Unit Outline
KIT118
Introduction to Cybersecurity Policies and Practices
Semester 1, 2026
Mira Park
School of Information and Communication Technology
Sciences and Engineering (Portfolio)
CRICOS Provider Code: 00586B
Unit Coordinator
Mira Park
Email: Mira.Park@utas.edu.au
What is the Unit About?
Unit Description
 
This unit explores cybersecurity as it is managed in the business context. It covers the processes of threat and risk analysis, security policy development, incident prevention and response, issues around privacy, professional codes of conduct, and looks at legislative efforts around the world intended to address privacy and cybersecurity issues. It also looks at the ethical issues that cybersecurity raises, and the ways that this affects how cybersecurity practitioners can operate. Completing this unit will provide you with the opportunity to obtain the Fortinet Cybersecurity Awareness and Technical (NSE 1–3) professional industry certification. 
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1
Analyse industry approaches to cybersecurity practices as they relate to privacy and the law
2
Explain relevant cybersecurity policies and processes designed to protect an organisation
3
Draft a security policy for a company that meets their threat and risk profile
4
Discuss the ethical issues that cybersecurity practitioners face in different security scenarios
Alterations as a result of student feedback
The assessment structure has been revised in response to student feedback.
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
On Campus
Tutorial
A structured real-time (i.e. synchronous) activity in a small-group setting where the primary purpose is the clarification, exploration or reinforcement of subject content presented or accessed at another time or place (e.g. lecture, preparatory work). It is reliant on student-teacher and student-student interaction and dialogue for achievement of its learning outcomes. The students enrolled in the tutorial are expected to attend.
2
Weekly
Online
Lecture (Online)
A real-time (i.e. asynchronous) interactive activity involving the whole class whose primary purpose is the presentation and structuring of information/ideas/skills to facilitate student learning. All students are expected to attend.
2
Weekly
Independent Learning
Involving reading, listening to audio, watching video, and/or completing exercises and/or quizzes, self-study is individual work undertaken when the student chooses (i.e. asynchronous), most likely through engagement with MyLO. The content is examinable, and may need to be completed prior to attending classes and/or attempting assessment tasks.
1
Weekly
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online or includes online activities, it is expected you will engage in all those activities as indicated in the Unit Outline or MyLO, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
Individual research
Week 4
15 %
LO2, LO3
Assessment Task 2:
Cybersecurity Concepts Flash Card Portfolio with Peer Assessment
Refer to Assessment Description
15 %
LO1, LO2, LO4
Assessment Task 3:
Tutorial Demonstrations and Quizzes
Refer to Assessment Description
30 %
LO1, LO2, LO3, LO4
Assessment Task 4:
Group Project
Refer to Assessment Description
40 %
LO1, LO2, LO3, LO4
 
Assessment details
Assessment Task 1: Individual research
Task Description:
This assessment task is a scholarly endeavour that necessitates an in-depth exploration of contemporary cybersecurity topics. The scope of potential topics is extensive, allowing students to select a subject that aligns with their academic interests. Students are expected to thoroughly analyse their chosen topic, integrating their unique viewpoints and insights into their work. The objective of this task extends beyond mere comprehension of the subject matter. It is designed to stimulate expansive thinking, encourage boundary-pushing ideas, and foster the development of creative skills.
In addition to written analysis, students are encouraged to use various advanced tools, such as AI-supported presentation schemes, to enhance the originality and depth of their work and to demonstrate creativity in how ideas are presented.
Task Length:
2000 words
Due Date:
Week 4
Weight:
15 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Analyse and explain business needs with respect to security
LO2, LO3
2
Examine risks and threats to the business
LO2, LO3
 
Assessment Task 2: Cybersecurity Concepts Flash Card Portfolio with Peer Assessment
Task Description:
This is an individual assessment task with a peer assessment component, where you will create a portfolio of digital flash cards covering key concepts from across the unit. The portfolio will be built through five separate submission (Friday 11:59pm on week 3, 5, 7, 9, and 11) and review cycles over the semester. The purpose of this task is to demonstrate your evolving understanding of foundational topics and your ability to "analyse and evaluate information" and "transmit knowledge, skills and ideas to others" in a clear and concise format.
For each of the five cycles, you will undertake two activities:
1. Creation: Create a set of 5 new digital flash cards. Each flash card must address a single, distinct concept relevant to the topics covered in the preceding weeks.
2. Peer Assessment: Review the flash card submissions of two anonymous peers and provide constructive feedback based on the marking criteria.
Task Length:
5 flash cards for each submission
Due Date:
Refer to Assessment Description
Weight:
15 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Analyse a cybersecurity concept to uncover potential vulnerabilities, threats, or challenges associated with its implementation or operation
LO1, LO2, LO4
2
Create a set of cybersecurity educational flashcards
LO1, LO2, LO4
3
Review a set of flashcards to improve the representation of cybersecurity keypoints
LO1, LO2, LO4
 
