Cyber Security Clinic (COMP90091)

Graduate courseworkPoints: 12.5Not available in 2025

You’re viewing the 2025 Handbook:
Or view archived Handbooks

Overview

FeesLook up fees

This subject involves a mixture of classroom instruction and client-facing practice, in which students will work directly with not-for-profit and community organisations to help improve their cybersecurity practices and capabilities. Roughly the first half of the subject involves traditional lectures and tutorials in which students learn core cyber security principles and the conceptual frameworks for cyber security practice within organisations, with a focus on not-for-profit and community organisations and the unique threats that they face. The second half of the subject is primarily practical in nature, with students putting into practice the classroom knowledge by working directly with organisations to help improve their cyber security practice. Community and not-for-profit organisations are especially important because they are rich targets for cyber attacks yet often have limited resources to employ cyber security professionals or consultants. In the practical component of this subject, students will carry out tasks including asset inventory construction, cyber risk assessment, developing recommendations for and assessing the effectiveness of security controls, and developing cyber security training material.

Students will work with client organisations under the supervision of a member of academic staff. The skills and knowledge students obtain, and the experience putting those into practice, will strengthen their employability.

Indicative content covered in the classroom includes: Information security principles and threats overview; traditional information security controls and threat mitigations; ethics of information security practice; the threat landscape, with a focus on not-for-profit and community organisations; cybersecurity problem diagnosis; threat modelling and risk assessments; phishing and social engineering threats and controls; cyber security training and security behaviours; and misinformation and disinformation threats and mitigations.

Entry to this subject requires permission from the subject coordinator.

Intended learning outcomes

On completion of this subject, students should be able to:

  • Deduce and articulate the key cyber security risks faced by an organisation.
  • Determine, and argue for the appropriateness of, evidence-based cyber security controls and practices to mitigate identified cyber security risks for an organisation.
  • Articulate the unique cyber security challenges faced by community and not-for-profit organisations.
  • Assess the effectiveness of organisational cyber security controls.
  • Explain key cyber security threats and challenges, and appropriate controls and mitigations for them.

Generic skills

  • Application of cyber security principles and risk assessment methods to identify cyber security risks and recommend improvements to organisational cyber security practice
  • An in-depth knowledge of cyber security threats faced by not-for-profit and community organisations and effective threat mitigation methods
  • Ethical conduct and professional accountability.
  • Effective oral and written communication in professional and lay domains.

Last updated: 4 March 2025