Unit Outline
ZAT119
Data Analytics for Cyber Security
Semester 1, 2026
Huiting Tan
University College
University College
CRICOS Provider Code: 00586B
Unit Coordinator
Huiting Tan
Email: huiting.tan@utas.edu.au
 
What is the Unit About?
Unit Description
This unit introduces the essential role of data analytics in modern cyber security. You’ll develop a practical analytical toolkit by exploring how data is used to identify and investigate cyber threats. Beginning with foundational data analysis using Excel, you'll create and annotate a dynamic dashboard from a cyber dataset. Building on this, you’ll transition to using industry-standard tools such as Wireshark to conduct a hands-on analysis of a simulated network breach. Finally, you’ll investigate a simulated security incident using Splunk, and communicate your findings and recommendations. Through these practical, scenario-based exercises, you'll gain foundational analytical skills for security operations.
Intended Learning Outcomes
As per the Assessment and Results Policy 1.3, your results will reflect your achievement against specified learning outcomes.
On completion of this unit, you will be able to:
1
Describe the role and value of data in cyber security operations.
2
Apply data analytics techniques to identify and investigate cyber threats.
3
Use industry tools to conduct basic threat and incident analysis.
4
Communicate findings and recommendations based on cyber data analysis.
Requisites
REQUISITE TYPE
REQUISITES
Anti-requisite (mutual excl)
ZAT201
ZAT213
Alterations as a result of student feedback
To be determined.
 
 
Teaching arrangements
ATTENDANCE MODE
TEACHING TYPE
LEARNING ACTIVITY
CONTACT HOURS
FREQUENCY
Online
Tutorial (Online)
Weekly tutorials
2
StudyPeriod 12 times
Attendance / engagement expectations
If your unit is offered On campus, it is expected that you will attend all on-campus and onsite learning activities. This is to support your own learning and the development of a learning community within the unit. If you are unable to attend regularly, please discuss the situation with your course coordinator and/or our UConnect support team.

If your unit is offered Online or includes online activities, it is expected you will engage in all those activities as indicated in the Unit Outline or MyLO, including any self-directed learning.

If you miss a learning activity for a legitimate reason (e.g., illness, carer responsibilities) teaching staff will attempt to provide alternative activities (e.g., make up readings) where it is possible.
 
 
 
 
How will I be Assessed?
 
For more detailed assessment information please see MyLO.
Assessment schedule
ASSESSMENT TASK #
ASSESSMENT TASK NAME
DATE DUE
WEIGHT
LINKS TO INTENDED LEARNING OUTCOMES
Assessment Task 1:
Cyber Data Interpretation Task
Week 4
20 %
LO1, LO2, LO4
Assessment Task 2:
Network Analysis Scenario
Week 8
40 %
LO2, LO3, LO4
Assessment Task 3:
SOC Security Breach Report
Week 13
40 %
LO1, LO3
 
Assessment details
Assessment Task 1: Cyber Data Interpretation Task
Task Description:
You will clean and visualise a small cyber dataset using Excel. You will annotate your dashboard to explain what the data shows and reflect on the limitations of using Excel for cyber analytics.
Task Length:
Excel worksheets + 500-word (maximum) reflection
Due Date:
Week 4
Weight:
20 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Create a dashboard that visualises the cyber dataset.
LO2
2
Provide annotations that explain the insights derived from the data.
LO4
3
Evaluate the limitations of using Excel for cybersecurity data analysis.
LO1
4
Explain how the data visualised contributes to a wider understanding of a security incident or a threat.
LO1
 
Assessment Task 2: Network Analysis Scenario
Task Description:
You will use Wireshark to conduct network traffic analysis and write a report outlining the attack timeline, affected systems, and indicators of compromise.
Task Length:
1,200-1,500 word report
Due Date:
Week 8
Weight:
40 %
 
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Use Wireshark to perform a network analysis.
LO3
2
Apply analytical techniques to identify threats.
LO2
3
Write a report that communicated the attack timeline and findings.
LO4
 
Assessment Task 3: SOC Security Breach Report
Task Description:
You will use Splunk to investigate a simulated breach. You will create a short report for a non-technical audience (e.g., CEO) with two actionable recommendations.
Task Length:
800 words (maximum) + screenshots
Due Date:
Week 13
Weight:
40 %
 
CRITERION #
CRITERION
MEASURES INTENDED
LEARNING OUTCOME(S)
1
Conduct a log analysis using Splunk.
LO3
2
Investigate and interpret the breach vector.
LO3
3
Describe the breach vector and provide recommendations based on the data analysis.
LO1
 
 
 
How your final result is determined
To pass this unit, you need to demonstrate your attainment of each of the Intended Learning Outcomes, achieve a final unit grade of 50% or greater, and pass any hurdle tasks.
Academic progress review
The results for this unit may be included in a review of your academic progress. For information about progress reviews and what they mean for all students, see Academic Progress Review in the Student Portal.
Submission of assignments
Where practicable, assignments should be submitted to an assignment submission folder in MYLO. You must submit assignments by the due date or receive a penalty (unless an extension of time has been approved by the Unit Coordinator). Students submitting any assignment in hard copy, or because of a practicum finalisation, must attach a student cover sheet and signed declaration for the submission to be accepted for marking.
Academic integrity
Academic integrity is about acting responsibly, honestly, ethically, and collegially when using, producing, and communicating information with other students and staff members.

In written work, you must correctly reference the work of others to maintain academic integrity. To find out the referencing style for this unit, see the assessment information in the MyLO site, or contact your teaching staff. For more detail about Academic Integrity, see Important Guidelines & Support.
Requests for extensions
If you are unable to submit an assessment task by the due date, you should apply for an extension.
 
A request for an extension should first be discussed with your Unit Coordinator or teaching support team where possible. A request for an extension must be submitted by the assessment due date, except where you can provide evidence it was not possible to do so. Typically, an application for an extension will be supported by documentary evidence: however, where it is not possible for you to provide evidence please contact your Unit Coordinator.
 
The Unit Coordinator must notify you of the outcome of an extension request within 3 working days of receiving the request.
Late penalties
Assignments submitted after the deadline will receive a late penalty of 5% of the original available mark for each calendar day (or part day) that the assignment is late. Late submissions will not be accepted more than 10 calendar days after the due date, or after assignments have been returned to other students on a scheduled date, whichever occurs first. Further information on Late Penalties can be found on the Assessments and Results Procedure.
 
Review of results and appeals
You are entitled to ask for a review of the marking and grading of your assessment task if there is an irregularity in the marking standards or an error in the process for determining the outcome of an assessment. Details on how to request a review of a mark for an assignment are outlined in the Review and Appeal of Academic Decisions Procedure.
 
 
 
Required Resources
Required reading materials
 
 
Recommended reading materials
 
 
Other required resources
Splunk
Wireshark
Excel