Postgraduate Programs in Cyber Security, Strategy and Risk Management


Governments, corporations and businesses across the globe are facing unprecedented challenges in securing their cyber assets against criminal and commercial security threats. There is a current shortage of professionals with cyber security skills who can facilitate economic growth while protecting critical infrastructure and maintaining operational stability. Organisations in both the public and private sectors require personnel at all levels and in many areas who understand the technical, legal and business aspects of cybersecurity risk analysis, assessment and management, as well as how to safeguard information privacy.

Built on world-leading expertise across several disciplines, the ANU Cyber Security program incorporates current industry and research developments, equipping graduates with skills which can be applied across a range of settings, from health and social services to finance and defence.

The Master of Cyber Security, Strategy and Risk Management is a 1.5 year full-time (or equivalent part-time) degree which takes a multi-disciplinary approach to cyber security. Students undertaking the ANU’s innovative program should expect:

  • Exposure to best-practice in cyber security, strategy and risk management.
  • Cutting-edge courses in areas of relevance to cyber security, strategy and risk management.
  • An opportunity to deepen knowledge in an area of academic specialisation – either computer science or strategic policy.
  • Professional development for cyber security leaders and practitioners.
  • The opportunity to undertake research of professional relevance.

Upon completion of the program, graduates will have the skills and knowledge to:

  • Develop and apply effective cyber security strategies, as well as providing leadership direction for organisations preparing for operations in a contested environment.
  • Assess the role policy plays in engineering secure systems and in driving the composition of cyber security solutions.
  • Compare and contrast the legal and ethical aspects of cyber security at national and international levels.
  • Integrate acquired knowledge in cyber security to identify solutions for real-world problems.
  • Negotiate the legal, social, ethical, regulatory and technical issues related to securing information systems and critical infrastructures.
  • Monitor, direct and enhance the protection of cyber systems through industry-accepted standards, procedures and policies.
  • Assess the vulnerability of existing and proposed ICT systems.
  • Manage potential cyber security risks, focusing on decision-making, trade-offs, team building and leadership.
  • Demonstrate awareness of and responses to a diverse range of cyber threats.


The cyber security program is comprised of three different exit awards:

Students can apply directly to either the Graduate Diploma or Masters awards, and can also transfer between award programs. A student enrolled in the Graduate Diploma can subsequently transfer to the Masters award, with credit for courses already completed. Equally, a student enrolled in the Masters who decides not to complete the program can request to exit with a Graduate Diploma, which requires fewer courses. The Graduate Certificate is an exit-only qualification, meaning that it is only available to students enrolled in the Graduate Diploma who wish to exit the program early.

I'm interested! Now what?

Applications for the Cyber Security program are lodged directly through the ANU's StudyLink portal, as described in the 'Application process' tab below.

The application and enrolment process has 5 key stages:

Step 1

Students lodge an application through the ANU's StudyLink portal, along with their academic transcripts and CV.

Step 2

Students receive an email from the ANU’s Domestic Admissions team, containing an offer for study.

Step 3

Students complete the online acceptance process, and will then receive their ANU logon and enrolment instructions from the Data Analytics team.

Step 4

Students log on to ISIS, the ANU’s Interactive Student Information System, to enrol themselves in their chosen courses.

Step 5

Students log on to Wattle, the ANU’s online learning portal, to access their course materials

Application process

Applications for the Cyber Security program are available directly through the ANU’s StudyLink portal.

Students should locate the relevant award from the hyperlinks below, and then select ‘Apply’ from the top right-hand corner of the page:

There are different application closing dates for each academic session (Autumn, Winter, Spring etc.). Closing dates for each academic session will be available at the ‘Course Schedule’ tab at the bottom of this webpage. Please note that closing dates will not be available until the 2018 teaching timetable is confirmed.

The application and enrolment process has 5 key stages:

  • Students lodge an application form, academic transcripts and curriculum vitae through the ANU’s StudyLink portal.
  • Students will receive an email to their nominated address from the ANU’s domestic admissions team. This email will contain an offer for study. Students must follow the instructions contained in the offer letter in order to accept their place at the ANU.
  • Students who have completed the online acceptance process will receive an email from the Data Analytics and Cyber Security team. The email will contain the student’s ANU ID number, student password, and enrolment instructions.
  • Students must log on to the ANU’s Interactive Student Information System (ISIS) with their ID and password, and follow the instructions to enrol themselves in their chosen courses.
  • Online course material will be available to all enrolled students through the ANU’s Wattle portal. Wattle requires the same ID number and password as ISIS. Course material will become visible shortly before the commencement date of the course.

Delivery mode

All courses listed on the Cyber Security course schedule are online intensive courses.

These are delivered in 4+1+4 mode – 4 weeks of online teaching and assessment, followed by one full-time week on campus at the ANU, followed by another 4 weeks of online teaching and assessment. Students will only be required to be on campus in Canberra during the one-week intensive period for each course.

