager, compliance officer, and security consultant.
Learning Approaches
You can expect to spend 12-15 hours per week preparing for and attending scheduled classes, preparing and completing assessment tasks, conducting independent study and consolidating your learning. The unit uses pre-recorded lectures, live lectures with industry guest speakers, practical exercises aligned with industry problems, and some real-world case studies to develop your understanding of the theory and practice of information security management in organisations. You will learn about real-world cybersecurity incidents and understand the importance of navigating varied viewpoints to enhance organisational security and ethical decision-making. They will also gain relevant insights directly from professionals in the field through guest lectures by industry experts and the integration of up-to-date materials based on current practices.
The pre-recorded lectures and activities will provide you with the knowledge and skills to address organisations' cybersecurity landscapes. In contrast, the live lecture will allow you to interact with industry experts to enhance your practical knowledge.
Tutorials will be conducted face-to-face on campus and online via Zoom. Group activities will involve identifying, analysing, assessing, and addressing the information security risks in large-scale organisations. The tutorials build directly on the material in the pre-recorded and live lectures. They are designed to support class instruction, group work, and class reflection.
One of the assessments will involve an industry problem, direct interaction with one or more industry experts, and potentially a presentation of the assessment work to industry partners.
The QUT Canvas site will be used for lecture notes, tutorial materials, and reading resources and will act as the central place for all course-related information. You will receive continuous guidance and resources, equipping them with the tools to understand the key concepts successfully.
This unit emphasises practical skills and artefact-driven learning. You will explore the intricate balance between cultural requirements for information protection and digital integration challenges, focusing on information management concepts incorporating Aboriginal and Torres Strait Islander perspectives. You will actively engage in hands-on exercises, supplemented by readings and discussions from the development community, to gain real-world experience and prepare for future challenges. More specifically, you will gain an understanding of the importance of cross-field collaboration, integrating insights from governance, technology, law, and ethics to effectively tackle complex challenges in organisational security, risk, and compliance.
Feedback on Learning and Assessment
You will gain feedback in this unit by participating in weekly tutorials, where you will get to test your understanding by carrying out some realistic governance, risk, and compliance-related activities. You will also receive written and verbal feedback for Assessments 1 and 2. The unit will aim to create many more opportunities for discussions and presentations in the tutorials, as the career opportunities for risk management, compliance audits, and security consultation roles involve significant communication.
Assessment
Overview
The assignments in this unit offer a comprehensive exploration of critical cybersecurity concepts and practices. You will investigate the relationship between people, processes, and technology in shaping information security landscapes while considering ethical and privacy implications.
You will analyse the dynamic cyber threat landscape, emphasising its impact on individuals and organizations by incorporating ethical and privacy considerations. They also need to apply relevant cybersecurity frameworks to enhance organizational security considerations.
The assignments also focus on practical risk assessment and mitigation strategies. You will conduct a detailed cybersecurity risk assessment, prioritise identified risks, and develop actionable recommendations for stakeholders. Through collaborative teamwork, you will refine your ability to articulate security recommendations to technical and non-technical audiences.
Unit Grading Scheme
7- point scale
Assessment Tasks
Assessment: Cyber Security Risk Assessment
For this assessment, you will perform a cyber risk assessment for a realistic problem provided by industry practitioners. Each group will produce a detailed report, including a list of assets, potential threats and vulnerabilities, mitigation strategies, risk register, and a cost-benefit analysis. You will collaborate in small teams to develop the risk assessment report and present it to the board, which will include industry professionals.
This assessment will provide opportunities for you to engage with practitioners, including through presentations for expert feedback. It will help the students develop soft skills such as group work and professional communication, which are essential to operate in the GRC industry.
The report part of the assignment is eligible for the 48-hour late submission period and assignment extensions.
Assessment: Cybersecurity Incident Response
For this assessment, you will develop an incident response policy and a plan for an organisation. The final report should help the organisation to respond to cyber incidents effectively. This assessment will leverage and reuse as many insights as possible from the first assessment to produce an effective incident response report.
