Course coordinator
Dr Bikesh Raj Upreti
Course overview
- Study period
- Semester 1, 2025 (24/02/2025 - 21/06/2025)
- Study level
- Postgraduate Coursework
- Location
- St Lucia
- Attendance mode
- In Person
- Units
- 2
- Administrative campus
- St Lucia
- Coordinating unit
- Business School
This is an introductory, inter-disciplinary course providing an overview of the best practices and emerging developments in governance, ethics, legal and policy aspects of cyber security and data privacy.
This course is structured in two parts. The first part addresses cyber-security legal issues as they impact businesses and organisations. Although the focus will be on the law relevant to businesses, criminal law will be considered but through the lens of business. This part recognises that business and technology operate internationally, even though the law may be country or state based. Focus is not limited to Queensland or even Australian law. This part will consider issues such as determining which countries’ laws will apply and how to enforce laws in an international context. The legal component of the course will explore issues such as responsibility to protect and secure data, how liability is determined in complex IT supply chain, what are the legal risks if something goes wrong, and how to deal with legal issues in a cyber security incident.
The second part of this course focuses on cyber security from an organisational perspective and looks at how public and private organisations manage the security of the information they collect, store, elaborate and dispose of. In this second part, topics such as leadership in cyber security, cyber security policies and compliance, governance of cyber security and design of information security systems will provide students with an overview of the dynamics associated with managing cyber security in the workplace. Questions such as “what are the weak links in an organisation’s information security management systems?”, “how can individuals interact with technologies and create opportunities for cyber-breaches?”, or “how can companies design cyber security systems that are secure as well as user-friendly?” are example of the issues that will be analysed in the second part.
The course is intended to be practical, looking at issues that arise in real life, rather than focusing on topics that are academically interesting but of little practical relevance. The course spotlights business problems, and in doing so, looks at several relevant legal and managerial subjects. The course aims to tie these topics together. Various problems will be workshopped throughout the course. No prior managerial or legal study or knowledge is assumed.
CYBR7003 is an interactive course taught in seminar mode. At times, we will use the Socratic method of lecturing, so you may be called upon to contribute during the seminars. You will be expected to have read each key reading. You are encouraged to turn your phones off during class, and to limit use of your laptops when we are engaging in discussion.
Course requirements
Restrictions
CYBR7003 is for students enrolled in BCompSc/MCyberSec, GCCyberSec, GDipCyberSec, MCyberSec, MBus or MCom programs only.
Course contact
Lecturer
Dr Bikesh Raj Upreti
Course staff
Lecturer
Professor John Swinson
Timetable
The timetable for this course is available on the UQ Public Timetable.
Additional timetable information
Please note: Teaching staff do not have access to the timetabling system to help with class allocation. Therefore, should you need help with your timetable and/or allocation of classes, please ensure you email business.mytimetable@uq.edu.au from your UQ student email account with the following details:
- Full name
- Student ID
- Course Code
Aims and outcomes
The aims of the course are to provide students with understanding of the governance, policy, legal and ethical issues relating to cyber security in both an international and domestic context.
Course aims include:ᅠ
- To assist students in understanding the legal framework as it applies to businesses as relevant to cyber security.
- To give students an awareness of the legal complexities that arise when responding to a cyber security breach.
- To provide students with practical issue-spotting and problem-solving skills relevant to cyber security.
- To tie together a number of policy, legal and ethical topics in a coherent way to deal with and solve real world problems.
- To immerse students in an organisational context, for them to experience first-hand the dynamics that characterise cyber security in the workplace.
- To help students understand current governance structures and arrangements in public and private organisations, also in the light of recommendations by international best practice standards.
- To provide students with the managerial tools required to be champions of safe cyber security practices.
- To increase students' awareness on the importance of human factors in cyber security management.
ᅠ
Learning outcomes
After successfully completing this course you should be able to:
LO1.
Articulate, in an organisational context, the key elements of governance and policy-making on matters of cyber security.
LO2.
Design and execute strategies aimed at promoting compliance to cyber security policies and a sound cyber security culture in organisations.
LO3.
Mobilise the appropriate resources (information, skills, etc.) to ensure effective cyber risk management in an organisational context.
LO4.
Work within a team to anticipate the cyber security needs arising in various types of organisations.
LO5.
Examine, research and analyse emerging legal issues in relation to cybersecurity.
LO6.
Be an engaged participant in discussions concerning the state of the law relevant to cyber security, such as where there are gaps in the law due to rapid advancements in technology.