Some of the courses which form part of the Cyber Security program are also run in semester-long mode for other ANU students. For example, COMP6340 (Networked Information System) runs in online mode for the Cyber Security program, and in Semester 1 for students enrolled in the Master of Computing.

Cyber Security students should always enrol in the versions of courses which are specified on the below course schedule, because these are the only courses taught in online mode. Semester-long courses require students to attend classes on campus over 12 weeks, with no online component.


Applicants who have completed a degree in a discipline related to cyber security may be eligible to receive credit towards their degree. For example, a student with a background in information technology may be given credit for COMP6301 (Computing Foundations for Cyber Security) or for COMP6340 (Networked Information Systems). In this case, the student’s degree program is shortened by one or two courses, because the student is regarded as having completed COMP6301 and/or COMP6340.

The ANU’s credit policy for coursework programs states that credit cannot be given for study which predates the course for which credit is being sought by more than 7 years. See the Coursework Awards Rule, section 3.3.1:

Students whose studies fall outside this 7-year window may be granted an exemption instead of credit. For example, a student whose information technology studies were completed in 2008 may be granted an exemption for COMP6301 or for COMP6340. In this case, the student’s degree is not shortened, but they can choose different courses with which to replace COMP6301 and COMP6340.

Program structure


Graduate Certificate Cyber Security, Strategy and Risk Management

Students undertaking the Graduate Certificate must complete the following four courses:

COMP6301 (Computing Foundations for Cyber Security)

NSPO8006 (National Security Policymaking)

LAWS8077 (Cyber Law)

MGMT7203 (Risk Analysis for Business Management)


Graduate Diploma Cyber Security, Strategy and Risk Management

Students undertaking the Graduate Diploma must complete the following seven courses:

COMP6301 (Computing Foundations for Cyber Security)

NSPO8006 (National Security Policymaking)

LAWS8077 (Cyber Law)

COMP6340 (Networked Information Systems)

NSPO8021 (Statecraft and National Security in Cyberspace)


COMP6420 (Introduction to Data Management)

MGMT7203 (Risk Analysis for Business Management)


Plus one of:

CRIM8002 (Cyber Security and Cyber Crime)

MGMT8005 (Project Risk and Issues Management)


Master Cyber Security, Strategy and Risk Management

Students undertaking the Masters must complete 12 courses in total – the following 10 courses, plus a further two courses from one of the depth pathways listed below:

COMP6301 (Computing Foundations for Cyber Security)

NSPO8006 (National Security Policymaking)

LAWS8077 (Cyber Law)

COMP6340 (Networked Information Systems)

NSPO8021 (Statecraft and National Security in Cyberspace)

CRIM8002 (Cyber Security and Cyber Crime)

COMP6420 (Introduction to Data Management)

MGMT7203 (Risk Analysis for Business Management)


COMP7500 (Software Security)

MGMT8005 (Project Risk and Issues Management)


Depth pathways – choose one list and complete both courses:

COMP8501 (Cyber Defensive Operations)

NSPO8014 (Ethics and Technologies of War)

COMP8502 (Cyber Offensive Operations)

NSPO8017 (Malicious Networks: Transnational Terrorism and Crime)


Stage 1 (Grad. Cert.)

COMP1 - Computing Foundations for Cyber Security (COMP6301)

The pursuit of technical cyber security studies demands an understanding of computing fundamentals. For students with minimal prior knowledge, or needing a refresher, this course covers the basic architecture of modern computers: how a CPU works, memory and its manipulation, and the relationship of the hardware to the operating system.  The course teaches logic, programming and scripting, with a focus on errors which allow security experts or cyber criminals to find faults and exploit them. It covers how computers handle numbers using decimal, binary, and hexadecimal numbering systems, as well as outlining how computers encode text and data, data structures, algorithms, and the basics of cryptography. Students are exposed to the dominant computing systems (including mobile), gaining hands-on experience with the command line to move students from user to power user. Complementing the technical coverage, students learn the fundamentals of security practice, including core terms and principles, including the Principle of Least Privilege and the Confidentiality, Integrity and Availability (CIA) Triad, and discover how these principles drive discussions about security. Students will become conversant in the fundamentals of cyber security risk assessment.

LAW1- Cyber Law (LAWS8077)

This course introduces students to the fundamentals of cyber law, focusing on the Australian legal system and on comparative issues where relevant. The course is taught in two modules. The first module covers sources of law (case law, statue, treaties, custom, tradition); types of law (national, international, public, private); legal systems (common law, civil law, international and indigenous law); legal institutions (parliament, courts, tribunals, international organisations, non-governmental organisations and community); and legal interpretation. The second module focuses on cyber warfare and computer networks, with a view to anticipating potential legal issues with cyber warfare, especially as regards the applicability of existing rules of international law. The second module is co-taught with LAWS8035, and topics include the legal regulation of cyberspace, telecommunications interception, data retention, the work of security agencies and the role that cyber plays within the criminal law.