You will work in small teams collaboratively to develop the incident response policy and plan for the organisation's technical and non-technical audiences. There will be an incident response role play presentation.
The report part of the assignment is eligible for the 48-hour late submission period and assignment extensions.
Assessment: Final Oral Examination
You will participate in an oral exam to test your understanding of key concepts covered in this unit throughout the semester. The oral exam will mimic cybersecurity and GRC interviews to ensure you get practice before applying for industry jobs.
Testing Weeks 1-13 Lectures & Practicals.
Academic Integrity
Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.
The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.
Resources
There is no required textbook for this unit. However, where appropriate, this unit may use selected chapters from online textbooks, journals, and magazines. You are encouraged to obtain or access a copy of these materials from/via the library. Where possible, materials will be made available online through QUT Readings.
Risk Assessment Statement
There are no out-of-the-ordinary risks associated with studying this unit.
Course Learning Outcomes
This unit is designed to support your development of the following course/study area learning outcomes.IN01 Bachelor of Information Technology
- Critically analyse and conceptualise complex IT challenges and opportunities using modelling, abstraction, ideation and problem-solving to generate, evaluate and justify recommended solutions.
Relates to: ULO1, Cyber Security Risk Assessment , Final Oral Examination - Integrate and apply technical knowledge and skills to analyse, design, build, operate and maintain sustainable, secure IT systems using industry-standard tools, technologies, platforms, and processes.
Relates to: ULO2, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Demonstrate an understanding of the role of IT in enabling business outcomes and how business realities shape IT decisions.
Relates to: ULO2, ULO3, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Demonstrate initiative, autonomy and personal responsibility for continuous learning, working both independently and collaboratively within multi-disciplinary teams, employing state-of-the-art IT project management methodologies to plan and manage time, resources, and risk.
Relates to: ULO2, ULO4, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Communicate professionally and effectively in written, verbal and visual formats to a diverse range of stakeholders, considering the audience and explaining complex ideas in a simple and understandable manner in a range of IT-related contexts.
Relates to: ULO2, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Critically reflect, using a human-centric approach, on the social, cultural, ethical, privacy, legal, sustainability, and accessibility issues shaping the development and use of IT, including respecting the perspectives and knowledge systems of Aboriginal and Torres Strait Islander peoples, ensuring IT solutions empower and support people with disabilities, and fostering inclusive and equitable digital technologies that serve diverse communities.
Relates to: ULO3, ULO5, Cyber Security Risk Assessment , Final Oral Examination
Unit Outline: Semester 1 2026, Online
| Unit code: | IAB246 |
|---|---|
| Credit points: | 12 |
| Pre-requisite: | IFB240 (can be studied concurrently) |
Overview
Cybersecurity is the practice of safeguarding an organisation's critical infrastructure from cyber threats, including ransomware, malware, and phishing. Critical infrastructure encompasses IT components (software, platforms, computing infrastructure, networks, and other assets) and physical spaces. Infrastructure attacks have increased the need for cyber risk management skills. This unit introduces cybersecurity and governance frameworks, covering security practices across people, processes, and technology. Topics include threat assessment, risk management, incident response, security compliance, and policy management. From real-world case studies and problems, you will learn to prepare for roles as cybersecurity professionals, gaining theoretical knowledge and practical skills to prevent and respond to cyberattacks. This unit also prepares you for advanced studies in the cybersecurity major.
Learning Outcomes
On successful completion of this unit you will be able to:
- Analyse and apply governance frameworks, risk management strategies, and compliance standards to effectively address organisational security challenges.
- Design, document, communicate, and implement risk assessment and incident response plans to mitigate security threats and ensure business continuity.
- Assess the impact of regulatory and legal requirements on organisational security practices, adapting policies to align with current standards and emerging issues.
