The Master of Cyber Security has a strong technical focus in cyber security and you’ll cover contemporary topics in cyber security such as digital forensics, dark web and cyberwarfare and terrorism. You’ll be taught by leading industry experts who will equip you with the capabilities to address the issues and needs of the rapidly growing cyber security sector.
Enter through the Graduate Certificate pathway in 2023 and save on the total cost of your Masters degree with a Commonwealth Supported Place (CSP) as part of the federal government’s Job-Ready Graduates Package.
Duration 2 years part-time |
Intakes Six sessions a year |
Study mode Online |
Units of Study 12 subjects |
Ready to get started?
100% Cyber Security: CSU is (easily) Australia’s largest provider of Postgraduate IT qualifications and Cyber Security is (easily) the largest research focus area of our outstanding School of Computing and Mathematics. End result is that we are the only university able to offer a Masters that is 100% Cyber Security with dedicated subjects in every major facet of security.
50-50 blend of Academia and Industry: Half of the subjects are delivered by CSU’s outstanding team of Cyber Security Lecturers and the other half by industry based, cyber security experts.
Professional recognition: The Australian Computer Society (ACS) accredits courses in Information Technology to verify that they meet professional standards in terms of content, staff skills, teaching facility and quality assurance. The Master of Cyber Security is accredited at the Specialist Level (Cyber Security) and is only one of three courses in Australia to achieve this status.
Integration of Industry certifications: Preparation for the world’s most in demand Cyber Security industry certifications (including CISSP, CEH, Security+ are included as an integral part of the Masters. The subjects will prepare you to sit the certifications and you can apply for credit if you have already obtained the certifications.
What is this course about?
The aim of the Master of Cyber Security is to provide computing professionals with the theoretical knowledge and technical and communication skills necessary to embark on a career as a computer security professional with either the corporate or government sector. The course also provides a pathway to doctorate level study in the field of computer and network security.
Upon completion of this course, graduates will be able to :
- Demonstrate and apply advanced knowledge of current trends within areas such as digital forensics, the dark web, cyberwarfare and terrorism, and incident response;
- Investigate and critically reflect on emerging cyber security developments, particularly those that relate to cyberwarfare, the dark web, and cybercrime prevention and detection;
- Effectively communicate cyber security concepts and solutions to people across an organisation, from end-users to upper management;
- Employ research skills relevant to the practice of cyber security within a professional context;
- Demonstrate application of knowledge and skills through a capstone experience.
Abstract
In this subject, students will analyse and apply content from the eight domains that comprise a Common Body of Knowledge (CBK) for information systems security professionals. This subject will also help students prepare for the Certified Information Systems Security Professional (CISSP) industry certification exam from the International Information Systems Security Certification Consortium (ISC2).
ITE514 Professional Systems Security will cover the following topics:
- Access Control
- Application Development Security
- Business Continuity and Disaster Recovery planning
- Information Security Risk and Governance
- Cryptography
- Legal, Regulations, Investigations and Compliance
- Operations Security
- Physical (Environmental) Security
- Security Architecture and Design
- Telecommunications Security
Assumed Knowledge
ITI581 Cyber Security Fundamentals or equivalent
Subject Availability
Session 2 (Jul)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
In this subject, students will learn how to scan, test, hack and secure computing systems. The lab intensive environment gives each student in-depth knowledge and practical experience with the current essential security systems. Students will begin by understanding how perimeter defences work before learning to scan and attack networks. Students will be prepared for the EC-Council Certified Ethical Hacker (CEH) industry certification exam during this subject.
ITE516 Hacking Countermeasures will cover the following topics:
- Footprinting, scanning and enumeration
- System hacking and penetration testing
- Trojans, back doors, viruses and worms
- Network traffic sniffing
- Denial of service
- Social engineering
- Identifying and exploiting network vulnerabilities
- Cross-site scripting and SQL injection
- Physical security
- Evading IDS, firewalls and honeypots
- Buffer overflows
- Cryptography
Assumed Knowledge
ITI581 Cyber Security Fundamentals or ITC595 Information Security
Subject Availability
Session 1 (Feb), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject explores the increasing threats to personal, corporate and national security from the cyber warfare and terrorism perspectives. Students commence by studying the principal motivations behind cyber attacks, which may be political, ideological, vengeance oriented, or profit based. The increasing incidence of such attacks is explored, and examples given of key military and government computing systems being subverted through digital warfare or terrorism. Students also learn how it may be possible to defend and prevent such attacks through the use of policy, procedure and technical controls. The subject will conclude with an analysis of future trends in the nature of cyber warfare and terrorist activities.