POLICY1 - National Security Policymaking (NSPO8006)

This course examines the structures, processes, actors and norms of Australia's national security policymaking system. The subject-matter of the course includes: the purposes of national security policymaking; Australia's national security policymaking architecture; actors and interests in the national security community, as well as practical aspects of national security policymaking, including strategy planning and implementation. The course also investigates the role of the private sector, interest groups, the media and academia/think tanks in national security policymaking; leadership in the national security community; national security policymaking in comparable benchmark countries; and the future of national security policymaking in Australia.

BUSINESS1 - Risk Analysis for Business Management (MGMT7203)

This course introduces the concept of total risk management, the subject-matter of which is partly art and partly science. The objective of the course is to develop skills in the identification, measurement and management of issues contributing to business risk. The emphasis is on the risk analysis of international business, including analysing country and political risks and diagnosing financial shocks. The course also covers risk issues of relevance to domestic business, explaining why domestic business is subject to international exposure. Through simple, comprehensive real-life case studies, the participants develop the skills, data, knowledge and methodology required to identify and manage the multiple dynamic risk exposures which arise in modern business management.


Stage 2 (Grad. Dip.)

COMP2 - Networked Information Systems (COMP6340)

This course studies networking fundamentals including local, metropolitan and wide-area networks (LAN, MAN, and WAN), the Internet, intranets, extranets, and the World Wide Web (WWW). Its focus is on the application, transport, and network layers. The topics covered include the following: hardware, software, network topologies, architecture, and protocols; network and web applications; website design and construction; information architecture; standards; privacy, security, firewalls, and reliability; systems integration; network monitoring and management and professional ethics and social issues.

COMP3 - Introduction to Data Management, Analysis and Security (COMP6420)

Commerce and research are being transformed by data-driven discovery and prediction.  Skills required for data analytics at massive levels span a variety of disciplines and are difficult to obtain through conventional curricula: scalable data management on and off the cloud, parallel algorithms, statistical modelling, and proficiency with a complex ecosystem of tools and platforms. This course provides an overview of the basic techniques of data science, including SQL and NoSQL solutions for massive data management, basic statistical modelling (descriptive statistics, linear and non-linear regression), algorithms for machine learning and optimization, and fundamentals of knowledge representation and search.  Students learn key concepts in security and the use of cryptographic techniques in securing data.

POLICY2 - Statecraft and National Security in Cyberspace (NSPO8021)

The course examines the evolution of cyberspace as a domain where states project both hard and soft power, and how states are adapting to the threats and opportunities of this new domain. It examines how cyberspace interacts with the traditional domains of land, sea, air and space in which statecraft is prosecuted, and explores the future of cyberspace and its potential to disrupt ideas of sovereignty and national security. The course takes a highly interdisciplinary approach under a complex systems chapeau and includes humanities, social sciences and natural sciences perspectives.

BUSINESS2 - Project Risk and Issues Management (MGMT8005)

This course explores the management of the risks and issues that arise before and during the execution of a project: development of a conceptual framework, analysis of the way in which risks and issues influence project decisions, and examination of processes to manage risks and issues throughout the life of a project.

The course aligns with no particular methodology, but uses theoretical principles and techniques to teach students to evaluate the appropriateness and gauge the limitations of the approaches used within their own organisations. The objective of the course is to equip students with essential skills which will enable them to participate meaningfully in the management of project risk and issues.

LAW2 - Cyber Security and Cyber Crime (CRIM8002)

This course explores cyber security measures, different forms of cybercrime and emergent forms of cyber warfare.  Students address challenges to cyber security and examine the nature, prevalence, scope and the means by which criminals perpetrate these crimes. The course examines the impact of cybercrime on victims, businesses and the state, and the responses of information-security providers and law enforcement agencies. It explores the role of offender networks, as well as ways of investigating and preventing cybercrime. Students will assess international efforts to counter cyber security threats by state and non-state actors, and the course concludes with a critical assessment of the threats to liberty posed by the emergent new digital age of surveillance.

[Please note that Graduate Diploma students are only required to complete one of the last two courses listed above (MGMT8005/CRIM8002). Masters students are required to complete both.]


Stage 3 (Masters)

COMP4 - Software Security (COMP7500)

This course focuses on software security fundamentals, secure coding guidelines and principles, and advanced software security concepts. Students will learn to assess and understand threats, learn the principles of designing and implementing secure software systems, and get hands-on experience with common security pitfalls.


Depth pathways – two courses from one of the following groups:

Cyber Defensive Operations (COMP8501)

Defensive Cyber Security operations introduces and exercises a complete range of anomaly / intrusion detection and identification mechanisms. Students will also learn and exercise handling of an existing intrusion which includes forensic operations as well as securing the remaining systems. This is a complete course in cyber defence which enables students on successful completion to operate systems under real-world conditions.

Cyber Offensive Operations (COMP8502)

Offensive Cyber Security operations introduces and exercises a complete range of reverse engineering techniques and attack patterns. Students will also learn and exercise analysis of systems based on minimal information. This is a complete course in cyber attacks, which enables students on successful completion to identify and test systems for vulnerabilities without full knowledge or direct access.