- Recognise the importance of collaborating with interdisciplinary teams to develop comprehensive security strategies that incorporate governance, risk, and compliance insights from diverse professional perspectives.
- Evaluate ethical and social implications of security practices, showing sensitivity to cultural, legal, and societal impacts within organisational governance, risk, and compliance frameworks.
Content
This unit introduces you to the multifaceted aspects of cybersecurity, exploring the evolving cyber threat landscape and its impact on individuals and organisations. You will learn to apply cybersecurity frameworks and strategies within the organizational context to enhance information security and conduct thorough cybersecurity risk assessments, identifying vulnerabilities and threats. You will be exposed to different risk management, governance, and security management frameworks, including methods, tools, and vulnerability and threat management techniques. The unit also discusses risk management, incident response, and disaster recovery in an organizational context. Through the unit, you will develop important employability skills, such as written and oral communication and learn to work as an effective team member. One of the assessments will include an industry problem with direct engagement with one or more industry partners. Guest lecturers from industry will highlight career opportunities, including the skills needed to succeed in this field. You will engage with practical frameworks, explore the governance, risk, and compliance career pathways, and identify the necessary skills for roles such as security analyst, GRC analyst, risk manager, compliance officer, and security consultant.
Learning Approaches
You can expect to spend 12-15 hours per week preparing for and attending scheduled classes, preparing and completing assessment tasks, conducting independent study and consolidating your learning. The unit uses pre-recorded lectures, live lectures with industry guest speakers, practical exercises aligned with industry problems, and some real-world case studies to develop your understanding of the theory and practice of information security management in organisations. You will learn about real-world cybersecurity incidents and understand the importance of navigating varied viewpoints to enhance organisational security and ethical decision-making. They will also gain relevant insights directly from professionals in the field through guest lectures by industry experts and the integration of up-to-date materials based on current practices.
The pre-recorded lectures and activities will provide you with the knowledge and skills to address organisations' cybersecurity landscapes. In contrast, the live lecture will allow you to interact with industry experts to enhance your practical knowledge.
Tutorials will be conducted face-to-face on campus and online via Zoom. Group activities will involve identifying, analysing, assessing, and addressing the information security risks in large-scale organisations. The tutorials build directly on the material in the pre-recorded and live lectures. They are designed to support class instruction, group work, and class reflection.
One of the assessments will involve an industry problem, direct interaction with one or more industry experts, and potentially a presentation of the assessment work to industry partners.
The QUT Canvas site will be used for lecture notes, tutorial materials, and reading resources and will act as the central place for all course-related information. You will receive continuous guidance and resources, equipping them with the tools to understand the key concepts successfully.
This unit emphasises practical skills and artefact-driven learning. You will explore the intricate balance between cultural requirements for information protection and digital integration challenges, focusing on information management concepts incorporating Aboriginal and Torres Strait Islander perspectives. You will actively engage in hands-on exercises, supplemented by readings and discussions from the development community, to gain real-world experience and prepare for future challenges. More specifically, you will gain an understanding of the importance of cross-field collaboration, integrating insights from governance, technology, law, and ethics to effectively tackle complex challenges in organisational security, risk, and compliance.
Feedback on Learning and Assessment
You will gain feedback in this unit by participating in weekly tutorials, where you will get to test your understanding by carrying out some realistic governance, risk, and compliance-related activities. You will also receive written and verbal feedback for Assessments 1 and 2. The unit will aim to create many more opportunities for discussions and presentations in the tutorials, as the career opportunities for risk management, compliance audits, and security consultation roles involve significant communication.
Assessment
Overview
The assignments in this unit offer a comprehensive exploration of critical cybersecurity concepts and practices. You will investigate the relationship between people, processes, and technology in shaping information security landscapes while considering ethical and privacy implications.
You will analyse the dynamic cyber threat landscape, emphasising its impact on individuals and organizations by incorporating ethical and privacy considerations. They also need to apply relevant cybersecurity frameworks to enhance organizational security considerations.
