Cyber Security 2 - 2024 entry
| MODULE TITLE | Cyber Security 2 | CREDIT VALUE | 30 |
|---|---|---|---|
| MODULE CODE | ECM3445DA | MODULE CONVENER | Unknown |
| DURATION: TERM | 1 | 2 | 3 |
|---|---|---|---|
| DURATION: WEEKS | 12 | 0 | 0 |
| Number of Students Taking Module (anticipated) | 15 |
|---|
DESCRIPTION - summary of the module content
A cyber security analyst is responsible for the implementation, maintenance and support of the security controls that protect an organisation’s systems and data assets from threats and hazards. You ensure that security technologies and practices are operating in accordance with the organisation’s policies and standards to provide continued protection. You require a broad understanding of network infrastructure, software and data to identify where threat and hazard can occur. You are responsible for performing periodic vulnerability assessments to evaluate the organisation’s ongoing security posture and will provide visibility to management of the main risks and control status on an ongoing basis. You will carry out intrusion detection, incident response and intelligence-led investigation and analysis within a security operations centre capacity.
Pre-requisite ECM3437DA Cyber Security 1
AIMS - intentions of the module
The aim of this module is to further develop your skills and knowledge in cyber security principles and techniques and their application in the business context. This module will focus on the blue team, defensive knowledge and skills such as security operations, strategic management and governance of security, and enhancing security culture.
INTENDED LEARNING OUTCOMES (ILOs) (see assessment section below for how ILOs will be assessed)
On successful completion of this module you should be able to:
Module Specific Skills and Knowledge
1. Analyse and evaluate security threats and vulnerabilities to planned and installed information systems or services and identify how these can be mitigated against
2. Perform security risk assessments for a range of information systems and propose solutions
3. Develop a security case against recognised security threats, and recommend mitigation, security controls and appropriate processes.
4. Define and justify a user access policy for an information system given knowledge of the system architecture, security requirements and threat/risk environment. This should be in terms of what they can do, resources they can access, and operations they are allowed to perform
5. Perform a business impact analysis in response to a security incident and follow a disaster recovery plan to meet elements of a given business continuity policy
6. Conduct a range of cyber security audit activities to demonstrate security control effectiveness
7. Research and investigate common and emerging attack techniques and recommend how to defend against them
8. Identify and follow organisational security policies and standards and implement security processes in line with policies and standards
9. Analyse security requirements including functional and non-functional security requirements that may be presented in a security case.
Discipline Specific Skills and Knowledge
10. Principles of cyber security tools and techniques.
11. Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018 , Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001.
12. Approaches to incident response and management including escalation and investigation of cyber security breaches and their root cause.
13. Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional.
14. Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example hardware and software to implement security controls.
15. Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls.
16. Manage cyber security risk.
17. Use appropriate cyber security technology, tools and techniques in relation to the risks identified.
18. Lead cyber security awareness campaigns and evaluate their effectiveness.
19. Analyse cyber security requirements against other design requirements for systems or products, identify conflicting requirements and recommend appropriate solutions with clear explanation of costs and benefits.
20. Lead the design and build of systems in accordance with a security case to address organisational challenges.
Personal and Key Transferable / Employment Skills and Knowledge
21. Has a strong work ethic and commitment in order to meet the standards required.
22. Reliable, objective and capable of both independent and team working.
23. Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security.
24. Commits to continuous professional development; maintaining their knowledge and skills in relation to developments in digital and technology solutions that influence their work.
25. Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner.
26. Participates in and shares best practice in their organisation, and the wider community for aspects relevant to digital and technology solutions.
27. Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value.
28. Champions diversity and inclusion in their work ensuring that digital technology solutions are accessible.
SYLLABUS PLAN - summary of the structure and academic content of the module
Cyber security in practice
• Cyber security culture in organisations; contribution to risk
• Case studies in cyber security
Responding to security incidents
• Intrusion detection systems, honeypots, etc.