Ethics and Technologies of War (NSPO8014)

This course examines ethical norms on the use of armed force for political purposes and it includes a particular focus on the relationship between those norms and military technologies. It explores how, and the extent to which, ethical and/or technological considerations influence strategic and tactical decisions. After an introduction to Just War theory, the course examines a range of topics, drawing on historical and contemporary ideas and information. These include: basic concepts of international law on armed conflict; pre-emptive and preventive war; humanitarian interventions; non-combatant immunity; mercenaries and private military companies; drones and robots; nuclear weapons; inhumane and 'non-lethal' weapons; military medical ethics; intelligence and counterterrorism; and post-war recovery. The overall aim of the course is to provide students with a stronger understanding of the strategic, operational, political and ethical concerns surrounding these issues, their security implications, and the conceptual and empirical connections between them. Course activities and assessment tasks are designed to encourage critical thinking and intellectual autonomy.

Malicious Networks: Transnational Terrorism and Crime (NSPO8017)

This course examines how globalisation and the communications revolution have empowered transnational networks of terrorists and criminals in their capacity to threaten national security. The first part of the course concentrates on network theory to form the conceptual basis for understanding the motivations, operations and impacts of transnational terrorist and criminal organisations. The second part examines the varieties of terrorist and crime organisations, focusing in particular on the advantages and vulnerabilities of each. The third part of the course examines the responses of various states and international bodies to the challenge of empowered malicious networks.

Course schedule

Please note that the teaching timetable for the remainder of 2018 is yet to be confirmed. The below dates are purely indicative, to give applicants an idea of how course dates are structured.

Academic session 2018

Start-finish dates (9 weeks total)

On-campus intensive (Week 5 out of 9)

Census date

Indicative application closing date


6 Aug – 5 Oct

3-7 Sept

24 Aug

~30 June


1 Oct – 30 Nov

29 Oct – 2 Nov

19 Oct

~ 28 Aug

Frequently asked questions

Click here to download a PDF of these FAQs.



What makes the Cyber Security program different to other ANU Masters programs?

The ANU’s Cyber Security program differs from other similar programs in that it offers both a broad-ranging curriculum and an opportunity to develop specialised skills in one particular area. Students enrolling in the Graduate Diploma or Masters are required to complete courses across four different academic disciplines – computer science, law, policy and business. Students cannot complete the program without attaining a certain level of proficiency in all four areas, resulting in graduates with an integrated and well-rounded understanding of cyber security practices and policies. Masters students are also able to specialise in a discipline of their choosing, taking higher-level courses to give them the expertise they need in their professional fields. Our program also focuses on real-world applications of cyber security techniques and toolsets, equipping graduates with the academic background to tackle practical problems outside the classroom.

Is the program open to international students?

The program is not currently available to international students.

In future years, the ANU may apply to the Australian government Department of Education for CRICOS accreditation, which would enable us to enrol international students. However, at present international students should investigate other ANU programs which do permit international enrolment:

What are the admission requirements for the non-award, Graduate Diploma and Masters programs?

Applicants for the Graduate Diploma must hold either an Honours degree (AQF8) or a Bachelor degree (AQF7) with a GPA of 4.0 / 7.0, plus one year’s relevant work experience. Applicants for the Masters must hold a Bachelor degree with a GPA of 5.0 / 7.0, plus three years’ relevant work experience.

Further information about the GPA (Grade Point Average) is available here. A GPA calculator tool is available for download at this website, under the heading ‘reference documents’ on the right-hand side.

Applicants with a completed higher qualification (e.g. Masters, PhD) are admissible to either program. Applicants to the non-award program must meet the entry requirements of the Graduate Diploma.

Please note that there is no discipline-specific requirement for this program – applicants are eligible with a Bachelor degree in any field. For information on the Australian Qualifications Framework, see here.

What is the difference between ‘award’ and ‘non-award’ programs?

Both the Graduate Diploma and the Masters are ‘award’ programs – this means that they are programs of study which enable the student to graduate with a formal academic award, once all requirements have been met.

The non-award program enables students to enrol in any course which interests them and for which they meet the academic pre-requisites. The completion of non-award courses does not enable students to graduate with a Graduate Diploma or a Masters, regardless of how many courses they complete. However, students who have completed non-award courses which are part of the Cyber Security program are able to request academic credit for these courses, should they subsequently enrol in the Graduate Diploma or Masters programs.

Am I admissible if I don’t have a Bachelor degree?

Applicants who do not have a Bachelor degree may be eligible for admission to the program on the basis of professional equivalency. This means that the applicant has been assessed by the relevant delegated authorities as meeting the academic entry requirements without completing formal university study.

Applicants wishing to discuss whether they are eligible for admission without a degree should consult the program convenor, Dr. Alwen Tiu (

What is the ANU’s English language policy, and to whom does it apply?

