Credit points


Campus offering

No unit offerings are currently available for this unit




ITEC640 Information Systems Security

Teaching organisation

3 hours per week for twelve weeks or equivalent.

Unit rationale, description and aim

This unit will cover the importance of cyber security, security threats, risk analysis and mitigation techniques. The unit demonstrates the basic cyber security concepts, security tools and the common architectures used as industry standards. Students will learn how to defend against cyber threats and attacks and study existing techniques for managing security issues and maintaining the working environment. This unit introduces the broad discipline of cybersecurity and outlines how to ensure data confidentiality, privacy, integrity and availability of information. The unit also covers ethical and legal issues in cyber–space to understand how cyber security affects legal compliance and solidarity in communities and society. The aim of this unit is to equip students with some background knowledge in cyber security, which scaffolds an advanced unit in network security.

Learning outcomes

To successfully complete this unit you will be able to demonstrate you have achieved the learning outcomes (LO) detailed in the below table.

Each outcome is informed by a number of graduate capabilities (GC) to ensure your work in this, and every unit, is part of a larger goal of graduating from ACU with the attributes of insight, empathy, imagination and impact.

Explore the graduate capabilities.

On successful completion of this unit, students should be able to:

LO1 - synthetise vulnerabilities and potential security threats to information systems and analyse their consequences in real world scenarios in collaboration with peers (GA5, GA7)

LO2 - apply appropriate security tools to safeguard data, systems and networks from malicious attacks (GA5, GA10)

LO3 - critically evaluate the consequences of different level of risks in an organisation and propose appropriate security countermeasures to minimise the impacts or likelihood of risks (GA4, GA5)

LO4 - appraise the impact of cybersecurity systems across societies and national borders (GA2, GA5)

Graduate attributes

GA2 - recognise their responsibility to the common good, the environment and society 

GA4 - think critically and reflectively 

GA5 - demonstrate values, knowledge, skills and attitudes appropriate to the discipline and/or profession 

GA7 - work both autonomously and collaboratively 

GA10 - utilise information and communication and other relevant technologies effectively.


Topics will include:

  • Fundamental issues in cyber security
  • Physical security
  • Software security: intruder, malware
  • Basic cryptography
  • Risk assessment and management
  • Hash and Digital Signature
  • Web security
  • Database security
  • Digital Forensics
  • Legal, privacy and ethical issues
  • Social and global Impacts of cyber attacks

Learning and teaching strategy and rationale

This unit will be delivered in attendance mode over a twelve-week semester or equivalent study period. Students will have access to all primary learning materials online through LEO, along with formative and summative assessments, all of which will be available online, to provide a learning experience beyond the classroom. While there are no formal classroom lectures for this unit, students will be required to attend weekly three-hour workshops, which will include a seminar and specific tasks related to achievement of the unit learning outcomes. Workshops facilitate learning by doing, which is particularly effective for information technology units as technical skills can be better learned through hands on practices.

Students should anticipate undertaking 150 hours of study for this unit, including class attendance, readings, online forum participation and assessment preparation.

Assessment strategy and rationale

A range of assessment procedures will be used to meet the unit learning outcomes and develop graduate attributes consistent with University assessment requirements. The first assessment provides students with an opportunity to apply and test a number of security tools and techniques in laboratory set-up. In assessment task 2, students will critically analyse a recent security breach and investigate the cause of breach and will also apply their knowledge to propose an appropriate security solution. The last assessment provides students with an opportunity to apply theoretical knowledge and assess risk for a cyber physical system using standard risk analysis models.

Overview of assessments

Brief Description of Kind and Purpose of Assessment TasksWeightingLearning OutcomesGraduate Attributes

Task 1: Lab assessment

This assessment consists of a series of weekly lab exercises where students are required to apply different security tools and techniques to solve practical problems. The feedback from this assessment will help students to be ready to apply the concepts in other two assessments.

Submission Type: Individual

Assessment Method: Lab Practical task

Artefact: Source Code/Lab report


LO1, LO2, LO3, LO4

GA2, GA4, GA5, GA7, GA10

Task 2: Report on cyber security issues

The purpose of this task is to assess students’ critical thinking and reflective analysis of contemporary cyber security issues. This report has to be written based on a recent cyber-attack. Students will learn how to write a scientific report and format it using the IEEE template.

Submission Type: Group

Assessment Method: Scientific report

Artefact: Written report (2000 words)


LO1, LO2

GA5, GA7, GA10

Task 3: Report on Risk Analysis

The students are expected to write a report reflecting their critical analysis on potential security threats and their consequences for an IT or information system. They have to use STRIDE and DREAD models to identify risk factors of an IT or information system.  

The purpose of this assessment is to assess the students’ critical and analytical ability to delve into complex concepts about cyber security through reflection and collaboration.

Submission Type: Individual

Assessment Method: Written Report

Artefact: Written report (3000 words)


LO3, LO4

GA2, GA4, GA5

Representative texts and references

Stallings W, 2020, Cryptography & Network Security: Principles and Practice, 8th edn, Pearson US.

Stallings W & Brown L, 2018, Computer Security: Principle and Practice, 4th Edn, Pearson US.

Stallings, W. (2018). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Addison-Wesley Professional.

Anderson, R 2020, Security Engineering: A Guide to Building Dependable Distributed Systems, 3rd edn, Wiley.

Charles J. Brooks, Philip Craig, Donald Short, Cybersecurity Essentials, SYBEX, 2017.

Whitman, M & Mattord, H 2016, Principles of Information Security, 5th edn, Cengage, Boston.

Pfleeger C & Pfleeger S & Margulies J 2015, Security in Computing, 5th edn, Prentice Hall, New Jersey.

Have a question?

We're available 9am–5pm AEDT,
Monday to Friday

If you’ve got a question, our AskACU team has you covered. You can search FAQs, text us, email, live chat, call – whatever works for you.

Live chat with us now

Chat to our team for real-time
answers to your questions.

Launch live chat

Visit our FAQs page

Find answers to some commonly
asked questions.

See our FAQs