The assignments also focus on practical risk assessment and mitigation strategies. You will conduct a detailed cybersecurity risk assessment, prioritise identified risks, and develop actionable recommendations for stakeholders. Through collaborative teamwork, you will refine your ability to articulate security recommendations to technical and non-technical audiences.
Unit Grading Scheme
7- point scale
Assessment Tasks
Assessment: Cyber Security Risk Assessment
For this assessment, you will perform a cyber risk assessment for a realistic problem provided by industry practitioners. Each group will produce a detailed report, including a list of assets, potential threats and vulnerabilities, mitigation strategies, risk register, and a cost-benefit analysis. You will collaborate in small teams to develop the risk assessment report and present it to the board, which will include industry professionals.
This assessment will provide opportunities for you to engage with practitioners, including through presentations for expert feedback. It will help the students develop soft skills such as group work and professional communication, which are essential to operate in the GRC industry.
The report part of the assignment is eligible for the 48-hour late submission period and assignment extensions.
Assessment: Cybersecurity Incident Response
For this assessment, you will develop an incident response policy and a plan for an organisation. The final report should help the organisation to respond to cyber incidents effectively. This assessment will leverage and reuse as many insights as possible from the first assessment to produce an effective incident response report.
You will work in small teams collaboratively to develop the incident response policy and plan for the organisation's technical and non-technical audiences. There will be an incident response role play presentation.
The report part of the assignment is eligible for the 48-hour late submission period and assignment extensions.
Assessment: Final Oral Examination
You will participate in an oral exam to test your understanding of key concepts covered in this unit throughout the semester. The oral exam will mimic cybersecurity and GRC interviews to ensure you get practice before applying for industry jobs.
Testing Weeks 1-13 Lectures & Practicals.
Academic Integrity
Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.
The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.
You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.
Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.
Resources
There is no required textbook for this unit. However, where appropriate, this unit may use selected chapters from online textbooks, journals, and magazines. You are encouraged to obtain or access a copy of these materials from/via the library. Where possible, materials will be made available online through QUT Readings.
Risk Assessment Statement
There are no out-of-the-ordinary risks associated with studying this unit.
Course Learning Outcomes
This unit is designed to support your development of the following course/study area learning outcomes.IN01 Bachelor of Information Technology
- Critically analyse and conceptualise complex IT challenges and opportunities using modelling, abstraction, ideation and problem-solving to generate, evaluate and justify recommended solutions.
Relates to: ULO1, Cyber Security Risk Assessment , Final Oral Examination - Integrate and apply technical knowledge and skills to analyse, design, build, operate and maintain sustainable, secure IT systems using industry-standard tools, technologies, platforms, and processes.
Relates to: ULO2, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Demonstrate an understanding of the role of IT in enabling business outcomes and how business realities shape IT decisions.
Relates to: ULO2, ULO3, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Demonstrate initiative, autonomy and personal responsibility for continuous learning, working both independently and collaboratively within multi-disciplinary teams, employing state-of-the-art IT project management methodologies to plan and manage time, resources, and risk.
Relates to: ULO2, ULO4, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Communicate professionally and effectively in written, verbal and visual formats to a diverse range of stakeholders, considering the audience and explaining complex ideas in a simple and understandable manner in a range of IT-related contexts.
Relates to: ULO2, Cyber Security Risk Assessment , Cybersecurity Incident Response , Final Oral Examination - Critically reflect, using a human-centric approach, on the social, cultural, ethical, privacy, legal, sustainability, and accessibility issues shaping the development and use of IT, including respecting the perspectives and knowledge systems of Aboriginal and Torres Strait Islander peoples, ensuring IT solutions empower and support people with disabilities, and fostering inclusive and equitable digital technologies that serve diverse communities.
Relates to: ULO3, ULO5, Cyber Security Risk Assessment , Final Oral Examination