The ANU’s English language policy applies to all students of the ANU, whether domestic or international. The policy is available here:

Australian citizens and permanent residents whose university studies were conducted in countries other than those listed under ‘Group A’ in the above policy will be required to provide evidence of English language competency. This policy applies regardless of whether you have separately had to meet these requirements for the Department of Home Affairs (formerly the Department of Immigration and Border Protection).

Please note that holding Australian citizenship or being employed by an Australian organisation does not constitute grounds for admission under the English language policy – applicants must provide an approved form of evidence, as outlined in the policy above.

How do I apply for the non-award program?

Applications for the non-award program are lodged directly through the ANU, at the following link:

Applicants must ensure that they submit all required documentation to the email address as soon as they have submitted their application. Required documentation is described below, and on the application form.

How do I apply for the Graduate Diploma or Masters program?

Applications for the Grad. Dip. and Masters programs are lodged through the ANU’s StudyLink portal, as described in the above tab labelled ‘Application Process’.

Students should locate the relevant webpage for their chosen award from the links below, and click on ‘Apply’, on the top right-hand side of the page:

What are the application closing dates for each academic session?

There is a different application closing date for each academic session of the year (Winter, Spring etc.). Closing dates for all courses will be listed on the ‘Course Schedule’ tab on this website, once the 2018 teaching timetable is confirmed.

What documents do I need to include with my application?

You will need to include colour scans of original academic transcripts, as well as an up-to-date copy of your curriculum vitae and of any change-of-name documentation (e.g. marriage certificate). Please note that greyscale scans of academic transcripts are not acceptable, nor are colour photographs of original transcripts.

How do I know if my application has been successful?

You will receive an email from the ANU’s Admissions team within four weeks of your application date, to the email address nominated on your application. Depending on the information you provided, you may receive either a full offer for study or a conditional offer for study. Conditional offers for study require you to meet certain conditions before you can accept the offer.


Teaching and assessment:

Why doesn’t the Cyber Security program teach in normal university semesters?

Because the Cyber Security program is designed to be taught in online intensive mode for working professionals, normal university semesters aren’t suitable for this teaching format. Instead of being constrained by fixed dates for Semesters 1 and 2, the Cyber Security program teaches courses staggered throughout the year in the ANU’s non-standard teaching sessions – Autumn, Winter, Spring etc. This model is also used by other areas in the ANU which teach specialised professionally-focussed courses, including the College of Law and the Crawford School of Public Policy.

What is an ‘academic session’?

An academic session is the specific period of the academic year to which a course belongs. The Cyber Security program teaches in non-standard academic sessions, which are seasonal:

  • Summer – January to March
  • Autumn – April to June
  • Winter – July to September
  • Spring – October to December

These sessions run in parallel with Semesters 1 and 2. Semester 1 runs from January to June, at the same time as the Summer and Autumn sessions; Semester 2 runs from July to December, at the same time as the Winter and Spring sessions.

Students need to know in which academic session their course is being taught, because this is how you make sure you’re enrolling in the right course in your ISIS account. Once you’ve successfully added a course to your enrolment, the course will display on the ISIS home screen under the relevant academic session.

How do online intensive courses work?

As described in the tab above labelled ‘Delivery mode’, online intensive course in the Cyber Security program are run over nine weeks. The first four weeks comprise online learning and assessment through the ANU’s Wattle portal; the fifth week is spent full-time on campus at the ANU; and the final four weeks are a further period of online teaching and assessment. We call this mode 4+1+4. Therefore, eight weeks of each course can be completed online from anywhere, and one week must be spent on campus in Canberra.

Can I take two online intensive courses which are running simultaneously?

Students cannot take two intensive courses with same start and finish dates. This is because they will have the same on-campus intensive week, and students can only attend one of these at a time. Where courses are offered concurrently, students will be required to choose one or the other.

Please note that this point is currently not relevant for the Cyber Security program in 2018, where only one or two courses will be offered. In subsequent years, however, students will need to be aware that they cannot study more than one online course at a time.

Can students complete the program in full-time mode?

It is not possible for students to undertake the online intensive program in full-time mode. Once the online program is running at full capacity (likely 2019 or after), the maximum number of online intensive courses available will be five per annum – this is slightly more than a 50% study load.

Students who reside in Canberra and who are prepared to enrol in a mixture of online courses and traditional on-campus semester-long courses are able to complete the program in full-time mode. For advice about how to mix on-campus and online courses, please contact the Data Analytics and Cyber Security team:

Is the on-campus intensive week compulsory?

Yes, the on-campus intensive week is compulsory for all students. Exceptions will be made only in the case of serious and unforeseen circumstances (e.g. sudden illness, accident or bereavement). Otherwise, all students are expected to participate in all aspects of the on-campus intensive week, and students will not be given exemption on the grounds of professional workload. The intensives are a crucial part of learning development and cohort-building for all courses, and students should fully consider this expectation when choosing to undertake the program.

