Cyber Security 1 - 2024 entry
| MODULE TITLE | Cyber Security 1 | CREDIT VALUE | 30 |
|---|---|---|---|
| MODULE CODE | ECM3437DA | MODULE CONVENER | Unknown |
| DURATION: TERM | 1 | 2 | 3 |
|---|---|---|---|
| DURATION: WEEKS | 0 | 11 | 0 |
| Number of Students Taking Module (anticipated) | 20 |
|---|
***DEGREE APPRENTICESHIP STUDENTS ONLY***
A cyber security analyst is responsible for the implementation, maintenance and support of the security controls that protect an organisation’s systems and data assets from threats and hazards. They ensure that security technologies and practices are operating in accordance with the organisation’s policies and standards to provide continued protection. They require a broad understanding of network infrastructure, software and data to identify where threat and hazard can occur. They are responsible for performing periodic vulnerability assessments to evaluate the organisation’s ongoing security posture and will provide visibility to management of the main risks and control status on an ongoing basis. They respond to security incidents and implement resolution activities across the organisation.
The aim of this module is to build on your skills and knowledge in cyber security principles and techniques and their application in the business context. The module focusses in particular on developing offensive or red team skills, otherwise known as ethical hacking or penetration testing knowledge and skills. These are crucial elements of risk management and assurance lifecycles.
On successful completion of this module, you should be able to:
Module Specific Skills and Knowledge:
1. Analyse and evaluate security threats and vulnerabilities to planned and installed information systems or services;
2. Perform security risk assessments for a range of information systems and propose solutions;
3. Perform a business impact analysis proactively or reactively in response to a security incident;
4. Research and investigate common and emerging attack techniques;
5. Identify and analyse potential evidence artefacts for intrusion detection and incident response purposes;
6. Select and use appropriate security testing tools and techniques to provide cyber security audit or assurance of security controls.
Discipline Specific Skills and Knowledge:
7. Principles of cyber security tools and techniques;
8. Principles of quantitative and qualitative risk management theory including the role of risk stakeholders;
9. Concepts and approaches to cyber security assurance;
10. Key legislative frameworks and the regulatory landscape for cyber security including Data Protection Act 2018, Network Information System Directive 2018, Regulation of Investigatory Powers Act 2000, ISO 27001;
11. Ethical principles and codes of good practice of at least one significant cyber security professional body and the ethical responsibilities of a cyber security professional;
12. Principles of common security architectures and methodologies;
13. Approaches to deployment of cyber security technology components in digital systems to provide security functionality. For example hardware and software to implement security controls;
14. Discover, identify and analyse security threats, attack techniques and vulnerabilities and recommend mitigation and security controls;
15. Undertake security risk assessments for complex systems without direct supervision and propose a remediation strategy relevant to the context of the organisation;
16. Recommend improvements to the cyber security approaches of an organisation based on research into future potential cyber threats and considering threat trends;
18. Use appropriate cyber security technology, tools and techniques in relation to the risks identified.
Personal and Key Transferable/ Employment Skills and Knowledge:
19. Has a strong work ethic and commitment in order to meet the standards required;
20. Reliable, objective and capable of both independent and team working;
21. Acts with integrity with respect to ethical, legal and regulatory requirements ensuring the protection of personal data, safety and security;
23. Interacts professionally with people from technical and non-technical backgrounds. Presents data and conclusions in an evidently truthful, concise and appropriate manner;
25. Maintains awareness of trends and innovations in the subject area, utilising a range of academic literature, online sources, community interaction, conference attendance and other methods which can deliver business value;
26. Champions diversity and inclusion in their work ensuring that digital technology solutions are accessible.
• Typical security hazards that may concern an organisation
| Scheduled Learning & Teaching Activities | 22 | Guided Independent Study | 128 | Placement / Study Abroad | 0 |
|---|
| Category | Hours of study time | Description |
| Scheduled learning and teaching activities | 18 | Online learning activity, including virtual workshops, synchronous and asynchronous virtual lectures and other e-learning. |
| Scheduled learning and teaching activities | 2 | Lectures |
| Scheduled learning and teaching activities | 2 | Group workshops |
| Guided independent study | 128 | Coursework, exam preparation and self-study |
| Form of Assessment | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|
| Contribution to class discussion | N/A | 1-26 | Verbal |
| Coursework | 60 | Written Exams | 40 | Practical Exams | 0 |
|---|
| Form of Assessment | % of Credit | Size of Assessment (e.g. duration/length) | ILOs Assessed | Feedback Method |
|---|---|---|---|---|
| Security controls implementation | 60 | 3,000 words | 1-26 | Written |
| Written exam | 40 | 2 hours | 1-26 | Written |
| Original Form of Assessment | Form of Re-assessment | ILOs Re-assessed | Time Scale for Re-assessment |
|---|---|---|---|
| Security controls implementation (60%) | Security controls implementation | 1-15 | Completed over summer with a deadline in August |
| Written exam (40%) | Written exam (2 hours) | 1-15 | Referral/deferral period |
Deferral – if you miss an assessment for certificated reasons judged acceptable by the Mitigation Committee, you will normally be deferred in the assessment. The mark given for a re-assessment taken as a result of deferral will not be capped and will be treated as it would be if it were your first attempt at the assessment.
Referral – if you have failed the module overall (i.e. a final overall module mark of less than 40%) you may be required to sit a referral. The mark given for a re-assessment taken as a result of referral will be capped at 40%.
information that you are expected to consult. Further guidance will be provided by the Module Convener
ELE: https://ele.exeter.ac.uk
Reading list for this module:
| Type | Author | Title | Edition | Publisher | Year | ISBN |
|---|---|---|---|---|---|---|
| Set | Stewart, J. M., Chapple, M., Gibson, D. | CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide | 7th | Sybes | 2015 | 978-1119042716 |
| Set | Graham, J.. Howard, R., Olson, R. | Cyber Security Essentials | 1st | CRC Press | 2011 | 9781439851234 |
| Set | Pfleeger, C. P., Pfleeger, S. L., Margulies, J | Security in Computing | 5th | Prentice Hall | 2015 | 978-0-13-408504-3 |
| CREDIT VALUE | 30 | ECTS VALUE | 15 |
|---|---|---|---|
| PRE-REQUISITE MODULES | None |
|---|---|
| CO-REQUISITE MODULES | None |
| NQF LEVEL (FHEQ) | 6 | AVAILABLE AS DISTANCE LEARNING | No |
|---|---|---|---|
| ORIGIN DATE | Thursday 14th March 2024 | LAST REVISION DATE | Thursday 14th March 2024 |
| KEY WORDS SEARCH | Cyber, Security |
|---|
Please note that all modules are subject to change, please get in touch if you have any questions about this module.