LO7.
Identify potential legal and commercial issues arising in an international commercial context relating to cyber security and provide potential solutions.
LO8.
Demonstrate a critical understanding of the legal complexities that arise in relation to responding to a cyber security breach.
Assessment
Assessment summary
| Category | Assessment task | Weight | Due date |
|---|---|---|---|
| Essay/ Critique | Legal perspectives in cyber security | 30% |
8/04/2025 2:00 pm |
| Paper/ Report/ Annotation | Organisational cyber security report | 30% |
20/05/2025 2:00 pm |
| Essay/ Critique, Presentation |
Application of cybersec org & legal principles
|
40% |
9/06/2025 2:00 pm |
Assessment details
Legal perspectives in cyber security
- Mode
- Written
- Category
- Essay/ Critique
- Weight
- 30%
- Due date
8/04/2025 2:00 pm
- Learning outcomes
- L05, L06, L07, L08
Task description
Students will be required to prepare an essay individually in relation to a legal issue that arises in a business context in relation to cybersecurity.
The paper should identify the issue, set out the law in relation to the issue, identify any gaps or problems with the current law, and if appropriate propose possible changes to the current law.
Three example essay topics will be published during the semester. Students can select one of these three topics. Alternatively, students can propose a topic, which must be approved by teaching staff.
The word limit for the essay is a maximum of 2,200 words.
By way of clarification, this word count:
- includes headings and subheadings;
- does not include text in the header;
- does not include footnotes or Appendices - however footnotes should be used for citation purposes only. Substantive text should not be included in footnotes.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
AI Statement:
The use of AI is permitted for this assessment; however, it must comply with the guidelines and constraints outlined on Blackboard at the start of the course. These requirements include providing a record of the prompts used to query AI, the AI-generated responses, and evidence of critical analysis of the AI-generated text before incorporating it into the assessment. Typically, this information should be included in the assessment appendix. Additionally, any use of AI must be appropriately referenced within the submission. These measures are in place to ensure that students demonstrate a thorough understanding of their written work, independent of AI assistance, as this is a key requirement for passing the assessment.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Submission will be via Turnitin, within the CYBR7003 Blackboard site
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Organisational cyber security report
- Mode
- Written
- Category
- Paper/ Report/ Annotation
- Weight
- 30%
- Due date
20/05/2025 2:00 pm
- Learning outcomes
- L01, L02
Task description
This individual assessment item covers Organisational Perspectives in Cyber Security (governance, policies, procedures, compliance, risk management, culture - including awareness, training and education - and ethics (Weeks 7 - 12 content).
For this assessment, you will take on the role of an information security consultant and assess an organisational cyber security scenario.
You will provide recommendations for areas to improve and on how to capture further meaningful information for your analysis.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
AI Statement:
The use of AI is permitted for this assessment; however, it must comply with the guidelines and constraints outlined on Blackboard at the start of the course. These requirements include providing a record of the prompts used to query AI, the AI-generated responses, and evidence of critical analysis of the AI-generated text before incorporating it into the assessment. Typically, this information should be included in the assessment appendix. Additionally, any use of AI must be appropriately referenced within the submission. These measures are in place to ensure that students demonstrate a thorough understanding of their written work, independent of AI assistance, as this is a key requirement for passing the assessment.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Submission will be via Turnitin, within the CYBR7003 Blackboard site
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Application of cybersec org & legal principles
- Team or group-based
- Mode
- Product/ Artefact/ Multimedia
- Category
- Essay/ Critique, Presentation
- Weight
- 40%
- Due date
9/06/2025 2:00 pm
- Other conditions
- Peer assessed.
- Learning outcomes
- L01, L02, L03, L04, L05, L06, L07, L08
Task description
In this task you will work in small groups to develop and submit a video presentation (15-20 minutes) supported with slides and/or other appropriate audio-visual aids on a cyber security topic, relating that topic to the learning objectives of the whole course.
The precise scenarios and topics will be guided by teaching staff, and you will be given a clear assignment specification outlining the required components.
As a group assignment, this piece of assessment will incorporate a peer assessment component. The results of this peer assessment may impact your final marks.
This task has been designed to be challenging, authentic and complex. Whilst students may use AI technologies, successful completion of assessment in this course will require students to critically engage in specific contexts and tasks for which artificial intelligence will provide only limited support and guidance.
