IFN635 Cyber Security and Governance


To view more information for this unit, select Unit Outline from the list below. Please note the teaching period for which the Unit Outline is relevant.


Unit Outline: Semester 2 2025, Gardens Point, Internal

Unit code:IFN635
Credit points:12
Pre-requisite:IFN583 OR ((IFN551 or IFQ551) and (IFN553 or IFQ553)) OR admission to IN17
Equivalent:IFN541
Coordinator:Gowri Ramachandran | g.ramachandran@qut.edu.au
Disclaimer - Offer of some units is subject to viability, and information in these Unit Outlines is subject to change prior to commencement of the teaching period.

Overview

Cybersecurity is the practice of safeguarding an organisation's critical infrastructure from cyber threats, including ransomware, malware, and phishing. Critical infrastructure encompasses IT components (software, platforms, computing infrastructure, networks, devices) and physical spaces. Infrastructure attacks have increased the need for cyber risk management skills. This unit builds on Computer Systems and Security (IFN583) and offers a broad introduction to cybersecurity and governance frameworks, covering security practices across people, processes, and technology. Topics include threat assessment, risk management, incident response, security compliance, awareness initiatives, and cloud security. You will learn from real-world case studies to prepare for roles as cybersecurity professionals, gaining theoretical knowledge and practical skills to detect, investigate, and remediate cyberattacks. This unit also prepares you for advanced studies in the cybersecurity major.

Learning Outcomes

On successful completion of this unit you will be able to:

  1. Discuss the impact of people, processes and technology on information security, both for individuals and organisations including ethical and privacy considerations.
  2. Analyse the evolving cyber threat landscape and its impact on individuals and organizations, considering ethical and privacy considerations.
  3. Apply relevant cybersecurity frameworks and strategies within the organizational context to enhance information security.
  4. Conduct a cybersecurity risk assessment for an organization, identifying potential vulnerabilities and threats.
  5. Prioritize and employ appropriate risk assessment tools and methodologies to categorize identified risks for effective treatment.
  6. Collaborate in a team environment to idenity and recommend appropriate security practices.

Content

This unit introduces you to the multifaceted aspects of cybersecurity, exploring the evolving cyber threat landscape and its impact on individuals and organizations. You will learn to apply cybersecurity frameworks and strategies within the organizational context to enhance information security and conduct thorough cybersecurity risk assessments, identifying vulnerabilities and threats. You will be exposed to different risk management and security management frameworks, methods, tools, and techniques used for vulnerability and threat management, governance frameworks, enterprise risk management, incident management, and disaster recovery in an organizational context. Through the unit, you will develop important employability skills, such as communication and learn to work as an effective team member. Guest lecturers will highlight career opportunities, including the skills needed to succeed in this field.

Learning Approaches

You can expect to spend 10-15 hours per week involved in preparing for and attending scheduled classes, preparing, and completing assessment tasks as well as independent study and consolidation of your learning. The unit uses pre-recorded lectures, practical exercises, and some case studies to develop your understanding of the theory and practice of information security management in organizations.

The pre-recorded lectures and activities will provide you with the knowledge and skills to address the cyber security landscape of organizations.

Tutorials will be conducted in face-to-face on-campus. They will be group activities based on involving identifying, analysing, assessing, and addressing the information security risks in large-scale organizations. The tutorials build directly on the material presented in the pre-recorded lectures and will involve detailed instruction sheets for undertaking the required tasks. They are designed to support class instruction, group work, and class reflection.

QUT Canvas site will be used for lecture notes, tutorial materials, reading resources, and act as the central place for all course related information.

This unit emphasizes practical skills and artefact-driven learning. Students actively engage in hands-on exercises, supplemented by readings and discussions from the development community, to gain real-world experience and prepare for future challenges.

Feedback on Learning and Assessment

You can obtain feedback on their progress throughout the unit through the following mechanisms:

  • Class and group-based feedback on workshop exercises
  • Written feedback on the formative phase of assessment tasks
  • Written feedback on summative phases of assessment tasks, including a rubric
  • General verbal feedback will be provided to the entire class on assessment tasks

You will receive feedback and results on each assessment task prior to the submission of the next assessment task

Assessment

Overview

The assignments in this unit offer a comprehensive exploration of critical cybersecurity concepts and practices. The students will investigate the relationship between people, processes, and technology in shaping information security landscapes, while also considering ethical and privacy implications.  