What is the timetable for the 2018 online intensive courses?

The online intensive timetable will be available at the above tab labelled ‘course schedule’, as soon as the 2018 teaching timetable is confirmed. The 2019 timetable will be published in late 2018.

Students wishing to consult the timetable for courses taught in on-campus semester-long mode should consult the relevant Programs and Courses entry for their course.

How do I know what the pre-requisites are for any particular course?

Pre-requisites and any assumed knowledge are detailed on the Programs and Courses entry for each course. Below is a table of the pre-requisites for the courses included in the Cyber Security program.

Please note that these pre-requisites only apply to students enrolled in the Cyber Security program; students enrolled in other programs may be subject to other pre-requisites, as detailed on Programs and Courses.




Stage One

(Grad. Cert.)

COMP6301 Computing Foundations for Cyber Security


LAWS8077 Cyber Law


NSPO8006 National Security Policymaking



MGMT7203 Risk Analysis for Business Management


Stage Two

(Grad. Dip.)

COMP6340 Networked Information Systems


COMP6420 Introduction to Data Management


COMP7500 Software Security

COMP6301, COMP6340, COMP6420

NSPO8021 Statecraft and National Security in Cyberspace


CRIM8002 Cyber Security and Cyber Crime


MGMT8005 Project Risk and Issues Management


Stage Three


COMP8501 Cyber Defensive Operations


COMP8502 Cyber Offensive Operations


NSPO8014 Ethics and Technologies of War


NSPO8017 Malicious Networks: Transnational Terrorism and Crime


What is the assessment structure for each course?

The assessment structure varies from course to course, depending on the individual convenor and on the material being taught. However, all ANU courses include multiple forms of assessment, both formative (identifying areas of academic strength and weakness) and summative (finding out how well you’ve achieved the learning outcomes of the course). You can expect to be assessed in different ways throughout the course, not just at the end. Many courses will include some form of group assessment, reflecting the real-world concerns of the program, because large-scale cyber security initiatives often take place in a team environment.

How do I find out if a particular course is suitable for my skill-set?

You should consult the relevant Programs and Courses entry for the course in question, which will provide you with a summary of the course material, and of the learning outcomes for the course. You may also consult the convenor for the relevant course, who will be able to answer specific questions and to provide you with a course outline.



Is this program eligible for a FEE-Help loan?

Australian citizens enrolled in this program are eligible to defer their tuition fees through a FEE-Help loan. New Zealand citizens and Australian permanent residents can access FEE-Help in certain specific situations, which are outlined here.

Australian citizens who wish to defer their tuition through FEE-Help must complete an electronic Commonwealth Assistance Form (eCAF). This form is available to students through their ISIS account (the ANU’s student enrolment and information portal) once they have accepted their offer for study.

What is the ‘census date’ for each course?

The census date for a course is the date at which students are regarded as liable for their tuition fees, regardless of whether they complete the academic requirements of the course. Up to census date, students can ‘drop’ a course online through their ISIS account without incurring any financial penalty. Students dropping a course after census date will remain liable for the tuition. The only exception to this is students who are approved for late withdrawal from a course. Late withdrawals apply to students who encounter sudden and unexpected circumstances, which prevent them from completing the course (e.g. serious illness, accident or bereavement).

The census date for a course is determined by its starts date – it occurs roughly 1/3 of the way through the course. The census dates for all ANU courses are available at the relevant Programs and Courses entry, and will also be listed on the online timetable at this website, once the teaching timetable is confirmed.

For courses taught in typical semester-long on-campus mode, census dates remain the same every year: 31 March for Semester 1 courses, and 31 August for Semester 2 courses.

Are there any Commonwealth Supported Places (CSPs) for this program and how do I apply?

As at 2018, the College of Engineering and Computer Science has no Commonwealth Supported Place (CSP) for the Cyber Security program. In general, the number of CSPs available for graduate coursework programs has been diminishing over the last few years; sometimes we have only half a dozen to allocate across all programs and all students in the College.

Students should be aware that CSPs are awarded strictly on the basis of academic merit, and that competition is fierce. A GPA of 6.5 or above is recommended to have a realistic chance of securing a CSP.

The ANU is expecting the situation with CSPs to change in late 2018 or early 2019, following reforms announced by the Australian government in the 2017/2018 federal budget. Although we do not yet know precisely what effect these changes will have on the number and allocation of CSPs, we are expecting that CSPs will be fewer and more difficult to obtain from 2018 onwards, possibly incorporating time-limits for students to complete their programs.

Applications for CSPs are considered once per semester. Applicants must complete and submit the form available at the following link in order to be considered for a CSP:

Please note that applicants must have received an unconditional offer for study, or be already enrolled, before they can be considered for a CSP.

What is the difference between the Services and Amenities Fee (SAF) and Domestic Tuition Fees (DTF)?