• Analysing a security incident
• Using logs and audit trails to reconstruct an attack
• Following a disaster recovery plan to provide business continuity
Developing security risk management, strategy and governance
• The different approaches to risk treatment and management in practice
• Developing a security case against recognised security threats
• Defining and justifying a user access policy for an information system
• Recommending mitigation, security controls and appropriate processes
• Incident Response, Digital Forensics, Business Continuity, Disaster recovery process considerations
Exploring additional security controls
• Backups
• Email protection and filtering
• Preventing physical intrusions
Demonstrating security control effectiveness
• Cyber security audit; reviewing capabilities, resources and permitted operations
• Penetration testing and ethical hacking; contribution to assurance
LEARNING AND TEACHING
LEARNING ACTIVITIES AND TEACHING METHODS (given in hours of study time)
| Scheduled Learning & Teaching Activities | 22 | Guided Independent Study | 128 | Placement / Study Abroad | 0 |
|---|
DETAILS OF LEARNING ACTIVITIES AND TEACHING METHODS
| Category | Hours of study time | Description |
| Scheduled learning and teaching activities | 18 |
Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning. |
| Scheduled learning and teaching activities | 2 | Lectures |
| Scheduled learning and teaching activities | 2 | Group workshops |
| Guided independent study | 128 | Coursework, exam preparation and self-study |
ASSESSMENT
FORMATIVE ASSESSMENT - for feedback and development purposes; does not count towards module grade
| Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|
| Contribution to class discussion | N/A | 1-26 | Verbal |
SUMMATIVE ASSESSMENT (% of credit)
| Coursework | 60 | Written Exams | 40 | Practical Exams | 0 |
|---|
DETAILS OF SUMMATIVE ASSESSMENT
| Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|---|
| Threat/incident analysis assignment | 60 | 3,000 words | 1-26 | Written |
| Written Exam | 40 | 2 hours | 1-20 | Written |
DETAILS OF RE-ASSESSMENT (where required by referral or deferral)
| Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
|---|---|---|---|
| Threat/incident analysis assignment (60%) | Threat/incident analysis assignment | 1-26 | Completed over summer with a deadline in August |
| Written Exam (40%) | Written Exam (2 hours) | 1-26 | Referral/deferral period |
| 1-26 |
RE-ASSESSMENT NOTES
Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.
Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.
RESOURCES
INDICATIVE LEARNING RESOURCES - The following list is offered as an indication of the type & level of
information that you are expected to consult. Further guidance will be provided by the Module Convener
information that you are expected to consult. Further guidance will be provided by the Module Convener
ELE: https://ele.exeter.ac.uk
Reading list for this module:
| Type | Author | Title | Edition | Publisher | Year | ISBN |
|---|---|---|---|---|---|---|
| Set | Pfleeger, C. P., Pfleeger, S. L., Margulies, J | Security in Computing | 5th | Prentice Hall | 2015 | 978-0-13-408504-3 |
| Set | Graham, J.. Howard, R., Olson, R. | Cyber Security Essentials | 1st | CRC Press | 2011 | 9781439851234 |
| Set | Stewart, J. M., Chapple, M., Gibson, D. | CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide | 7th | Sybes | 2015 | 978-1119042716 |
| CREDIT VALUE | 30 | ECTS VALUE | 15 |
|---|---|---|---|
| PRE-REQUISITE MODULES | ECM3437 |
|---|---|
| CO-REQUISITE MODULES |
| NQF LEVEL (FHEQ) | 6 | AVAILABLE AS DISTANCE LEARNING | No |
|---|---|---|---|
| ORIGIN DATE | Friday 22nd January 2016 | LAST REVISION DATE | Thursday 14th March 2024 |
| KEY WORDS SEARCH | Cyber Security |
|---|
Please note that all modules are subject to change, please get in touch if you have any questions about this module.
