Unit Outline
ZAT121
Information Security
Semester 2, 2025
Mikaela Green
University College
University College
CRICOS Provider Code: 00586B
Unit Coordinator
Mikaela Green
Email: Mikaela.Seabourne@utas.edu.au
What is the Unit About?
Unit Description
 
This unit introduces you to the concept of information security and the legal and ethical considerations that organisations and individuals must address to implement sound information security. The unit focusses on industry best practice within the context of securing, storing, and sharing information and will explore the complex nature of information security, contextualising it within the threats that exist within our local and global environments. This unit offers students the foundational knowledge required to function as an information security practitioner across a range of industries and levels, including government and the public sector. This unit also introduces learning through practice by exposing you to authentic learning experiences. These experiences are placed at the centre of learning and assessment, so you have the opportunity to develop the skills, knowledge and behaviours necessary to respond to industry, community and/or global needs. You will be introduced to: 1. a range of methods, tools, techniques, and approaches to practice 2. principles and perspectives such as values, ethics, empathy, and leadership in real world scenarios 3. reflection and deliberative thinking as a means of developing knowledge, skills, attitudes, and aspirations 4. ways of understanding problems and developing solutions through active inquiry.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1
Identify and describe the legal and ethical components of information security
2
Describe the roles of people, technology, and policy within cyber security
3
Apply policies, standards, and procedures for information security
Requisites
REQUISITE TYPE
REQUISITES
Anti-requisite (mutual excl)
ZAT217
Alterations as a result of student feedback
To be determined
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
Online
Tutorial (Online)
2-hour weekly tutorials
2
Weekly
Workshop (Online)
One 5-hour workshop
5
Study Period 1 time
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online or includes online activities, it is expected you will engage in all those activities as indicated in the Unit Outline or MyLO, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
AT1 Ethical and Legal Review
Week 5
30 %
LO1, LO2, LO3
Assessment Task 2:
AT2 Social Engineering Persona
Week 8
30 %
LO1, LO2, LO3
Assessment Task 3:
AT3 Request for Tender
Week 13
40 %
LO1, LO2, LO3
 
Assessment details
Assessment Task 1: AT1 Ethical and Legal Review
Task Description:
You will be provided with a case study in which an organisation or individual has been deemed responsible for the release of personal information.
You will be required to apply knowledge of ethical responsibility and legal regulations to:
1. present a report on the incident that occurred and the legal and ethical ramifications
2. include judgements on the behaviours and decisions that lead to harm in the report.
You will be asked to look at the incident from multiple perspectives to provide insight to the decisions made. Part of this assessment task will require you to reflect on the key factors of the incident, and the future decisions that will prevent it.
Task Length:
1000 words, excluding figures and references
Due Date:
Week 5
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Apply ethical theories to evaluate behaviours and decisions
LO1
2
Apply Australian laws to evaluate behaviours and decisions
LO1
3
Communicate evidenced judgements on the role of behaviour and decisions in incidents
LO2
4
Evaluate incident response in alignment with information security best practice
LO3
 
Assessment Task 2: AT2 Social Engineering Persona
Task Description:
You will develop a social engineering persona based on a pre-determined target. The persona will take into consideration the behavioural, neurological, and emotional elements of social engineering and the specific requirements of the target.
You may choose to design the persona through non-traditional means, including the creation of social media accounts and other digital evidence of identity that support the process of social engineering and identity creation.
Task Length:
Social Media Profile with artefacts supported by a 500 word reflective report
Due Date:
Week 8
Weight:
30 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Apply behavioural and neurological knowledge to the design of a social engineering persona
LO2
2
Apply behavioural and neurological knowledge to the creation of social engineering tests
LO2
3
Create a social engineering persona with a rich background and personality to build trust
LO3
4
Reflect on the process of social media based persona building for information security
LO3
5
Reflect on the ethical and legal implications of social engineering testing
LO1
 
Assessment Task 3: AT3 Request for Tender
Task Description:
You will develop an information system request for tender (RFT), based on requirements created during the unit workshop. The request for tender will include the functional requirements of the information system, as well as details about vendor management, including:
• Security
• Privacy
• Roles and Responsibilities
• Maintenance and Management, and
• Project Milestones

The request for tender should include legitimate, contextual requirements related to the content of the unit, and should prioritise information security.
Task Length:
1,000 words, excluding figures and references
Due Date:
Week 13
Weight:
40 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Design a request for tender (RFT) that considers the legal and ethical requirements of information systems
LO1
2
Design a request for tender (RFT) that considers the legal and ethical requirements of the tendering process
LO1
3
Recommend requirements that consider the needs of the vendor, organisation, and users
LO2
4
Recommend requirements that consider the security and functional requirements of information systems
LO3
5
Create a professional and polished request for tender (RFT) that align with Australian Best Practice
LO3
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
Academic progress review
The results for this unit may be included in a review of your academic progress. For information about progress reviews and what they mean for all students, see Academic Progress Review in the Student Portal.
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
Academic integrity
Academic integrity is about acting responsibly, honestly, ethically, and collegially when using, producing, and communicating information with other students and staff members.

In written work, you must correctly reference the work of others to maintain academic integrity. To find out the referencing style for this unit, see the assessment information in the MyLO site, or contact your teaching staff. For more detail about Academic Integrity, see Important Guidelines & Support.
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.