| Effective Term: | 2025/05 |
| Institute / School : | Institute of Innovation, Science & Sustainability |
| Unit Title: | Cybersecurity Governance, Risk and Compliance |
| Unit ID: | ITECH2506 |
| Credit Points: | 15.00 |
| Prerequisite(s): | (ITECH1502) |
| Co-requisite(s): | Nil |
| Exclusion(s): | Nil |
| ASCED: | 029999 |
| Other Change: | |
| Brief description of the Unit |
| Cybersecurity Governance, Risk, and Compliance (GRC) are essential components of any organisation's approach to managing its digital security posture. In this unit, these components will be covered in detail. In the governance part, students will learn about frameworks, policies, procedures, and processes that guide the overall management of cybersecurity within an organisation, e.g., establishing roles and responsibilities, defining goals and objectives, and ensuring that cybersecurity efforts align with the organisation's strategic objectives. The risk management part will cover aspects like identifying, assessing, and prioritising potential cybersecurity threats and vulnerabilities that could affect the organisation, such as ongoing monitoring, evaluation, and adjustment of security measures to address evolving threats and changes in the business environment. Finally, the compliance part will cover relevant laws, regulations, standards, and industry best practices related to cybersecurity, such as data protection regulations, industry-specific standards, and internal policies and procedures. |
| Grade Scheme: | Graded (HD, D, C, P, MF, F, XF) |
| Work Experience Indicator: |
| No work experience |
| Placement Component: No |
| Supplementary Assessment: |
| Where supplementary assessment is available a student must have failed overall in the Unit but gained a final mark of 45 per cent or above, has completed all major assessment tasks (including all sub-components where a task has multiple parts) as specified in the Unit Description and is not eligible for any other form of supplementary assessment |
| Course Level: |
| Level of Unit in Course | AQF Level(s) of Course | | 5 | 6 | 7 | 8 | 9 | 10 | | Introductory | | | | | | | | Intermediate | | |  | | | | | Advanced | | | | | | |
|
| Learning Outcomes: |
| Knowledge: |
| K1. | Explain governance principles and their importance in the organisational strategies |
|
| K2. | Apply appropriate methodologies to assess and mitigate cybersecurity risks |
|
| K3. | Develop and apply compliance knowledge to ensure regulatory adherence |
|
| K4. | Integrate and align cybersecurity initiatives with organisational objectives and processes |
|
| K5. | Apply appropriate strategies and processes for ongoing monitoring, evaluation, and enhancement of cybersecurity GRC programs |
|
| Skills: |
| S1. | Select and apply appropriate leadership, policy development, stakeholder management, and strategic alignment skills for cybersecurity governance initiatives |
|
| S2. | Identify cybersecurity risks and implement risk mitigation strategies and controls |
|
| S3. | Interpret and apply relevant cybersecurity laws, regulations, and standards and conduct compliance assessments and audits |
|
| Application of knowledge and skills: |
| A1. | Apply the knowledge of policy development based on governance principles and strategic alignment for business objectives and investments |
|
| A2. | Analyse various business cases to conduct and monitor risk assessment and mitigation strategies and implement mechanisms for continuous monitoring in line with organisational strategies and compliance principles |
|
| Unit Content: |
Topics may include:
1. Introduction to cyber risks, vulnerabilities, and threats
2. Cybersecurity frameworks and their adaptations
3. Risk management, assessment, and analysis
4. Asset protection and classification
5. Identity management and access control
6. Security assessment and testing
7. Risk quantification and uncertainty
8. Policy developing and procedure designing for cyber risks
9. GRC applications in finance, government, and critical infrastructures
10. Cybersecurity culture and training programs
11. Compliance with industry and regulations |
| Graduate Attributes: |
| Federation University recognises that students require key transferable employability skills to prepare them for their future workplace and society. FEDTASKS (Transferable Attributes Skills and Knowledge) provide a targeted focus on five key transferable Attributes, Skills, and Knowledge that are be embedded within curriculum, developed gradually towards successful measures and interlinked with cross-discipline and Co-operative Learning opportunities. One or more FEDTASK, transferable Attributes, Skills or Knowledge must be evident in the specified learning outcomes and assessment for each FedUni Unit, and all must be directly assessed in each Course.
