Cyber Security Clinic (COMP90091)

Graduate courseworkPoints: 12.5Not available in 2025

You’re viewing the 2025 Handbook:
Or view archived Handbooks

Overview

FeesLook up fees

This subject involves a mixture of classroom instruction and client-facing practice, in which students will work directly with not-for-profit and community organisations to help improve their cybersecurity practices and capabilities. Roughly the first half of the subject involves traditional lectures and tutorials in which students learn core cyber security principles and the conceptual frameworks for cyber security practice within organisations, with a focus on not-for-profit and community organisations and the unique threats that they face. The second half of the subject is primarily practical in nature, with students putting into practice the classroom knowledge by working directly with organisations to help improve their cyber security practice. Community and not-for-profit organisations are especially important because they are rich targets for cyber attacks yet often have limited resources to employ cyber security professionals or consultants. In the practical component of this subject, students will carry out tasks including asset inventory construction, cyber risk assessment, developing recommendations for and assessing the effectiveness of security controls, and developing cyber security training material.

Students will work with client organisations under the supervision of a member of academic staff. The skills and knowledge students obtain, and the experience putting those into practice, will strengthen their employability.

Indicative content covered in the classroom includes: Information security principles and threats overview; traditional information security controls and threat mitigations; ethics of information security practice; the threat landscape, with a focus on not-for-profit and community organisations; cybersecurity problem diagnosis; threat modelling and risk assessments; phishing and social engineering threats and controls; cyber security training and security behaviours; and misinformation and disinformation threats and mitigations.

Entry to this subject requires permission from the subject coordinator.

Intended learning outcomes

On completion of this subject, students should be able to:

  • Deduce and articulate the key cyber security risks faced by an organisation.
  • Determine, and argue for the appropriateness of, evidence-based cyber security controls and practices to mitigate identified cyber security risks for an organisation.
  • Articulate the unique cyber security challenges faced by community and not-for-profit organisations.
  • Assess the effectiveness of organisational cyber security controls.
  • Explain key cyber security threats and challenges, and appropriate controls and mitigations for them.

Generic skills

  • Application of cyber security principles and risk assessment methods to identify cyber security risks and recommend improvements to organisational cyber security practice
  • An in-depth knowledge of cyber security threats faced by not-for-profit and community organisations and effective threat mitigation methods
  • Ethical conduct and professional accountability.
  • Effective oral and written communication in professional and lay domains.

Last updated: 4 March 2025

Eligibility and requirements

Prerequisites

Must have completed

Code Name Teaching period Credit Points
COMP90015 Distributed Systems
Semester 2 (On Campus - Parkville)
Semester 1 (On Campus - Parkville)
 12.5
COMP90043 Cryptography and Security
Semester 2 (On Campus - Parkville)
 12.5

AND

Students must apply for permission directly to the subject coordinator to enrol in this subject. Upon receiving approval, students must attach approval to enrolment assistance form:

Enrolment Assistance

Corequisites

None

Non-allowed subjects

Code Name Teaching period Credit Points
ISYS90090 Cyber Security Management
Semester 2 (On Campus - Parkville)
 12.5

Inherent requirements (core participation requirements)

The University of Melbourne is committed to providing students with reasonable adjustments to assessment and participation under the Disability Standards for Education (2005), and the Assessment and Results Policy (MPF1326). Students are expected to meet the core participation requirements for their course. These can be viewed under Entry and Participation Requirements for the course outlines in the Handbook.

Further details on how to seek academic adjustments can be found on the Student Equity and Disability Support website: http://services.unimelb.edu.au/student-equity/home

Last updated: 4 March 2025

Assessment

DescriptionTimingPercentage

Individual Mid-Semester Test. Intended Learning Outcomes (ILOs) 1, 3 and 5 are addressed in this assessment.

  • 1 hours
Hurdle requirement: Students must achieve at least 50% in this test. 		Week 615%

Team Report - Client Assets and Existing Security Controls Report and Risk Assessment Plan. 800 words (each team member). ILOs 1, 3, and 4 are addressed in this assessment. 16 hours of work required (each)

  • 16 hours (of work required)
Week 915%

Individual Report – Initial Individual Reflection on client interactions and learnings, team function, and your ongoing team contribution. ILOs 1 and 4 are addressed in this assessment.

  • 200 words (each)
Hurdle requirement: Each student must submit an individual report		Week 85%

Team Client Risk Assessment and Recommendations Report. 2000 words each, requiring 45 hours of work per member. ILOs 1,2,4, and 5 are addressed in this assessment.

  • 45 hours (of work required)
Hurdle requirement: Students must achieve a pass mark		Week 1235%

Individual Report – Individual Final Reflection on team function, individual contribution, and recommendations for future client interactions. ILOs 1, 2, and 3 are addressed in this assessment.

  • 500 words (each)
Hurdle requirement: Each student must submit an individual report		Week 1210%

Team Client Risk Assessment Presentation. ILOs 2,3 and 5 are addressed in this assessment

  • 20 minutes (total)
Hurdle requirement: Each student in the team must present; 15 marks are awarded to the team for presentation content and structure; 5 marks are awarded individually for individual oral presentation and communication skills		During the examination period20%

Last updated: 4 March 2025

Dates & times

Not available in 2025

What do these dates mean

Visit this webpage to find out about these key dates, including how they impact on:

  • Your tuition fees, academic transcript and statements.
  • And for Commonwealth Supported students, your:
       -  Student Learning Entitlement. This applies to all students enrolled in a Commonwealth Supported Place (CSP).
     

    Subjects withdrawn after the census date (including up to the ‘last day to withdraw without fail’) count toward the Student Learning Entitlement.

Last updated: 4 March 2025

Further information

  • Texts

    Prescribed texts

    There are no specifically prescribed or recommended texts for this subject.

  • Subject notes

    LEARNING AND TEACHING METHODS

    The subject is delivered through a combination of lectures, tutorials, client and supervisory meetings. 

  • Related Handbook entries

    This subject contributes to the following:

    TypeName
    CourseMaster of Information Technology

Last updated: 4 March 2025