ITE534 Cyberwarfare and Terrorism will cover the following topics:
- Cyber attacks and defences
- Cyber espionage
- Cyber sabotage
- Cyber politics and vandalism
- Nation state malware, for example, Stuxnet
- Cyber attack motivations including hacktivism, private sector, and military
- Cyber terrorism and cyber warfare
- Cyber monitoring, surveillance and intelligence
- SCADA systems and public infrastructure
- The future of warfare
Subject Availability
Session 1 (Feb)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides students with knowledge of cyber security principles along with industry-based vendor-neutral IT security knowledge and skills. In particular, the subject helps students prepare for the Security+ industry qualification which has been developed by the International Computer Technology Industry Association (CompTIA). Students will also be introduced to a broad range of cyber security related topics such as infrastructure security, communications network security, cryptography, access control, authentication, external threats, and operational and organisational security. At the completion of this subject, students will be able to apply these concepts to protect computing infrastructure from cyber security threats and attacks.
ITI581 Cyber Security Fundamentals will cover the following topics:
- Introduction to network and cyber security
- Network design elements and components
- Compliance and operational security
- Cyber security threats and vulnerabilities
- Types of cyber attacks
- Risk mitigation strategies
- Appropriate security controls
- Disaster recovery plans and procedures
- Application, data and host security
- Access control and identity management
- Cryptography introduction
- Intrusion detection systems
- Preparing for CompTIA Security+ certification
Subject Availability
Term 1 (Jan), Session 1 (Feb), Term 2 (May), Session 2 (Jul), Term 3 (Aug), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
*Capstone subject. This subject should be completed in the final session of study
Abstract
This subject requires research and project work, at an advanced level, on a topic related to emerging technologies and innovation. In the context of professional practice, students will draw upon prior learning in their Masters course to execute an independent capstone project in a selected topic related to their course and specialisation(s) within their course (where applicable).
ITC571 Emerging Technologies and Innovation will cover the following topics:
- Introduction and selecting a capstone topic area to review.
- Project design, planning, execution and reporting.
- Building industry connections.
- Research Skills: locating and evaluating information, credibility of sources and referencing.
- Extracting information from readings for critical analysis.
- Preparing and writing a literature review or capstone report.
- Presenting your project.
Subject Availability
Session 1 (Feb), Session 2 (Jul), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides a broad overview of emerging malicious and cybercriminal activities inside the dark web. The subject also analyses dark web content and investigates anonymising networks in the dark web using publicly available tools. Students will also learn dark web forensics and mitigating techniques to defend against cybercrime.
ITC578 Dark Web will cover the following topics:
- Introduction to the dark web
- The threat landscape in the dark web
- Cybercriminal and malicious activities in the dark web
- Evolution of the web
- Data analysis of web content
- Dark web forensics
- Open Source intelligence
- Mitigating techniques
Subject Availability
Session 2 (Jul)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides a broad overview of information security concepts, with an emphasis on combating security threats to operating systems, computer programs, databases and networked systems. Students will also study foundational security policies that stipulate requirements about integrity, confidentiality and availability. Techniques for implementing these policies are also investigated, including memory management techniques, access control mechanisms, user authentication, and networking tools.
ITC595 Information Security will cover the following topics:
- Overview of computer security
- Applied Cryptography
- Authentication and Access Control
- Types of Security Threats and Attacks
- Operating System Security
- Network Security
- Database Security
- Cloud Computing Security
- Privacy
- Emerging topics in Cyber and Information Security
Subject Availability
Session 1 (Feb), Session 2 (Jul), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides an in-depth study of the rapidly changing and fascinating field of computer forensics. It combines both the technical expertise and the knowledge required to investigate, detect and prevent digital crimes. The subject covers the knowledge on digital forensics legislations, digital crime, forensics processes and procedures, data acquisition and validation, e-discovery tools, e-evidence collection and preservation, investigating operating systems and file systems, network forensics, art of steganography and mobile device forensics, email and web forensics, presenting reports and testimony as an expert witness.
