IY3U001 - Secure Operations and Incident Management 01 Sep 2023 - 31 Aug 2028 | Version 1
Associated Module Information
| Module Code: | IY3U001 | ||
|---|---|---|---|
| Module Title: | Secure Operations and Incident Management | ||
| Faculty: | Faculty of Computing, Engineering and Science | ||
| Faculty Group: | Computing and Mathematics | ||
| Faculty Sub Group: | Cyber Security | ||
| Module Leader: | Arun Kumar | ||
| Module Team: | Peter Eden, Richard Ward, Joshua Richards, Sharan Johnstone, Emma Derbi, Andrew Bellamy, Beth Jenkins, Mamoun Qasem, Rachael Medhurst, Madhu Khurana, Nisha Rawindaran | ||
| First Intended Intake: | AUG 2027 | Final Year of Intake: | 2027 |
| Date Closed: | |||
| Credit Value: | 30 | Credit Level: | 6 |
| Language: | English | ||
| Percentage of Module Taught in Welsh: | 0 | ||
| Equivalent Module: | |||
| HECOS codes: | 100365 - computer networks | 100376 - computer and information security | 100385 - computer forensics |
| HECOS Code Weighting: | 20 | 50 | 30 |
Document Version Information
| Version | 1 |
|---|---|
| Valid From | 01 Sep 2023 |
| Valid To | 31 Aug 2028 |
Module Aims
To provide technical knowledge of the concepts associated with cyber security monitoring, and incident detection, analysis and recovery.
Content Summary
- Employability, roles and preparation for industry
- Enterprise systems
- Principles of incident management and response and preparation. Incident response frameworks and standards NCSC / NIST / ISO/IEC 27035
- Threat landscape, CVEs and Frameworks Mitre Att&ck, Diamond Model and CKC
- DFIR and evidence collection, memory forensics
- SIEM and SOC, logging and monitoring. Splunk. Incident verification.
- Policy and Procedure
- BCP
- Penetration / Security
- Security Metrics
- Responding to an Incident
- Team roles, Developing your playbook
- Post incident analysis
Learning and Teaching Methods
| Activity Type | Hours |
|---|---|
| Lecture | 18 |
| Tutorial | 18 |
| Practical classes and workshops | 36 |
| Supervised time in studio/workshop | 8 |
| Independent Study | 80 |
| Directed Study | 72 |
| Formative Assessment - Scheduled | 10 |
| Formative Assessment - Independent | 10 |
| Active/Simulation Based | 6 |
| Groupwork | 18 |
| Interdisciplinary work | 4 |
| Problem / challenge based learning | 20 |
| Total Hours Selected | 300 |
Learning Outcomes
| # | Learning Outcome |
|---|---|
| LO1 | To demonstrate the tools and techniques involved in practical incident identification and handling. |
| LO2 | To apply knowledge and understanding of incident response principles to a given situation. |
Module Requisites
N/A
Assessment Criteria
| Assessment Category | Assessment Type | Description | Duration | Word Count | Weight (%) | Best of? | Pass Mark |
|---|---|---|---|---|---|---|---|
| Asynchronous Assessment | Field Folio 1 | Work containing a number of elements that are applicable to the theory and skills demonstrated in an Incident Response Simulation 30 minutes Playbook Creation 1500 WC Cyber Attack Report 1500 WC | 30 | 3000 | 100 | No | 40 |
Assessment Matrix
| Assessment Type | Learning Outcomes | ||
|---|---|---|---|
| LO1 | LO2 | ||
| Field Folio 1 | ✔ | ✔ | |