Assessment Task 3: Tutorial Demonstrations and Quizzes
Task Description:
In each tutorial from Week 2 to Week 12, students will work in groups to analyse and develop policies and practices related to security. These activities are designed to review the weekly lecture content. The assessment for this task has two components: a group-based tutorial task completion component and an individual quiz component.
During tutorials, students will:
* Complete tutorial tasks in groups (Week 2 to Week 11): As a group, you will be assessed on the completion and quality of the in-tutorial tasks. Each week's group task is worth 1% of the final grade. The tasks are designed to review lecture materials and apply them to practical scenarios.
* Complete short individual quizzes (Week 3 to Week 12): Individually, you will complete a short quiz at the end of each tutorial to test your personal understanding of the concepts discussed. Each weekly quiz is worth 2% of the final grade. The quizzes are to test comprehension and reinforce lecture learning.
Task Length:
10 tutorials and 10 quizzes
Due Date:
Refer to Assessment Description
Weight:
30 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Explain business needs with respect to security
LO2
2
Write security policies relevant to business needs
LO3
3
Research and explain ethical, privacy and legal issues involved in cybersecurity research
LO1, LO4
 
Assessment Task 4: Group Project
Task Description:
This is a collaborative group project where you will apply theoretical knowledge and practical skills to develop comprehensive cybersecurity policies for a small to medium-sized enterprise (SME). The project is structured into four components submitted across the semester. Your group will create a realistic SME case study, conduct a detailed risk assessment, design an incident response plan, and finally, draft a formal cybersecurity policy. Your group will be required to analyse and evaluate information to complete project activities, analyse and transmit solutions to unpredictable and sometimes complex problems, and demonstrate autonomy and well-developed judgement in your self-directed group work. A group mark will be assigned, but individual grades will be adjusted based on each member's contribution, as measured through peer assessment.

Project Components and Weighting:
1. Case Study Creation (5%) - due in week 8
* Develop a realistic SME scenario, detailing the organisation’s business operations, IT infrastructure, and potential vulnerabilities.
* This component forms the foundation for the rest of the project.
2. Risk Assessment and Threat Analysis (10%) - due in week 8
* Identify and analyse potential cybersecurity threats and risks specific to the SME.
* Classify risks based on likelihood and impact using appropriate frameworks.
3. Incident Response Plan (10%) - due in week 10
* Design a structured plan to respond to cybersecurity incidents, including detection, containment, mitigation, communication, and post-incident review.
* Address roles and responsibilities, escalation procedures, and coordination with external stakeholders (e.g., regulators, law enforcement).
* Incorporate lessons learned from real-world breaches or industry best practices.
4. Developing a Comprehensive Security Policy (15%) - due in week 12
* Draft a security policy for the SME that aligns with the case study and threat assessment.
* Ensure the policy addresses confidentiality, integrity, and availability of information, and includes guidelines for employees, IT systems, and third-party interactions.
Task Length:
10,000 words
Due Date:
Refer to Assessment Description
Weight:
40 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Analyse business needs with respect to security
LO2
2
Draft a coherent cybersecurity policy according to business requirements
LO3
3
Identify and justify cybersecurity controls to mitigate key risks
LO2
4
Explain and integrate the fundamental ethical, privacy, and legal considerations into the policy documentation
LO1, LO4
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
Academic progress review
The results for this unit may be included in a review of your academic progress. For information about progress reviews and what they mean for all students, see Academic Progress Review in the Student Portal.
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
Academic integrity
Academic integrity is about acting responsibly, honestly, ethically, and collegially when using, producing, and communicating information with other students and staff members.

In written work, you must correctly reference the work of others to maintain academic integrity. To find out the referencing style for this unit, see the assessment information in the MyLO site, or contact your teaching staff. For more detail about Academic Integrity, see Important Guidelines & Support.
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.