ITC597 Digital Forensics will cover the following topics:
- Relevant legislation and codes of ethics
- Digital crime, civil and criminal law
- Computer forensics and the digital detective
- Forensic processes, policies and procedures
- Fraud and forensic accounting
- E-Discovery, guidelines and standards
- E-Evidence, tools, environments and equipment
- Systems basics and file systems
- Investigating operating systems
- Email and web forensics
- Network forensics and intrusion detection
- Reporting and presenting
Assumed Knowledge
ITC595 Information Security
Subject Availability
Session 1 (Feb)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject allows students to develop skills that are necessary to identify ethical issues that are raised as a result of the advancement of information and communications technology (ICT). The subject will cover areas such as critical thinking, professionalism, ethical theories, privacy, security and crime in cyberspace, intellectual property, freedom of speech and regulation of the internet, systems reliability, and social and ethical issues of emerging technologies. By the end of the subject, students should be able to argue consistently and rationally about the moral problems raised by the adoption and use of ICT and propose solutions to those moral problems.
ITC506 Topics in Information Technology Ethics will cover the following topics:
- Introduction to ICT ethics.
- Introduction to critical thinking techniques.
- Professionalism and professional ethics.
- Ethical theories and analysis.
- Privacy.
- Security and crime in cyberspace.
- Intellectual property.
- Freedom of speech and Internet content regulation.
- Emerging technologies and ethics.
- ICT and Society.
Subject Availability
Session 1 (Feb), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides students with an in-depth study of cloud computing technologies and their use in business. It looks into various standards based cloud systems and architectures. It further discusses various cloud delivery models, planning for migration to a cloud model. It also discusses governance and security issues in a cloud model and managing the cloud infrastructure.
ITC561 - Cloud Computing will cover the following topics:
- Fundamentals of Cloud Computing.
- Cloud Architectures.
- Cloud Delivery Models.
- Cloud Risk Management.
- Cloud Security.
- Planning a migration to the Cloud.
- Cloud Governance and Management.
- Managing the Cloud Infrastructure.
Subject Availability
Session 1 (Feb)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject focuses on issues surrounding cloud computing privacy and security and their application to business. It discusses the governance framework that must underpin and define the processes for determining risk, privacy and security issues for an enterprise which uses a cloud model. It will examine the legal and business requirements for privacy, the need for a risk management assessment of all data used in cloud operations, and the use of security controls to manage the assessed risk. It further examines the major cloud deployment and delivery models to determine how these affect the risk management assessment and subsequent security controls when applied to business.
ITC568 Cloud Privacy and Security will cover the following topics:
- Governance and auditing for cloud operations.
- Threats, risk and requirements landscape.
- Privacy, data and digital identity.
- Data sensitivity, location and legal jurisdiction.
- Cloud security approaches and challenges.
Subject Availability
Session 2 (Jul)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
ITC593 provides the practical knowledge and skills needed to analyse and work with network security protocols and standards, along with an in-depth introduction to the field of cryptography. The subject explores how contemporary encryption algorithms, digital signatures and cryptographic hash functions are used to implement various security goals, such as authentication, confidentiality and integrity. It also includes a comprehensive coverage of emerging security trends in modern IT infrastructure.
ITC593 - Network Security and Cryptography will cover the following topics:
- Introduction to computer and network security.
- Cryptography and its applications in network security.
- Secret key (symmetric) algorithms.
- Public key (asymmetric) algorithms.
- Modes of operation.
- RSA algorithm;
- Authentication systems.
- TLS and IP security
- User authentication & Kerberos.
- Key Management & Public key infrastructure (PKI).
- Emerging trends and challenges of network security
Assumed Knowledge
ITC595 Information Security
Subject Availability
Session 2 (Jul), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject provides students with a thorough background in IT security risk management issues. Comprehensive selections of risk management techniques for IT security are covered, including quantitative and qualitative methods. Other topics include security decision-making, risk mitigation, risk transference and business continuity planning.
ITC596 IT Risk Management will cover the following topics:
- Information security basics.
- Fundamental security rules.
- Security decision making.
- Practising security.
- Foundations of risk management.
- Quantitative risk assessment.
- Qualitative risk assessment.
- Risk mitigation.