Students will analyse the dynamic cyber threat landscape, emphasizing its impact on individuals and organizations by incorporating ethical and privacy considerations. They also need to apply relevant cybersecurity frameworks to enhance organizational security considerations.

The assignments also focus on practical risk assessment and mitigation strategies, where students conduct a detailed cybersecurity risk assessment, prioritize identified risks, and develop actionable recommendations for stakeholders. Through collaborative teamwork, students refine their ability to articulate security recommendations to both technical and non-technical audiences.

Unit Grading Scheme

7- point scale

Assessment Tasks

Assessment: Cyber Security Practices Implementation Plan

For this Assignment students will design and develop a detailed implementation plan for cybersecurity practices including people, processes, and technology. The assignment will focus on different aspects such as standards, best practices, employee training, security protocols, and technological solutions. The Deliverables include, an implementation plan document outlining potential cyber threats landscape, strategies, timelines, and resource allocation, recommended standards and best practices for addressing cyber security considerations in a real-world organization.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 35
Individual/Group: Individual and group
Due (indicative): Week 7
Related Unit learning outcomes: 1, 2, 3, 6

Assessment: Cybersecurity Risk Assessment and Recommendations

For this Assignment, students will conduct a cyber security risk assessment for real-world organization, identifying potential vulnerabilities and threats. They need to identify and prioritize risks. They supposed to employ appropriate assessment tools and methodologies. The students will collaboratively work in small teams to develop written security recommendations for technical and non-technical audiences in the organization.

The deliverables of this assignment include: a cyber security risk assessment report detailing identified vulnerabilities, threats, an overview assessment tools used, risks identified and risk treatment strategies. The students supposed to prepare a report and a recorded video by including their findings and recommendations for different stakeholders in the organization.

This assignment is eligible for the 48-hour late submission period and assignment extensions. 

Weight: 45
Individual/Group: Individual and group
Due (indicative): Week 14
Related Unit learning outcomes: 4, 5, 6

Assessment: Final Examination (Online)

Based on several real-world problems, and employing technical and business skills taught in this unit, you will take an online exam.

Two hour duration 

Testing Weeks 1-13 Lectures & Practicals.

Weight: 20
Individual/Group: Individual
Due (indicative): During central examination period
Central exam duration: 2:10 - No perusal
Related Unit learning outcomes: 1, 2

Academic Integrity

Academic integrity is a commitment to undertaking academic work and assessment in a manner that is ethical, fair, honest, respectful and accountable.

The Academic Integrity Policy sets out the range of conduct that can be a failure to maintain the standards of academic integrity. This includes, cheating in exams, plagiarism, self-plagiarism, collusion and contract cheating. It also includes providing fraudulent or altered documentation in support of an academic concession application, for example an assignment extension or a deferred exam.

You are encouraged to make use of QUT’s learning support services, resources and tools to assure the academic integrity of your assessment. This includes the use of text matching software that may be available to assist with self-assessing your academic integrity as part of the assessment submission process.

Breaching QUT’s Academic Integrity Policy or engaging in conduct that may defeat or compromise the purpose of assessment can lead to a finding of student misconduct (Code of Conduct – Student) and result in the imposition of penalties under the Management of Student Misconduct Policy, ranging from a grade reduction to exclusion from QUT.

Requirements to Study

Costs

No extraordinary charges or costs are associated with the requirements for this unit.

Resources

There is no required textbook for this unit. However, this unit may where appropriate, make use of the selected chapters from textbooks, journals, and magazines. Students are encouraged to obtain a copy of these materials from the library. Where possible, materials will be made available online through QUT Readings.

Risk Assessment Statement

There are no out-of-the-ordinary risks associated with studying this unit

Course Learning Outcomes

This unit is designed to support your development of the following course/study area learning outcomes.