|
| FED TASK and descriptor | Development and acquisition of FEDTASKS in the Unit | Learning outcomes
(KSA) | Assessment task
(AT#) | FEDTASK 1
Interpersonal | Students will demonstrate the ability to effectively communicate, inter-act and work with others both individually and in groups. Students will be required to display skills in-person and/or online in: • Using effective verbal and non-verbal communication • Listening for meaning and influencing via active listening • Showing empathy for others • Negotiating and demonstrating conflict resolution skills • Working respectfully in cross-cultural and diverse teams. | Not applicable | Not applicable | FEDTASK 2
Leadership | Students will demonstrate the ability to apply professional skills and behaviours in leading others. Students will be required to display skills in: • Creating a collegial environment • Showing self -awareness and the ability to self-reflect • Inspiring and convincing others • Making informed decisions • Displaying initiative | K2, K4, S1, A1 | A2 | FEDTASK 3
Critical Thinking and Creativity | Students will demonstrate an ability to work in complexity and ambiguity using the imagination to create new ideas. Students will be required to display skills in: • Reflecting critically • Evaluating ideas, concepts and information • Considering alternative perspectives to refine ideas • Challenging conventional thinking to clarify concepts • Forming creative solutions in problem solving. | K3-K5, S2, A2 | A3 | FEDTASK 4
Digital Literacy | Students will demonstrate the ability to work fluently across a range of tools, platforms and applications to achieve a range of tasks. Students will be required to display skills in: • Finding, evaluating, managing, curating, organising and sharing digital information • Collating, managing, accessing and using digital data securely • Receiving and responding to messages in a range of digital media • Contributing actively to digital teams and working groups • Participating in and benefiting from digital learning opportunities. | K3-K5, S2, A2 | A3 | FEDTASK 5
Sustainable and Ethical Mindset | Students will demonstrate the ability to consider and assess the consequences and impact of ideas and actions in enacting ethical and sustainable decisions. Students will be required to display skills in: • Making informed judgments that consider the impact of devising solutions in global economic environmental and societal contexts • Committing to social responsibility as a professional and a citizen • Evaluating ethical, socially responsible and/or sustainable challenges and generating and articulating responses • Embracing lifelong, life-wide and life-deep learning to be open to diverse others • Implementing required actions to foster sustainability in their professional and personal life. | Not applicable | Not applicable |
|
| | Learning Outcomes Assessed | Assessment Tasks | Assessment Type | Weighting | | 1. | K1-K5, S2, S3 | Engage in tutorial discussions and provide practical solutions to a range of problems | Demonstration of completion | 10 - 20% | | 2. | K3-K5, S3, A2 | Analyse given scenarios and propose practical solutions based on relevant standards and practices | Assignments | 50 - 70% | | 3. | K1, K2, K5, S1, S3, A1 | This task will test students' understanding and knowledge of GRC principles, standards, and best practices. | Examination/Test | 10 - 30% |
|
Professional Standards / Competencies: |
| | Standard / Competency | | 1. | Australian Computer Society - Core Body of Knowledge: 2023 accreditation |
|
| Attribute | Assessed | Level | | Core ICT Knowledge | |
Cyber Security
| | |
Nature of Cyber Security: forms of attack, prevention, detection, mitigation and repair
| | Yes | Intermediate | | |
Information assets to be secured (hardware, networks, software, data) and the different means of securing them, cryptography
| | Yes | Advanced | | |
Human security roles and behaviours, rights and obligations (privacy)
| | Yes | Intermediate | | |
Cyber Security risk assessment, policy, management and testing, forensics
| | Yes | Advanced | |
ICT Management and Governance
| | |
Fundamental governance principles (strategy development, establishment and monitoring systems for management and policy)
| | Yes | Introductory |
| | 2. | Skills Framework for the Information Age (SFIA): Version 8 |
|
| Attribute | Assessed | Level | | Strategy and architecture | | Strategy and planning | | | ITSP Strategic planning (Levels 5 - 7) Creating and maintaining a strategy to align organisational actions, plans and resources with business objectives. | | Yes | 5 | | | IRMG Information management (Levels 4 - 7) Planning, implementing and controlling the full life cycle management of digitally organised information and records. | | Yes | 5 | | | STPL Enterprise and business architecture (Levels 5 - 7) Aligning an organisation's technology strategy with its business mission, strategy, and processes and documenting this using architectural models. | | Yes | 6 | | Security and privacy | | | SCTY Information security (Levels 3 - 7) Defining and operating a framework of security controls and security management strategies. | | Yes | 3 | | | INAS Information assurance (Levels 3 - 7) Protecting against and managing risks related to the use, storage and transmission of data and information systems. | | Yes | 3 | | | PEDP Personal data protection (Levels 5 - 6) Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation. | | Yes | 5 | | | VURE Vulnerability research (Levels 3 - 6) Conducting applied research to discover, evaluate and mitigate new or unknown security vulnerabilities and weaknesses. | | Yes | 5 | | | THIN Threat intelligence (Levels 2 - 6) Developing and sharing actionable insights on current and potential security threats to the success or integrity of an organisation. | | Yes | 6 | | Governance, risk and compliance | | | GOVN Governance (Levels 6 - 7) Defining and operating a framework for making decisions, managing stakeholder relationships, and identifying legitimate authority. | | Yes | 6 | | | BURM Risk management (Levels 3 - 7) Planning and implementing organisation-wide processes and procedures for the management of risk to the success or integrity of the enterprise. | | Yes | 5 | | | AUDT Audit (Levels 3 - 7) Delivering independent, risk-based assessments of the effectiveness of processes, the controls, and the compliance environment of an organisation. | | Yes | 3 |
|
|