Advanced Diploma of Information Technology (E-Security)


This qualification provides the skills and knowledge for an individual to manage complex and high-level ICT security systems and components. The qualification has a robust ICT technical base with appropriate security units aligned to the Certified Information Systems Security Professional (CISSP) and the IT Security Essential Body of Knowledge (EBK).

CISSP is an independent information security certification governed by the International Information Systems Security Certification Consortium (ISC).

EKB is a Competency and Functional Framework for IT Security Workforce Development. The EBK characterises the IT security workforce and provides a national baseline representing the essential knowledge and skills that IT security practitioners should have to perform specific roles and responsibilities.

The US Department of Homeland Security's (DHS), National Cyber Security Division worked with subject matter experts from government, the private sector, and academia to develop an umbrella framework that establishes a national baseline representing the essential knowledge and skills IT security practitioners must have to perform their jobs. The IT Security EBK builds directly on established work and is not intended to represent a standard, directive, or policy by DHS. Instead, it further clarifies key IT security terms and concepts for well-defined competencies, identifies notional security roles, and defines primary functional perspectives to help advance the IT security training and certification landscape as we strive to ensure that we have the most qualified and appropriately trained IT security workforce possible.

In previous versions of the ICA05 Training Package, the security of networks and systems was a priority and a number of units in the areas of risk management, websites and privacy were developed. These have been included in Advanced Diploma core along with several more traditional Property Services security units. A number of server, network and interface electives are offered to allow a further level of specialisation as required. The facility for selecting electives from ICA05 and other Training Packages enables other ICT oriented skill areas (e.g. programming or database development) or broader business units to be included.

New units relating to e-security have been added at AQF level 4 that complement and extend security as a more holistic approach throughout the 'systems life cycle'. A new unit, ICAS6254A Manage IT security, has been added to the core units at the AQF level 6 to provide a holistic approach to management of e-security.

Consideration should be given to selecting these units as electives where they are relevant to workplace roles.

This qualification also provides a logical next step as a capstone qualification for ICT Diploma graduates particularly those that have progressed through the networking stream and AQF 3 to AQF 5 pathway. This qualification is particularly relevant to those that have developed technical specialisations in networking but an emphasis on the E-security units at the Diploma level. It is also possible to transition from other Diploma qualifications (e.g. Software Development or Systems Analysis and Design or Website development or General) if an appropriate selection of electives have been chosen especially with a focus on the E-security units.


An appropriate pathway for this qualification is from the ICA50408 Diploma of Information Technology (Networking)

Job Roles

Possible job titles include:

Database Security Expert

E-risk Manager

E-security Specialist

ICT Security Consultants

ICT Security Specialist

Information Risk Manager (IRM)

Internal Computer Audit Specialist

IT Security Analyst/Engineer

IT Security Specialist

Lead Security Analyst

Security Engineer

Senior Software Engineer (Security)

Systems Security Analyst

Web Security Administrator


Qualification structure

To attain the ICA60308 Advanced Diploma of Information Technology (E-security) 17 units must be achieved:

12 core units; plus

5 elective units

Achieve 12 Core Units


add topic ICAA5056B Prepare disaster recovery and contingency plans

add topic ICAA6052B Design an IT security framework

add topic ICAA6053B Design system security and controls

add topic ICAB5159C Build a security shield for a network

add topic ICAB5237B Build a high performance security perimeter

add topic ICAB5238B Build a highly secure firewall

add topic ICAI5152B Implement risk management processes

add topic ICAI5252A Develop, implement and evaluate an incident response plan

add topic ICAI5250A Develop, implement and evaluate system and application security

add topic ICAS5192B Configure an internet gateway

add topic ICAS6254A Manage IT security

add topic PSPPM601B Direct complex project activities

Achieve 3 elective units chosen from the ICA60308 electives list below which have not previously counted in a Diploma qualification


add topic ICAA5044C Develop system infrastructure design plan

add topic ICAD5092C Update and document operational procedures

add topic ICAI5098C Install and manage complex networks

add topic ICAI5100C Build an internet infrastructure

add topic ICAI5176C Install and configure router

add topic ICAI5196C Implement secure encryption technologies

add topic ICAI5197C Install and maintain valid authentication processes

add topic ICAI5253A Implement and evaluate systems for regulatory and standards compliance

add topic ICAI6187B Implement change management processes

add topic ICTTC168A Design and implement an enterprise VoIP&Unified Communications

add topic PRSSM504A Prepare security risk management plan

add topic PRSTS301A Identify technical security requirements

Achieve 2 elective units chosen from the following sources, which have not previously counted in a Diploma qualification (listed in recommended order)

ICA60308 electives list; and/or

ICA05 Information and Communications Technology Training Package or BSB07 Business Services Training Package at Diploma or Advanced Diploma; and/or

any other Training Package at Advanced Diploma (to a maximum of 2 units) based on documented industry or enterprise needs


    Not Applicable

Entry Requirements

Not Applicable

Licensing Information

Not Applicable

Employability Skills

Employability skills summary

ICA60308 Advanced Diploma of Information Technology (E-security)

The following table contains a summary of the employability skills required for a Security Consultant. The employability skills facets described here are broad industry requirements that may vary depending on qualification packaging options.

Employability skill

Industry requirements for this qualification include:


articulating complex security scenarios in a clear, concise manner relevant to all levels of the organisation

documenting information related to attacks, threats, risks and controls in a security plan

using report writing skills for business requiring depth in some areas, and analysis and evaluation of information in a defined range of areas, for example when documenting recommendations for improvement and referring them to appropriate technical specialists


managing group facilitation and presentation skills in relation to transferring and collecting information, for example when senior management and auditor approval is obtained for the design of the controls

reviewing the security strategy with security approved key stakeholders

Problem Solving

developing controls and contingencies to alleviate security threats

taking corrective action on system implementation breakdowns

using problem-solving skills for an evolving complex scenario of security threats

Initiative and Enterprise

developing new criteria, applications, knowledge and procedures

generating ideas at an abstract level through the analysis of information and concepts

identifying and applying skill and knowledge areas to a wide variety of contexts, with depth in some areas

Planning and Organising

developing security plans

planning for controls and contingencies when designing an IT security framework


having accountability and responsibility for self and others in achieving workplace outcomes

taking responsibility for own outputs in relation to broad quantity and quality parameters


having knowledge of current industry accepted hardware and software products, including broad knowledge of security features and capabilities


identifying technology needs, sourcing, purchasing, installing, configuring and testing components including software and hardware

using technological capability assessment skills involving analysis, diagnosis and evaluation, for example when evaluating various products against architecture requirements to determine the best IT solution, and for estimating current and future capacity requirements and evaluating against client's future requirements