Unit rationale, description and aim
In an increasingly digital and interconnected world, organisations face growing and complex cybersecurity threats, making it essential for professionals to understand how to manage security risks effectively and ethically.
Students will develop an understanding of security risk and appropriate frameworks, models, and strategies to identify, categorise and mitigate risk as a scalable, repeatable process, to best prepare and protect organisations from IT related threats. The standards and frameworks examined in the unit are constantly being revised and updated as new technologies and capabilities emerge in the threat landscape, such as cloud computing, quantum processors and artificial Intelligence platforms.
The aim of this unit is to equip students with the knowledge and skills to understand and manage security risks in organisations through the application of appropriate cybersecurity frameworks, models, and strategies.
Campus offering
No unit offerings are currently available for this unit.Learning outcomes
To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.
Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.
Explore the graduate capabilities.
Apply the principles, tools and techniques related...
Learning Outcome 01
Investigate the ISM Essential Eight Maturity Model...
Learning Outcome 02
Critically analyse the Risk Management Framework a...
Learning Outcome 03
Analyse the ISO 27001 model for risk assessment an...
Learning Outcome 04
Apply elements of the NIST RMF, the ADS Essential ...
Learning Outcome 05
Content
Topics will include:
- Understanding cybersecurity risk and risk management principles
- Methods for risk identification and categorization
- Methods for risk prioritization/assessment
- Selecting and implementing both mitigation and contingency actions
- Assessment of implemented strategies
- Risk management as a repeatable cycle
- Analysis of examples of both successful and unsuccessful implementations of cybersecurity
- Risk management and resulting business outcomes.
Assessment strategy and rationale
A range of assessments will be used to meet the unit learning outcomes and develop graduate attributes consistent with university assessment requirements.
- Assessment 1 requires students to apply their theoretical knowledge in solving problems in the lab environment. The purpose of this assessment is to guide students to recognise, categorise and prioritise cybersecurity risks and to develop appropriate mitigation strategies and actions.
- Assessment 2 requires students to assess the implementation of a risk management framework in a chosen organization and to report on the success (or otherwise) of that framework.
- Assessment 3 requires the student to develop a report (and associated presentation) on the capabilities of the standards and frameworks to respond to changes in the threat landscape relating to changes in information technology hardware, software, and platforms, and how those changes can be integrated into business risk management.
Students must achieve a minimum overall mark of 50% to pass the unit. Assessments will be graded using rubrics aligned with the intended learning outcomes, ensuring transparency and consistency in evaluation. The staged nature of the assessments supports the development of both analytical and applied capabilities in a coherent and cumulative manner.
Overview of assessments
Assessment Task 1: Report (Individual) This asse...
Assessment Task 1: Report (Individual)
This assessment requires students to apply their theoretical knowledge in solving problems in the lab environment. The purpose of this assessment is to guide students to recognize, categorise and prioritise cybersecurity risks and to develop appropriate mitigation strategies and actions.
Submission Type: Individual
Assessment Method: Written Report
25%
Assessment Task 2: Case Study (Group) This task ...
Assessment Task 2: Case Study (Group)
This task requires students to assess the implementation of a risk management framework in a chosen organization and to report on the success (or otherwise) of that framework. The students are required to present the solution in the form of 1500- word report to a real- world scenario of their choice.
Submission Type: Group
Assessment Method: Case Study
40%
Assessment Task 3: Report (Individual) Assessmen...
Assessment Task 3: Report (Individual)
Assessment 3 requires the student to develop a report (and associated presentation) on the capabilities of the standards and frameworks to respond to changes in the threat landscape relating to changes in information technology hardware, software and platforms, and how those changes can be integrated into business risk management. The students are required to produce a reflective 1000-word report on their learning from the case study and their proposed solution and present their future approach in addressing similar issues in workplace to solve real world problems in the form of a 4-5 minute presentation.
Submission Type: Individual
Assessment Method: Written Report & Presentation
35%
Learning and teaching strategy and rationale
Students are expected to engage in approximately 150 hours of learning over a twelve-week semester or equivalent study period. This includes scheduled classes, independent readings, participation in online forums, and preparation for assessments. Weekly workshops and practical lab activities support students in developing and applying core cybersecurity risk management concepts through individual and collaborative learning.
This unit is offered in both Attendance and Online modes to support diverse learning needs and preferences.
In Attendance Mode, students will participate in scheduled face-to-face workshops that involve hands-on activities, case study discussions, and guided group work. Preparation prior to sessions is essential and supported through online materials and self-paced quizzes.
In Online Mode, students will engage in a structured sequence of e-learning modules that include interactive tutorials, guided readings, formative quizzes, and collaborative tasks such as discussion forums and virtual labs. Online workshops and webinars provide opportunities for real-time interaction with peers and instructors. Pre-recorded lectures and curated electronic resources support flexible, self-directed learning while ensuring alignment with learning outcomes.
This blended, active learning approach ensures that students in all modes can build practical skills and theoretical understanding in cybersecurity governance and risk management.