RATIONALE

Cyber attacks are increasing in frequency and diversity with hostile actors probing for vulnerabilities, cooperating to develop exploits, and deploying these on an industrial scale. Many organisations are essentially under continuous attack from multiple actors. Eternal vigilance through monitoring and logging is essential for reactive and proactive responses. Inevitably some attacks will be successful and effective actions are required to handle these incidents, limit breaches, and collect evidence for investigation. This module covers the preventive elements of systems monitoring, the reactive elements of incident response and follow up elements of cybercrime investigation

AIMS

The aims of the module are:

• To develop knowledge, analytical skills and intuitions to identify security anomalies from varied sources, and correlate these to discern actual security breaches
• To develop the skills required to successfully manage an incident response, including communication within the organisation and externally to relevant authorities
• To develop the skills and knowledge to undertake cyber forensics investigations under the appropriate legal and ethical framework

LEARNING OUTCOMES

On successful completion of this module, a student will be able to:

1. Demonstrate the ability to recognise anomalies, utilising their analysis and synthesis skills to infer and correlate from information gathered through multiple monitoring and logging sources
2. Demonstrate the ability to effectively manage an incident response, including effective communication with internal teams and external authorities, and the securing and preservation of evidence
3. Undertake a cyber investigation utilising appropriate cyber forensics techniques under the appropriate legal and ethical framework