Apply Now
Contact
Parent Programme
Bachelor in Computing (Level 7 NFQ)
NFQ Level & Reference
Level 7 / Ref: M3.10
Duration
12 Weeks X 3 Hours per week
MODULE TITLE
Cyber Security Defence & Operations
STAGE
Award
Module Credit Units
ECTS: 5

Cybersecurity Defence & Operations

Introduction Cybersecurity Defence & Operations

This Cybersecurity Defence & Operations module introduces the learner to core concepts and skills needed to monitor, detect, analyse and respond to internal and external security threats facing organisations. The module involves a practical application of the skills needed to maintain and ensure security operational readiness of secure networked systems.

Indicative Syllabus Content

Cybersecurity Defence & Operations (Elective)

Operating Systems and Networking Review

  • Windows OS Security Configuration
  • Linux OS Security Configuration
  • Ethernet
  • Internet Protocol IPv4/IPv6
  • ICMP / Connectivity verification / Command line tools
  • Address Resolution
  • Transport Layer and Network Services
  • Network Devices and Wireless Communications

Network Security Infrastructure

  • Network Topologies, Design Models and Common Security Architectures.
  • Firewalls, IDS, IPS and Specialised Security Devices
  • Network Security Services, ACL’s, SNMP, NetFlow, NTP, AAA and VPN.

Threat Actors, Their Tools, Common Threats and Attacks

  • Attack Methods and Tools
  • Malware Types, understanding behaviour and purpose
  • Reconnaissance, Access, and Social Engineering Attacks
  • Denial of Service, Buffer Overflows, and Evasion Methods.
  • Network Monitoring Methods and Tools

Attacking the Foundation and What We Do

  • IPv4 and IPv6 header structure.
  • IP Vulnerabilities.
  • TCP and UDP Vulnerabilities.
  • IP Service Vulnerabilities.
  • Enterprise Service and Application Vulnerabilities

Approaches to Network Security Defence and Access Control.

  • Defence-in-depth strategy and how it is used to protect networks.
  • Security Policies, Regulations, and Standards.
  • How access control protects network data.
  • AAA Usage and Operation

Threat Intelligence

  • Network Intelligence Communities, SANS, Mitre, (ISC)2.
  • Threat Intelligence Services, Cisco Talos, Fireye.
  • Common Vulnerabilities and Exposures (CVE) Database.

Cryptography

  • Using Cryptography to ensure Integrity and Authenticity of data.
  • Enhancing Data Confidentiality using cryptographic approaches.
  • Public Key Cryptography.
  • Authorities and the PKI (Public Key Infrastructure) Trust System.
  • Applications and Impacts of Cryptography in Cybersecurity Operations.

Endpoint Protection and Vulnerability Assessment

  • Antimalware Protection and Mitigation
  • Host-based Intrusion Prevention/Detection Services
  • Application Security and Malware Analysis using a sandbox.
  • Network and Server Profiling
  • Common Vulnerability Scoring System (CVSS)
  • Secure Device Management
  • Information Security Management Systems

Technologies and Protocols

  • Monitoring and Behaviour of Common Network Protocols
  • Security Technologies and how they affect the ability to monitor common network protocols.

Network Security Data and Alert Evaluation

  • Network Intrusion Detection Systems (NIDS), Snort, Squil and Squert
  • Host-based Intrusion Detection Systems (HIDS), OSSEC and Wazuh.
  • Network Packet Capture and Analysis tools.
  • Alert Structure and Source.
  • Alert Evaluation and Classification

Working with Network Security Data

  • Elastic Stack ELK, Data Normalisation, Reduction and Archiving.
  • Using Security Onion tools to investigate network data and security events.
  • Workflow Management Tools for the Cybersecurity Analyst.

Digital Forensics, Incident Analysis and Response

  • Evidence Handling and Attack Attribution.
  • The Cyber Kill Chain.
  • The Diamond Model of Intrusion Analysis.
  • Incident Response Life Cycle, Incident Handling Procedures and their application

Minimum Intended Learning Outcomes (MIMLOs)

Upon successful completion of this module, the learner should be able to:
MIMLO 1
Demonstrate knowledge of the components and concepts of information and data security including confidentiality, integrity and availability.
MIMLO2
Appraise the secure operation of common IT infrastructures and services.
MIMLO3
Classify the various types of cyber-attacks and the methodologies used.
MIMLO4
Use various methods to both prevent and detect malicious access to IT infrastructures
MIMLO5
Ensure business continuity by adhering to recommended standards of secure operations.

Assessment

MIMLOs
Assessment
Percentage
1, 2, 3, 4, 5
CA 1, CA2: Practical Lab Work
Total 100%
CA 3: In-Class Theory Test/CA 4: Simulated Case Study
All Assessments

Reassessment Opportunity

Where the combined marks of the assessment and examination do not reach the pass mark the learner will be required to repeat the element of assessment that they failed. Reassessment materials will be published on Moodle after the Examination Board Meeting and will be aligned to the MIMLOs and learners will be capped at 40% unless there are personal mitigating circumstances.

Aims & Objectives

This Cybersecurity Defence & Operations module will ensure learners meet the following objectives:

  • Understand the key concepts of information security, incident response and risk management.
  • Investigate the requirements to ensure confidentiality integrity and availability of IS and related components.
  • Awareness of key threats to IS and related components.
  • Apply standards and compliance recommendations in defending against and responding to security incidents and threats
[TheChamp-Sharing]
APPLY NOW
Top