Unit Outline
ZAT221
Risk and Security Management
Semester 1, 2024
Mikaela Green
University College
College of Business and Economics
CRICOS Provider Code: 00586B
Unit Coordinator
Mikaela Green
Email: Mikaela.Seabourne@utas.edu.au
What is the Unit About?
Unit Description
 
This unit introduces the foundations of risk analysis, risk management, and contingency planning at an organisational level. The unit explores the foundations of risk across many industries and disciplines, examining the risk analysis process, contingency planning, business continuity and disaster recovery. By exploring the implications of current incidents in areas such as security, manufacturing, transportation, construction, and primary and secondary industries, students will gain insight into strategic and tactical decision making to avoid harm. You will be introduced to: - discipline-based skills and knowledge in dynamic practice situations. This will include authentic and purposeful, industry-related experiences - concepts of managing effective relationships and communicating with others - the development and use of adaptive leadership skills and how these skills relate to innovative and entrepreneurial practice - the nature of responsible, accountable and reflective workplace skills, and creative and critical thinking relevant to para-professional practice. You will exercise self-awareness, initiative and judgement to manage yourself and professional relationships effectively. The application of tacit knowledge and capabilities will be reflected in a Practice Manual.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1.
Apply the risk analysis process to identify resources, vulnerabilities, threats and risks.
2.
Evaluate vulnerabilities, threats and risks within an organisational context.
3.
Design controls for risks that consider organisations, personnel and physical resources
Requisites
REQUISITE TYPE
REQUISITES
Anti-requisite (mutual excl)
ZAT107
ZAT115
Alterations as a result of student feedback
Based on student feedback, the criteria for assessments have been revised for clarity and to better align with the intended learning outcomes for the unit.
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
Online
Tutorial (Online)
Weekly online learning material supported by 2-hour weekly tutorials
2
Weekly
Workshop (Online)
Weekly online learning material supported by one five-hour workshop.
5
Once only
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online, it is expected you will engage in all those activities as indicated in the Unit Outline, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
AT1:Internal Resource Audit
Week 5
30 %
LO1, LO2
Assessment Task 2:
AT2: Risk Assessment
Week 9
40 %
LO1, LO2, LO3
Assessment Task 3:
AT3: Incident Report
Week 14
30 %
LO1, LO2, LO3
 
Assessment details
    
Assessment Task 1: AT1:Internal Resource Audit
Task Description:
In this assessment item you will be provided a case study, where you will need to identify the internal resources of the organisation involved. These resources may be tangible or intangible, quantifiable, and non-quantifiable.
For each resource you identify, you will need to provide information about the resource, including:
• What the resource is
• What functions the resource carries out
• How the resource is used within the organisation
• How the resource assists the organisation with meeting its strategic and operational goals
• How/Where the resource is stored when not in use
• What vulnerabilities the resource has
• Whether these vulnerabilities are intrinsic or extrinsic

Task Length:
Maximum 1000 words
Due Date:
Week 5
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Identify and describe assets within the case study
LO1
2
Categorise assets based on the function, use, and availability described in the case study
LO1
3
Analyse the importance of resources to organisational goals
LO2
4
Evaluate resource vulnerabilities within the context of the organisation
LO2
 
Assessment Task 2: AT2: Risk Assessment
Task Description:
Using a case study organisation you will create a risk log in which you identify and outline the significant risks within the organisation. The risk log should include:
• The assets/resources at the heart of the risk
• The vulnerability that exists within the asset/resource
• The threats and hazards that may exploit the vulnerability
• The risk of the threats actuating, based in impact and likelihood
• The controls that should be applied to lower the risk
You will be provided with a template to populate with a minimum of 25 risks that you identify, each of which should be assigned a risk level. For risks of a moderate or higher level, controls must be instigated – for those of a lower level, justification can be provided for not implementing a control.

Task Length:
Maximum 800 words
Due Date:
Week 9
Weight:
40 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Identify assets and vulnerabilities that are contextually relevant to the case study
LO1
2
Present threats that are realistic, self contained, and SMART
LO1
3
Present risks that are specific, detailed, and aligned with the threats and assets presented
LO2
4
Evaluate risk level considering the context of the organisation
LO2
5
Design controls that provide protection while being realistic and enforceable
LO3
 
Assessment Task 3: AT3: Incident Report
Task Description:
In this assessment you will be working from the perspective of a risk and continuity analyst. You will be required to identify an incident within the area of your studies (for example, cyber security, equipment manufacture, sensing and automation, agribusiness, etc.) and carry out research on the incident to create an incident report. You will need to apply the risk assessment process to identify the risk that eventuated, the threat that caused it, and the vulnerabilities that enabled it. You will take into consideration:
• The controls implemented and how / where they failed
• The response taken and any issues within this process
• The continuity of the organisation, and how it was impacted by the incident
• The cultural, physical, and structural elements within the organisation that contributed to the incident and how these can be controlled in the future.
You must choose an incident that took place within the last ten (10 years). The incident should be public knowledge, and you will need to ensure that there is enough information available to answer these questions.

Task Length:
Maximum 1500 words
Due Date:
Week 14
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Analyse the incident in relation to the vulnerabilities, threats, and risks involved
LO1
2
Evaluate the motivators behind behaviours that contributed to the incident
LO2
3
Evaluate the organisational response, including business continuity and user protection
LO2
4
Evaluate the controls described within the case study and how they contributed to the incident
LO3
5
Design controls that provide protection while being realistic and enforceable
LO3
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
 
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
 
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.