IN17 Graduate Certificate in Communication for Information Technology

  1. Demonstrate an advanced knowledge of information technology disciplines.
    Relates to: ULO1, ULO3, Cyber Security Practices Implementation Plan , Final Examination (Online)
  2. Critically analyse complex IT problems and opportunities and use creativity and problem-solving skills to generate solutions.
    Relates to: ULO2, ULO5, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  3. Employ industry-best practice, IT methods, tools and techniques to develop and implement IT systems, processes and/or software.
    Relates to: ULO3, ULO4, ULO5, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  4. Work effectively in both self-directed and collaborative contexts.
    Relates to: ULO6, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  5. Communicate effectively in IT professional contexts using written, visual and oral formats.
    Relates to: ULO6, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  6. Critically reflect on the social, cultural, ethical and diversity issues related to the IT field.
    Relates to: ULO1, ULO2, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)

IN20 Master of Information Technology

  1. Demonstrate advanced specialist IT knowledge in at least one information technology discipline.
    Relates to: ULO1, ULO3, Cyber Security Practices Implementation Plan , Final Examination (Online)
  2. Critically analyse complex IT problems and opportunities and use creativity and problem-solving skills to generate innovative and novel solutions that are convincingly justified.
    Relates to: ULO2, ULO5, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  3. Integrate advanced, industry-best practice, IT methods, tools and techniques to develop and implement complex IT systems, processes and/or software.
    Relates to: ULO3, ULO4, ULO5, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  4. Employ leadership and initiative in both self-directed and collaborative contexts to create value for others.
    Relates to: ULO6, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  5. Communicate effectively in IT professional and scholarly contexts to specialist and non-specialist audiences using written, visual and oral formats.
    Relates to: ULO6, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  6. Demonstrate business acumen and well-developed values, attitudes, behaviours and judgement in professional contexts.
    Relates to: ULO2, ULO4, Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  7. Create positive change through critically reflecting upon and actioning responses to the social, cultural, ethical, sustainability, legal and accessibility issues in the IT field, including how they relate to First Nations Australians and diverse populations.
    Relates to: ULO1, ULO2, Cyber Security Practices Implementation Plan , Final Examination (Online)

IN28 Master of Artificial Intelligence

  1. Demonstrate advanced specialist IT knowledge in Artificial Intelligence discipline.
    Relates to: Cyber Security Practices Implementation Plan , Final Examination (Online)
  2. Critically analyse complex Artificial Intelligence problems and opportunities and use creativity and problem-solving skills to generate innovative and novel solutions that are convincingly justified.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  3. Integrate advanced, industry-best practice, Artificial Intelligence methods, tools and techniques to develop and implement complex Artificial Intelligence systems, processes and/or software.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  4. Employ leadership and initiative in both self-directed and collaborative contexts to create value for others.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  5. Communicate effectively in Artificial Intelligence professional and scholarly contexts to specialist and non-specialist audiences using written, visual and oral formats.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  6. Demonstrate business acumen and well-developed values, attitudes, behaviours and judgement in professional contexts.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  7. Create positive change through critically reflecting upon and actioning responses to the social, cultural, ethical, sustainability, legal and accessibility issues in the Artificial Intelligence field, including how they relate to First Nations Australians and diverse populations.
    Relates to: Cyber Security Practices Implementation Plan , Final Examination (Online)

IN29 Master of Cyber Security

  1. Demonstrate advanced specialist IT knowledge in Cyber Security discipline.
    Relates to: Cyber Security Practices Implementation Plan , Final Examination (Online)
  2. Critically analyse complex Cyber Security problems and opportunities and use creativity and problem-solving skills to generate innovative and novel solutions that are convincingly justified.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  3. Integrate advanced, industry-best practice, Cyber Security methods, tools and techniques to develop and implement complex Cyber Security systems, processes and/or software.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  4. Employ leadership and initiative in both self-directed and collaborative contexts to create value for others.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  5. Communicate effectively in Cyber Security professional and scholarly contexts to specialist and non-specialist audiences using written, visual and oral formats.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations
  6. Demonstrate business acumen and well-developed values, attitudes, behaviours and judgement in professional contexts.
    Relates to: Cyber Security Practices Implementation Plan , Cybersecurity Risk Assessment and Recommendations , Final Examination (Online)
  7. Create positive change through critically reflecting upon and actioning responses to the social, cultural, ethical, sustainability, legal and accessibility issues in the Cyber Security field, including how they relate to First Nations Australians and diverse populations.
    Relates to: Cyber Security Practices Implementation Plan , Final Examination (Online)