The development of Information Security as a discipline has only occurred in recent years. Currently Information Security topics are widely taught at tertiary institutions but these topics are taught from a technical perspective and in other cases from a business perspective. This paper discusses the development of a new security curriculum within Australia and how Australian tertiary institutions responded to that curriculum, the paper also puts forwards a framework that assists in curriculum development.