The Services and Amenities Fee (SAF) is incurred by every student enrolled at the ANU. This fee is a contribution by students towards the cost of the ANU facilities which are available to students: physical buildings as well as information services and other online study supports. Students are charged SAF at a rate of AUD $74.50 per seasonal academic session, up to a maximum of AUD $149 per annum for part-time students or AUD $298 per annum for full-time students (2018 rate).

Domestic Tuition Fees (DTF) are the cost of individual academic courses – these are the fees students incur by being enrolled in a particular course. Students will see two different items on their tuition invoices: SAF is the service and administration component, and DTF is the academic tuition component. Neither component is negotiable, although both can be deferred under the FEE-Help program by Australian citizens and eligible permanent residents and New Zealand citizens.

How can I organise for my employer to pay my tuition fees?

Students whose employers wish to pay their tuition invoices need to set up a tuition sponsorship through the ANU’s Student Finance team. Sponsored students will not receive a tuition invoice through their ISIS accounts – the invoice goes straight from ANU Student Finance to the nominated contact at the sponsoring organisation. Students who have a tuition sponsorship will not be charged late fees if their sponsor does not pay by the due date on the invoice – the ANU’s Student Finance team negotiates directly with the sponsor for payment.

Students who choose to download their invoices from ISIS and to provide these to their employers for payment should note that the student will be charged late fees if payment does not arrive by the due date. This is because the above arrangement does not constitute a tuition sponsorship, even if the student has provided the invoice to their employer. From the ANU’s point of view, students are considered to be self-funded unless they have an official ANU tuition sponsorship in place.

Students who do not wish to set up a tuition sponsorship are recommended to pay their own tuition by BPay or credit card through their ISIS account, and then to seek reimbursement from their employer. This arrangement minimises the chance that students will be left with additional fees if an employer does not pay an invoice on time.

How do I view and pay my tuition fee invoice?

From the home screen in ISIS, students should select ‘check your invoice’ to see their most recent outstanding invoice. Students wishing to consult previous invoices should click ‘invoice history’ for a full list.

What are the indicative tuition fees for each course?

Indicative tuition fees for each academic year are available under the relevant course entry on the Programs and Courses website.

Students should expect that tuition will increase by roughly 5% per annum. For 2018, indicative fees are AUD $4080 per course.

What does DTF cover?

Domestic Tuition Fees (DTF) are the cost payable for enrolling in the course. DTF does not include the cost of any textbooks (which not all courses will require), or the cost of travelling to and attending the on-campus intensive component.

Am I Centrelink-eligible while studying in the Applied Data Analytics program?

The Cyber Security program is not considered an approved coursework Masters program for the purposes of student-support payments from Centrelink. However, students who believe they qualify for Austudy or for Youth Allowance (Student) should contact the Department of Human Services directly for clarification.


General questions:

Do I need a student card?

Students who do not reside in the ACT and who do not intend to use ANU infrastructure during their degree may not need a student card. However, we recommend that all students acquire a student card just in case – these can be obtained in person during one of your on-campus intensive weeks. Student cards are available over the counter with approved photo identification (e.g. passport, driver’s licence) from the ANU Student Central services counter at 121 Marcus Clarke Street.

Please note that students must have accepted their offers for study and be enrolled in a course before they are eligible to hold a student card. Interstate students can request that a student card be mailed to them, subject to certain restrictions.

Students who reside in the ACT and who wish to use ANU library or computer laboratory facilities will need a student card to access the relevant buildings.

What are the arrangements for the on-campus intensive week for each course?

Arrangements for the on-campus intensive week vary from course to course, but students should expect to be on campus every day (Monday to Friday) from 0900 to 1700. Details of the building locations and timetables for the intensive weeks will be emailed to all enrolled students one week in advance, along with maps of the ANU campus and other information to assist those new to Canberra and to the ANU.

Can I get recognition of prior learning (RPL) for some of my previous university study?

You may be eligible for recognition of prior learning (RPL) if you have completed related studies in a previous university degree. At the ANU, RPL is called academic status and takes two forms – credit and exemption.

As described in the above tab labelled ‘credit’, students who are awarded academic status will have their total program shortened by the number of courses for which they are granted credit. In other words, they are regarded as having completed the courses in question.

Students who are granted exemption do not have to take the course from which they have been exempted, and are permitted to replace the exempted course with another course of their choosing, from an approved list of program enclosures. A student who receives exemption does not have their program shortened.

For more information about the restrictions on the awarding of academic status, please see section 3.1 of the Coursework Awards Rule:

Some examples of credit and exemption scenarios:

  • Student A has worked in the Australian Public Service for 15 years, but has no formal qualifications. He has significant experience in information technology management and security. On the basis of his work experience, he is admitted to the Graduate Diploma Cyber Security. He does not receive any credit, and therefore the duration of his program remains the same. Due to his professional expertise, he is granted exemptions from COMP6301 (Computing Foundations for Cyber Security) and for COMP6420 (Introduction to Data Management). He chooses to replace these COMP-coded courses with other computing courses offered by the College of Engineering and Computer Science, in consultation with the program convenor.