AI Statement:
The use of AI is permitted for this assessment; however, it must comply with the guidelines and constraints outlined on Blackboard at the start of the course. These requirements include providing a record of the prompts used to query AI, the AI-generated responses, and evidence of critical analysis of the AI-generated text before incorporating it into the assessment. Typically, this information should be included in the assessment appendix. Additionally, any use of AI must be appropriately referenced within the submission. These measures are in place to ensure that students demonstrate a thorough understanding of their written work, independent of AI assistance, as this is a key requirement for passing the assessment.
A failure to use AI according to the guidelines above (and detailed on Blackboard at the beginning of the course) may constitute student misconduct under the Student Code of Conduct.
Submission guidelines
Video-presentation to be uploaded on Blackboard.
Deferral or extension
You may be able to apply for an extension.
Late submission
A penalty of 10% of the maximum possible mark will be deducted per 24 hours from time submission is due for up to 7 days. After 7 days, you will receive a mark of 0.
Course grading
Full criteria for each grade is available in the Assessment Procedure.
| Grade | Cut off Percent | Description |
|---|---|---|
| 1 (Low Fail) | 0 - 29 |
Absence of evidence of achievement of course learning outcomes. |
| 2 (Fail) | 30 - 46 |
Minimal evidence of achievement of course learning outcomes. |
| 3 (Marginal Fail) | 47 - 49 |
Demonstrated evidence of developing achievement of course learning outcomes |
| 4 (Pass) | 50 - 64 |
Demonstrated evidence of functional achievement of course learning outcomes. |
| 5 (Credit) | 65 - 74 |
Demonstrated evidence of proficient achievement of course learning outcomes. |
| 6 (Distinction) | 75 - 84 |
Demonstrated evidence of advanced achievement of course learning outcomes. |
| 7 (High Distinction) | 85 - 100 |
Demonstrated evidence of exceptional achievement of course learning outcomes. |
Additional course grading information
Grades will be allocated according to University-wide standards of criterion-based assessment.
Supplementary assessment
Supplementary assessment is available for this course.
Learning resources
You'll need the following resources to successfully complete the course. We've indicated below if you need a personal copy of the reading materials or your own item.
Library resources
Find the required and recommended resources for this course on the UQ Library website.
Learning activities
The learning activities for this course are outlined below. Learn more about the learning outcomes that apply to this course.
Filter activity type by
Please select
| Learning period | Activity type | Topic |
|---|---|---|
Week 1 |
Seminar |
Introduction to CYBR7003: The Legal Framework
Learning outcomes: L05, L06 |
Week 2 |
Seminar |
Privacy, Security and Confidentiality
Learning outcomes: L05, L07, L08 |
Week 3 |
Seminar |
Platforms and Cloud
Learning outcomes: L05, L06, L07, L08 |
Week 4 |
Seminar |
The International Context
Learning outcomes: L05, L06, L07, L08 |
Week 5 |
Seminar |
Responding to Cybersec Incidents & Wrap-up
Learning outcomes: L05, L06, L07, L08 |
Week 6 |
Seminar |
Between Management and Law: Ethics in Cyber-Secruity
Learning outcomes: L01, L06, L07 |
Week 7 |
Seminar |
Industry Panel Meet several cyber-professionals and talk about all things cyber with them! Learning outcomes: L02, L04 |
Week 8 |
Seminar |
Organisational Cyber-Security: An Intro
Learning outcomes: L01, L02, L03 |
Mid-sem break |
Seminar |
In-Semester Break |
Week 9 |
Seminar |
Governance in Cyber-Security: Standards and Frameworks
Learning outcomes: L01, L03 |
Week 10 |
Seminar |
Org Cybersec Policies and Procedures
Learning outcomes: L01, L02, L04 |
Week 11 |
Seminar |
Cyber-Security Risk Management + Intro: Culture & Training
Learning outcomes: L02, L03, L04 |
Week 12 |
Seminar |
Cyber-Security Awareness, Training and Education
Learning outcomes: L02, L03, L04 |
Week 13 |
Seminar |
Wrap-up and Assessment Lab This session will wrap-up the course contents, answer questions students may have on their assessment, and give them time to work on assessment 3, if required Learning outcomes: L01 |
Policies and procedures
University policies and procedures apply to all aspects of student life. As a UQ student, you must comply with University-wide and program-specific requirements, including the:
- Student Code of Conduct Policy
- Student Integrity and Misconduct Policy and Procedure
- Assessment Procedure
- Examinations Procedure
- Reasonable Adjustments - Students Policy and Procedure
Learn more about UQ policies on my.UQ and the Policy and Procedure Library.