- Risk transference.
- Business continuity planning.
Subject Availability
Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
In this subject, students will investigate the current threats to computing systems and networks along with effective countermeasures. Students will also learn the principles and stages of an appropriate security incident response. In addition, this subject will prepare students for the Global Information Assurance Certification (GIAC) and Certified Incident Handler (GCIH) industry certification exam.
ITE512 Incident Response will cover the following topics:
- Computer attack methods and vectors
- Security incident handling processes
- Legal and forensic issues of incident handling
- Computer and network attack countermeasures
- Platform and device-specific attacks and defences
- Application-level attacks and defences
- Recovery and restoration issues
Subject Availability
Session 1 (Feb)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
In this subject students will acquire an understanding of the principles of forensic investigation and the complexities involved in conducting forensic investigations in a contemporary context. Students will develop a deeper understanding of the methods for acquiring digital evidence from more contemporary, non-traditional, digital systems (such as social media sites, virtualised systems and multimedia platforms) using practical examples, case studies and activities. Students will also learn principles of investigating malware and ransomware attacks and solve the potential difficulties in these contexts.
ITE513 Forensic Investigation will cover the following topics:
- Computer forensics
- File System Forensic Analysis Part 1 - Volumes and FAT
- File System Forensic Analysis Part 2 - NTFS
- File Carving.
- Acquiring digital evidence
- Log file analysis
- Mobile device forensics (Android/GPS/SIM Cards)
- Malware analysis
- Ransomware analysis
- Image forgery
- Steganography & Steganalysis
Assumed Knowledge
It is assumed that students will have completed ITC597 or ITI581
Subject Availability
Session 2 (July)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject will help students prepare for the Amazon Web Services (AWS) Certified Solutions Architect industry certification. Students will study important characteristics of a successful cloud-based implementation, including those that relate to scalability, security, reliability, durability, and cost effectiveness. This learning will be applied through the design of an optimal cloud-based system in accordance with a set of project requirements.
ITE531 Architecting Cloud Solutions will cover the following topics:
- Designing cloud-based systems
- Cloud implementation and deployment
- Project costing
- Deployment management
- Network design
- Data storage
- Cloud-based security
- Scalability and elasticity
- Cloud migration and hybrid architecture
Subject Availability
Session 2 (Jul)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Hear more about subject ITE531: Architecting Cloud Solutions from a previous lecturer:
Abstract
This subject helps prepare students for the Certified Information Systems Management Certification (CISM), which is an international industry certification developed by ISACA. Students in this subject will investigate how to establish and maintain an information security governance framework along with the supporting processes to ensure that an organisation's information security strategy is aligned with its goals and objectives.
ITE533 Cyber Security Management will cover the following topics:
- Information security governance
- Information security strategy
- Security requirements
- Risk management and compliance
- Security policies
- Asset classification models
- Program development and management
- Security incident management
Subject Availability
Session 2 (Jul)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
A penetration test, colloquially known as a pen test, is an authorised simulated cyber attack on a computer system, performed to evaluate the security of the system. During this subject, students will learn how to use penetration testing to gain an understanding of the security posture of IT environments and then highlight short- and long-term recommendations for increasing security. Students will then develop a comprehensive report detailing the findings of a penetration test and what steps the organisation needs to take to reduce their cyber security risk profile. The subject also provides hands-on activities for students to practice their penetration testing skills by engaging in a practical exercise in which they hack into a controlled lab environment.
ITE535 Pen Testing will cover the following topics:
- Scoping a penetration test
- Putting together a penetration testing platform
- Risk Management Basics
- Scanning the network
- Compliance
- Customer engagement
- Service and account enumeration
- Social engineering
- Vulnerability scanning
- Web application exploits
- Privilege escalation
- Wireless attacks
- The penetration test report
Subject Availability
Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Abstract
This subject discusses how to communicate effectively, and efficiently in professional environments. Students who undertake this subject will gain a wide range of practical communication skills supported by the latest intellectual and psychological behavioural theory. This subject explores the details of how and why humans communicate in certain ways and will equip students to communicate at all levels of professional business for effective outcomes. Students are encouraged to challenge their own communication habits and to undergo a journey of personal change through this subject.