  • Student B has worked in the Australian Public Service for 5 years and has completed a Bachelor of Business Administration within the last 7 years. After submitting a credit application – including his academic transcript and course outlines – he is granted credit for MGMT7203 (Risk Analysis for Business Management). He is not required to replace this course with another, and so his program is shortened by one course.


  • Student C applies to study three courses included in the Cyber Security program as a non-award student. She has completed a Master of Computing within the last 7 years. She is not able to receive credit, because she is studying as a non-award student. However, she is considering applying for the Master Cyber Security later on, and is advised that she would receive credit for COMP6420 (Introduction to Data Management) and for COMP6340 (Networked Information Systems). When Student C transfers into the Masters program, the duration of her program will be shortened by two courses (COMP6420/6340), plus whatever courses she has undertaken as a non-award student.

Does the ANU consider MOOCs for admission and/or recognition of prior learning?

If the MOOC for which the student is seeking credit is determined to be equivalent in learning and assessment to a 6-unit ANU course, then the ANU may choose to grant credit, at the discretion of the program convenor. For a MOOC to be credit-eligible, it must be taught by a reputable university, as defined by the Australian government Department of Education and Training’s policy on the recognition of overseas qualifications.

Can I appeal a decision about academic credit?

If you are unhappy with the decision of the College regarding your application for academic status, you can appeal to the Associate Dean (Education) for the relevant College. The Cyber Security program teaches across several ANU Colleges – Business and Economics, Engineering and Computer Science, Law and the National Security College. Each College has its own AD(E).

Applications to appeal a credit decision must be submitted in writing to The Data Analytics and Cyber Security team will identify the correct College for the resolution of your appeal, and ensure that your materials reach the right person.


Information for members of the Australian Public Service:

Do I need departmental support/endorsement to enrol in this program?

You do not need departmental support to enrol in the Cyber Security program – if you meet the admission requirements, then you are eligible.

However, if you wish to access study leave or other flexible arrangements through your employer, then the ANU recommends consulting your professional development or learning support contacts before enrolling in the program.

If my department has encouraged me to apply for this program, and has coordinated my application process, does this mean my tuition is fully funded?

Students should not assume that their tuition is employer-funded unless they have specifically consulted their employer about tuition arrangements, and have received written assurance that the employer has entered into a tuition sponsorship with the ANU. The ANU will not solicit tuition sponsorships on behalf of students. It is the student’s responsibility to secure the employer’s financial support, at which point the Data Analytics and Cyber Security team ( will assist with the logistics of setting up the sponsorship.

Students should check their ISIS account regularly to see whether they have any invoices owing. Even if you are a sponsored student, it’s a good idea to keep an eye out for invoices, because an unexpected account is a sign that something may not be functioning correctly with your sponsorship.

Can APS students access FEE-Help?

APS students can access FEE-Help, provided that they are Australian citizens. Permanent residents and New Zealand citizens are able to access FEE-Help in certain limited situations, as explained above.


Glossary of useful ANU terms:

Award A qualification conferred by the University and certified by a testamur.
  • Award names and relevant specialisations appear on a graduate's testamur.
  • Different plans may lead to different awards though some lead to the same award.
Program In an academic sense , a program is a structured sequence of study - normally leading to the Award of one or more degrees, diplomas or certificates. In a system sense, a program is a grouping of one or more academic plans around a particular theme, Awards, or set of admission requirements.
Course A subject of scholarly study taught:
  • In a connected series of lectures or demonstrations
  • By means of practical work including the production by students of essays or theses or case studies, or the attendance and participation by students in seminars or workshops
Each course requires a course outline.
A four character alphabetic subject area code and a four digit numeric catalogue number identify each course. The first digit denotes the state/year of the program in which the course is normally taken. Each course is normally assigned a unit value that is a measure of the proportion of the academic progress that a course represents within the total credit for the program
Unit This is an indicator of the value of the course within the total program. Most courses are valued at 6 units. Units are used to track progress towards completing a plan. Full -time students normally undertake 24 units of courses each semester.
Non - award study Study that does not lead to the award of a degree, diploma, or certificate, but consists of a course or work requirement that may be at undergraduate or graduate coursework level. [Not e: non- award study does not include studies undertaken on a non- award basis within the meaning of HES Act.]
Credit The granting of credit is an evaluation process that assesses the individual's prior formal, non- formal, and informal learning to determine the extent to which the individual has achieved the required learning outcomes, competency outcomes, or standards for entry to, and/or partial or total completion of, a qualification.
Exemption Some students may be exempt from undertaking a compulsory c ourse for the program on the basis of previous completion of the course, or an equivalent course. However, a course of equivalent unit value must be substituted. An exempted course counts towards program requirements and satisfied pre- requisite requirement s for other courses but the unit value of the exempted course does not count towards the units taken towards the program.

Other terms can be found in the Student policies and procedures glossary

Updated:  1 November 2018/Responsible Officer:  Dean, CECS/Page Contact:  CECS Marketing