MGI521 Professional Communications will cover the following topics:
- Communication Psychology of Knowledge Exchange
- Business Language & Document Writing
- Digital Communications & The Media Experience
- Creating Business Proposals & Reports
- Digital Presentations & Tools
- Selling & Obtaining Buy-In
- Facilitating Workshops & Meetings
- Managing Business Conflict & Negotiation
- Differences Between Leadership, Management & Mentors
- Personal Presentations & Public Speaking
Subject Availability
Session 1 (Feb), Session 2 (Jul), Session 3 (Nov)
The information above was accurate the time the subject was last run, but may change in future. Be sure to check the details in your subject outline upon enrolment.
Note: Assessment items are subject to change. Your official subject assessments should be confirmed in your online Subject Outline upon enrolment in that subject.
Assessments in your subjects will take a variety of forms, all designed to test and enhance your learning. You might be called upon to sit an exam, write a marketing plan, design an application, produce a video presentation, sit a quiz or any number of tasks. Why not try a small sample based on the exam from the subject ITE514 – Professional Systems Security?
- Why is prevention alone NOT enough to deal with attackers?
- Because upkeep of preventive measures is labour intensive
- Because it is difficult to implement preventive measures
- Because prevention alone is an expensive option
- Because even the best preventive measures are subject to failure
- Which of these choices best describes a buffer overflow attack?
- The input data exceeds the memory allocated for it.
- A buffer overflow is the common result of a SYN flood attack.
- Data formatted differently than expected by the receiving process.
- There is insufficient input data to fill the programs memory buffer.
- In a /24 subnet, the address x.x.x.255 BEST represents which of the following?
- An unusable address
- A broadcast address
- A standard IP address
- A network address
- What is NOT a method of social engineering?
- Impersonating a corporate VP over the phone
- Sending an e-mail that persuades a user to open a dangerous attachment
- Dumpster diving for sensitive corporate information
- Sending a popup window asking the user to re-authenticate
- Which of the following characterizes UDP as compared to TCP?
- More complex
- Connection oriented
- Faster
- Guaranteed delivery
- What specific action did the Melissa virus take that caused it to spread so fast?
- It broadcast itself to remote hosts with a spoofed address, echoing it to machines all over the Internet.
- It mailed itself to the first 50 entries in a victim’s Microsoft Outlook address book.
- It invaded root DNS servers, pointing addresses everywhere to infected hosts.
- It opened a user’s Internet Explorer browser to a site with the virus.
- Which of the following is FALSE about loopback addresses?
- They are assigned by the local ISP.
- They fall into the range 127.0.0.0/8.
- They are non-routable on the Internet.
- They are often used by services that must contact other services running on the same machine
- Network systems are located at different locations within our environment. Which of the following sections would be the best location for a web server that you want external customers to access?
- Semi-public
- Public
- Private
- Intranet
- Which of the following is the main problem with default passwords?
- They are difficult for valid users to guess.
- Frequently administrators do not know they are there and attackers do.
- They are usually hard to obtain.
- A default password can never be removed from a system.
Answers: D, A, B, C, C, B, A, A, B.
There are two pathways to entry into the Master of Cyber Security.
- An undergraduate degree from a recognised Australian tertiary institution (or equivalent).
- Professional attainment and/or work experience.
Applicants without a tertiary qualification may be admitted first to the Graduate Certificate in Cyber Security Upon successful completion of the four subjects in the Graduate Certificate, students will then be admitted with full credit into the Master of Cyber Security to complete their remaining units of study.
Information on applying can be found on the How to Apply help page.
Graduate Certificate
The Master of Cyber Security is an articulated course that incorporates the Graduate Certificate in Cyber Security. The certificate can be stand alone or, upon successful completion, students may proceed (with full credit) into the Master of Cyber Security
Domestic Students $3600 AUD per subject |
International Students $3820 AUD per subject |
More information on Fees can be found on the Fees page.
If you want to reduce your cost per course you may be eligible for credit.
Academic credit is available to students who can provide proof they have passed relevant industry certification examinations or who have completed previous study. No fees are charged for subjects students receive credit for.
Prospective students can obtain an estimate of credit entitlements from Industry Examinations by filling out the Credit Eligibility Form.
NOTE: The actual level of credit awarded will be confirmed upon acceptance into the Degree.
Find out more with a personalised assessment of your eligibility, or apply now!